SCIM API
The SCIM API provides SCIM 2.0 protocol endpoints for user provisioning from identity providers.
Quick Navigation
Overview
This module provides:
- SCIM 2.0 compliant user provisioning
- User lifecycle management (create, read, update, delete)
- Group management (placeholder)
- Service provider configuration
- Schema discovery
Base Path
All SCIM endpoints are prefixed with /scim/v2
Authentication
All endpoints require SCIM bearer token authentication:
Authorization: Bearer <scim_bearer_token>
Accept: application/scim+json
SCIM Flow
The SCIM API enables automated user provisioning and synchronization between identity providers and the system. The system supports SCIM 2.0 protocol for seamless integration with identity management systems.
SCIM Flow Diagram
View Flow Diagram
SCIM Flow Overview:
This flow diagram illustrates the SCIM 2.0 user provisioning workflow. It shows how identity providers provision users, how user data is synchronized, and how SCIM discovery and configuration work.
Key Flow Components:
- SCIM Authentication: Bearer token authentication with organization-scoped access for secure API communication
- User Provisioning: Identity providers create users via SCIM endpoints with schema validation and attribute mapping
- User Synchronization: Bidirectional sync between identity providers and system for user updates and changes
- Full User Updates: Complete user replacement via SCIM PUT operations with all attributes updated
- Partial User Updates: Incremental updates via SCIM PATCH operations with add, remove, and replace operations
- User Deactivation: User removal and account deactivation via SCIM DELETE operations
- SCIM Discovery: Service provider configuration, schema discovery, and resource type information for integration
- Filtering and Pagination: SCIM-compliant filtering and pagination for efficient user list management
Internal Developer Notes:
- SCIM bearer tokens are organization-specific and must be configured per organization
- All user operations comply with SCIM 2.0 protocol specifications
- Schema validation ensures data consistency and compliance
- Filtering and pagination support efficient large-scale user management
- Groups endpoint is placeholder for future implementation
Endpoints
| Method | Endpoint | Description |
|---|---|---|
| GET | /Users | List users |
| GET | /Users/{user_id} | Get user by ID |
| POST | /Users | Create user |
| PUT | /Users/{user_id} | Replace user |
| PATCH | /Users/{user_id} | Partial update user |
| DELETE | /Users/{user_id} | Delete user |
| GET | /Groups | List groups |
| GET | /ServiceProviderConfig | Service provider configuration |
| GET | /Schemas | Available schemas |
| GET | /ResourceTypes | Resource types |
Internal Notes
- All endpoints are fully implemented
- SCIM bearer tokens are organization-specific
- Supports filtering and pagination
- Groups endpoint returns empty (not yet implemented)
Swagger Documentation
Interactive API documentation available at: /docs#/scim