About SCIM
Tines provides SCIM v2.0-compliant endpoints to enable synchronization with Identity Providers (IdPs) that support this standard.
Configuration
These endpoints are only available for tenants with plans that include the SCIM feature and what have been enabled SCIM (in the tenant's Authentication settings).
Endpoints
The base endpoint for SCIM operations (this is what needs to be configured in most IdPs) is https://<<META.tenant.domain>>/api/scim/v2
All endpoints expect the application/scim+json Content type.
| Verb | Path | Description |
|---|---|---|
GET |
/api/scim/v2/ServiceProviderConfig |
Show Configurations |
GET |
/api/scim/v2/ResourceTypes |
Index Resource Types |
GET |
/api/scim/v2/ResourceTypes/:name |
Show Resource Type |
GET |
/api/scim/v2/Schemas |
Index Schemas |
GET |
/api/scim/v2/Users |
Index Users |
GET |
/api/scim/v2/Users/:id |
Show User |
POST |
/api/scim/v2/Users |
Create User |
PUT |
/api/scim/v2/Users/:id |
Replace User |
PATCH |
/api/scim/v2/Users/:id |
Update User |
DELETE |
/api/scim/v2/Users/:id |
Disable User. Use the UI or this API endpoint to completely delete a user. |
GET |
/api/scim/v2/Groups |
Index Groups |
GET |
/api/scim/v2/Groups/:id |
Show Group |
POST |
/api/scim/v2/Groups |
Create Group |
PUT |
/api/scim/v2/Groups/:id |
Replace Group |
PATCH |
/api/scim/v2/Groups/:id |
Update Group |
DELETE |
/api/scim/v2/Groups/:id |
Destroy Group |
Authentication
Authentication for all endpoints follows the same scheme as the rest of the API (described in the Authentication section). Only API keys with tenant owner access can be used for SCIM.
Supported attributes
Users
| name | Type | Description |
|---|---|---|
userName |
string |
The username for the user. It must be the user's email. |
name.givenName |
string |
The first name of the user. |
name.familyName |
string |
The last name of the user. |
externalId |
string |
This identifier is generated by the IdP provider. |
id |
string |
Identifier generated by Tines. |
active |
boolean |
Whether the identity is active (true) or not (false). |
userType |
string |
"TENANT_OWNER" (also known as admin: true in the Tines API User schema) or "USER". |
groups |
ComplexType |
Array of groups this user belongs to. This field is immutable and must be changed by updating each Group's members. |
Groups
| name | Type | Description |
|---|---|---|
displayName |
string |
The username for the user. |
externalId |
string |
This identifier is generated by the IdP provider. |
id |
string |
Identifier generated by Tines. |
members |
ComplexType |
Array of Users and Groups that belong to this Group. |