Understanding the SCIM Implementation

Before provisioning and managing users with SCIM, get familiar with the StoryChief SCIM implementation. For example, see the available services and schema and learn about supported resource types, roles, and groups.

Query the following endpoints to learn about the SCIM implementation.

Authentication is with a Bearer token, which is specific to a single workspace. This means all requests made with a single token are to a specific workspace.

Creating a user, will create a user and assign it to the workspace in question

Deleting/deactivating a user will remove access for that user to the specific workspace in question.

Only the filters listed below are supported. Expect an error of the type invalidFilter in case of other fields or operators.

Roles are a complex property on users. When creating or updating users you can send over multiple roles, but the API will only map the very first role.
The allowed values are any of the system roles: 'owner', 'admin', 'writer', 'guest', 'client'. Or a custom role.

Expect an error of the type invalidValue if a non-existent role is sent.

The role owner can only be assigned to a single user per workspace.

Expect an error of the type uniqueness if a second user is assigned the role owner.

The userName is expected to be a valid and unique email address.

Expect an error of the type invalidValue if userName is not a valid email address.

Expect an error of the type uniqueness when creating a user with a non-unique userName.

Users only have 1 email address in StoryChief. Considering the userName is already expected to be a valid and unique email address, the SCIM implementation ignores the emails property.