Skip to main content

Understanding the SCIM Implementation

Gregory Claeyssens avatar
Written by Gregory Claeyssens
Updated over a week ago

Before provisioning and managing users with SCIM, get familiar with the StoryChief SCIM implementation. For example, see the available services and schema and learn about supported resource types, roles, and groups.

πŸ’‘ Available in StoryChief Enterprise Plans

Query the following endpoints to learn about the SCIM implementation.

SCIM Endpoint

Description

Supported

Request the capabilities of the StoryChief SCIM implementation.

Read: GET

Introspect resources and attribute extensions.

Read: GET

Discover the types of resources available, such as Users and Groups.

Read: GET

Authentication

Authentication is with a Bearer token, which is specific to a single workspace. This means all requests made with a single token are to a specific workspace.

Creating a user, will create a user and assign it to the workspace in question

Deleting/deactivating a user will remove access for that user to the specific workspace in question.

Supported Filters

Only the filters listed below are supported. Expect an error of the type invalidFilter in case of other fields or operators.

  • Users

    • userName eq "scim@example.com"

    • active eq true | false

User roles

Roles are a complex property on users. When creating or updating users you can send over multiple roles, but the API will only map the very first role.
The allowed values are any of the system roles: 'owner', 'admin', 'writer', 'guest', 'client'. Or a custom role.

Expect an error of the type invalidValue if a non-existent role is sent.

The role owner can only be assigned to a single user per workspace.

Expect an error of the type uniqueness if a second user is assigned the role owner.

userName and emails

The userName is expected to be a valid and unique email address.

Expect an error of the type invalidValue if userName is not a valid email address.

Expect an error of the type uniqueness when creating a user with a non-unique userName.

Users only have 1 email address in StoryChief. Considering the userName is already expected to be a valid and unique email address, the SCIM implementation ignores the emails property.

Did this answer your question?