Learn how to connect to Collaboard's SCIM endpoint and sync your AD users with Collaboard.
Introduction and SCIM scope
SCIM, or System for Cross-domain Identity Management is an open standard designed to manage user identity information. SCIM provides a defined schema for representing users and groups, and a RESTful API to run CRUD operations on those user and group resources.
The goal of SCIM is to securely automate the exchange of user identity data between your company's cloud applications and any service providers, such as enterprise SaaS applications.
For detailed information regarding SCIM, please look at https://scim.cloud/
Our Auth API server supports the SCIM specification by providing a SCIM API. Using the SCIM API, the client application can get and modify all the information available in auth.
All the API methods require authentication in order to be used, and the authentication token will provide the context of the calling user.
We support the entire SCIM scope listed at https://scim.cloud/ except Bulk: POST https://example.com/{v}/Bulk.
Find the supported SCIM methods in this document.
Setup process in a nutshell
- Homework: you need to configure your AD user provisioning
- define groups/ members/ etc.
- Determine which groups will get a license and thus become subscription members and which groups will contain free users without a license.
- create the provisioning application
- define groups/ members/ etc.
- Use the SCIM self-service to create an auth token and thus establish the SCIM connection
- Use the access token and the SCIM endpoint URL at your provisioning application to establish the connection with our SCIM endpoint.
- Continue with the Discovery chapter below.
Discovery
The SCIM endpoints are located under https://{AUTH_API_BASE_URL}/scim/v2
Environment | AUTH_API_BASE_URL |
WEB | https://api.collaboard.app/auth |
DE | https://de.collaboard.app/server/auth |
CH | https://ch-api.collaboard.app/auth |
The discovery endpoints of the SCIM API can be found in the following urls:
ServiceProviderConfig
Specification compliance, authentication schemes, data models.
Endpoint: GET https://{AUTH_API_BASE_URL}/scim/v2/ServiceProviderConfig
ResourceTypes
Returns the types of resources available.
Endpoint: GET https://{AUTH_API_BASE_URL}/scim/v2/ResourceTypes
Supported Methods
The IBV.Auth SCIM API supports the following methods:
Users
POST https://{AUTH_API_BASE_URL}/scim/v2/Users
GET https://{AUTH_API_BASE_URL}/scim/v2/Users/{id}
PUT https://{AUTH_API_BASE_URL}/scim/v2/Users/{id}
DELETE https://{AUTH_API_BASE_URL}/scim/v2/Users/{id}
PATCH https://{AUTH_API_BASE_URL}/scim/v2/Users/{id}
GET https://{AUTH_API_BASE_URL}/scim/v2/Users?filter={attribute}{operator}{value}&startIndex=1&count=10
- Supported attributes:
Username
,FirstName
,LastName
,Email
,PhoneNumber
- Supported operators:
eq
(equals),sw
(starts with),ew
(ends with),co
(contains) - Paging: Supported
- Sort: Not supported
Not supported
Groups
POST https://{AUTH_API_BASE_URL}/scim/v2/Groups
GET https://{AUTH_API_BASE_URL}/scim/v2/Groups/{id}
PUT https://{AUTH_API_BASE_URL}/scim/v2/Groups/{id}
DELETE https://{AUTH_API_BASE_URL}/scim/v2/Groups/{id}
PATCH https://{AUTH_API_BASE_URL}/scim/v2/Groups/{id}
GET https://{AUTH_API_BASE_URL}/scim/v2/Groups?filter={attribute}{operator}{value}&startIndex=1&count=10
- Supported attributes:
DisplayName
- Supported operators:
eq
(equals),sw
(starts with),ew
(ends with),co
(contains) - Paging: Supported
- Sort: Not supported
Not supported