Skip to content

scim.md

Latest commit

 

History

History
149 lines (106 loc) · 4.38 KB

scim.md

File metadata and controls

149 lines (106 loc) · 4.38 KB
type reference, howto
stage Govern
group Authentication and Authorization
info To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments

SCIM API (PREMIUM ALL)

Introduced in GitLab 15.5.

GitLab provides an SCIM API that both implements the RFC7644 protocol and provides the /Users endpoint. The base URL is /api/scim/v2/groups/:group_path/Users/.

To use this API, Group SSO must be enabled for the group. This API is only in use where SCIM for Group SSO is enabled. It's a prerequisite to the creation of SCIM identities.

Not to be confused with the internal group SCIM API.

Get SCIM identities for a group

Introduced in GitLab 15.5.

GET /groups/:id/scim/identities

Supported attributes:

Attribute Type Required Description
id integer/string Yes The ID or URL-encoded path of the group

If successful, returns 200 and the following response attributes:

Attribute Type Description
extern_uid string External UID for the user
user_id integer ID for the user
active boolean Status of the identity

Example response:

[
    {
        "extern_uid": "4",
        "user_id": 48,
        "active": true
    }
]

Example request:

curl --location --request GET "https://gitlab.example.com/api/v4/groups/33/scim/identities" \
--header "PRIVATE-TOKEN: <PRIVATE-TOKEN>"

Get a single SCIM identity

Introduced in GitLab 16.1.

GET /groups/:id/scim/:uid

Supported attributes:

Attribute Type Required Description
id integer yes The ID or URL-encoded path of the group
uid string yes External UID of the user.

Example request:

curl --location --request GET "https://gitlab.example.com/api/v4/groups/33/scim/sydney_jones" --header "PRIVATE-TOKEN: <PRIVATE TOKEN>"

Example response:

{
    "extern_uid": "4",
    "user_id": 48,
    "active": true
}

Update extern_uid field for a SCIM identity

Introduced in GitLab 15.5.

Fields that can be updated are:

SCIM/IdP field GitLab field
id/externalId extern_uid 
PATCH /groups/:groups_id/scim/:uid

Parameters:

Attribute Type Required Description
id integer/string yes The ID or URL-encoded path of the group
uid string yes External UID of the user.

Example request:

curl --location --request PATCH "https://gitlab.example.com/api/v4/groups/33/scim/sydney_jones" \
--header "PRIVATE-TOKEN: <PRIVATE TOKEN>" \
--form "extern_uid=sydney_jones_new"

Delete a single SCIM identity

Introduced in GitLab 16.5.

DELETE /groups/:id/scim/:uid

Supported attributes:

Attribute Type Required Description
id integer yes The ID or URL-encoded path of the group.
uid string yes External UID of the user.

Example request:

curl --request DELETE --header "Content-Type: application/json" --header "Authorization: Bearer <your_access_token>" "https://gitlab.example.com/api/v4/groups/33/scim/sydney_jones"

Example response:

{
    "message" : "204 No Content"
}