SCIM Overview
What is SCIM?
SCIM (System for Cross-domain Identity Management) is a protocol standard that Kojo implements that allows you to manage your users on our platform. It is a RESTful API that is supported by various identity providers (IdPs).
Authentication
Authentication works identically to the rest of the Kojo API. Please see the Authentication page for more information.
Support
Kojo implements a subset of the SCIM resources defined in RFC 7643 Section 4. The table below lists those that are supported and those that are not.
| Resource | Methods | Supported |
|---|---|---|
| /Users | GET, POST | ✅ |
| /Users/:id | GET, PUT, PATCH, DELETE | ✅ |
| /Me | GET, POST, PUT, PATCH, DELETE | ❌ |
| /Groups | GET, POST, PUT, PATCH, DELETE | ❌ |
| /ServiceProviderConfig | GET | ✅ |
| /ResourceTypes | GET | ✅ |
| /Schemas | GET | ✅ |
| /Bulk | POST | ❌ |
| /.search | POST | ❌ |
| ?filter (see the note below) | GET | ❌ |
Note on filtering
Filtering is generally not supported, however, we support a special case of filtering the Users endpoint by userName, e.g. ?filter=userName eq "myemail@contractor.com".
Responses
Responses from Kojo's SCIM API will always set the Content-Type header to application/scim+json, as per RFC 7644 Section 3.1.
Errors
We use the official urn:ietf:params:scim:api:messages:2.0:Error schema defined in RFC 7644 Section 3.12.
Thus, errors from our API will look similar to the following:
{
"detail": "Resource clcazaz0q0000vssb0x4t7sbc not found",
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error"
],
"status": "404"
}