SSO with SCIM
Role Management with SCIM API for your SSO implementation.
SCIM, also known as the System for Cross-domain Identity Management, is an open-standard enabling automated user provisioning. The Snapdocs SCIM API is based on version 2.0 of the SCIM protocol.
Snapdocs SCIM Service Provider
Our SCIM service provider follows the SCIM 2.0 API as described in RFCs 7643 and 7644. You do not need to implement all aspects of the SCIM 2.0 specification to integrate your user information with Snapdocs. This document describes the features from the specification available for an integration with Snapdocs.
Authentication
To integrate with Snapdocs SCIM API, IDP service will need to set up OAuth 2.0 authentication where access token is used for connection.
| Name | Description |
|---|---|
| Authentication Type | 0Auth2 |
| Grant Type | Client Credentials |
| Host URL | the url to our authentication service |
| Client Id | client id |
| Client Secret | client secret |
Host
| Environment | URL |
|---|---|
| Test | https://login.demo-eks.snpd.io/oauth/token |
| Production | https://login.snpd.io/oauth/token |
To verity the credentials, you can use below command
curl --request POST 'https://login.demo-eks.snpd.io/oauth/token' \
--header 'Content-Type: application/json' \
--data-raw '{
"grant_type": "client_credentials",
"client_id": "CLIENT ID",
"client_secret": "CLIENT SERCRET",
"audience": "https://api.*.snpd.io"
}'
With correct client credentials, expected response code is 200 (OK), with JSON response body, for example:
{
"access_token": "...",
"scope": "scim:group:delete scim:info scim:group:read scim:user:write scim:user:read scim:group:write",
"expires_in": 7200,
"token_type": "Bearer"
}
Supported resources
The Snapdocs service provider supports the following SCIM resources:
- Group
- We do not support the creation of Groups. Upon the first call to the Groups resource, they will be created for you.
- User
- A User cannot be a member of more than one group.
- Schema
Bulk operations are not supported. For more information on how the RFC describes the resource endpoints, see RFC 7644 SCIM Protocol Specification.
Schemas
Snapdocs uses a subset of the available fields in the SCIM core schema. Other SCIM fields are ignored if they are included in incoming requests. The fields used by Snapdocs are:
Group
| SCIM field name | Description |
|---|---|
| displayName | Name of the group |
| members | List of users in the group |
User
| SCIM field name | Description |
|---|---|
| userName | Required. Unique identifier for the user within Snapdocs’ system. Use the user’s email address |
| name.familyName | Required. Last name of the user. |
| name.givenName | Required. First name of the user. |
| emails | List of Email address of the user. |
| phoneNumbers | List of phone numbers |
| externalId | Unique identifier for the user used by your system. |
| active | Required. Boolean indicating whether or not the user should be active or inactive within Snapdocs. |
| groups | List of groups to which the user belongs. |
Updated 10 months ago