Getting Started with the SCIM v2 API

Introduction

SCIM (System for Cross-Domain Identity Management) is an open standard that facilitates the automation of user provisioning. Most identity management systems include an out-of-the-box solution for integrating with a SCIM API, allowing you to manage your PrecisionLender users directly from your primary user management system.

More information about SCIM can be found here.

Security & Authentication

Authentication for the SCIM v2 API follows the same practices as all other PrecisionLender APIs. Documentation can be found here.

All calls to the SCIM v2 API require the service user to have the User Management permission.

If your identity provider does not allow you to provide the required ClientId header...

…you can append the ClientId, colon-separated, to your Basic Auth username instead.

Username: <ServiceUserName>:<ClientId>
Password: <ServiceUserKey>

Support

PrecisionLender’s SCIM v2 API supports only a relevant subset of SCIM operations and resources. While full details about supported operations, resources, and schemas, can be retrieved using the Service Provider Configuration endpoints, below are some key points regarding our implementation of the SCIM specification.

The PrecisionLender SCIM v2 API…

  • …does not support the “Group” resource.

  • …does not perform any password management.

  • …supports filtering only on an exact-match of the username property (e.g. ?filter=username eq username@precisionlender.com)

  • …supports the PATCH User endpoint strictly for updating the active property. For all other updates, use the PUT User endpoint.

  • …does not support the deletion of users. The DELETE operation can be used (as an alternative to the PUT or PATCH operations) to deactivate a user.