Enable SCIM provisioning

RandomCoffee supports SCIM, allowing you to automate user provisioning and de-provisioning for your team.

You can efficiently deploy RandomCoffee at scale across your organization and control access to it with your IDP**.

This functionality is available with the "Enterprise plan".

Why enable provisioning for RandomCoffee?

With provisioning, the IT administrators of a company are enabled to manage access permissions from a central hub, namely their identity provider. It adds extra security and reduces the manual tasks of user management.

You can integrate RandomCoffee with your identity provider on a self-service basis through your provider’s dashboard. The next step is activating provisioning in RandomCoffee’s Admin Center.

Configuration in RandomCoffee

  • Go to "Setting -> Configuration"

  • Select "SCIM Provisioning"

  • Press the "Enable" button

  • Copy the "SCIM 2.0 URL" and the "Bearer Token" and send it to your IT professional

The Bearer Token is a sensitive "password" and should be handled securely.

GET /Users Identity provider

If an identity provider that supports SCIM 2.0 is used, then custom integration is not needed. Set up the user provisioning through the identity provider and enjoy. If a custom integration is needed, check the next section.

Custom integration


The official documentation of SCIM 2.0 should be used for general information. This description will only provide the specifics of RandomCoffee’s SCIM 2.0 implementation. RandomCoffee supports the following operations in the SCIM 2.0 protocol.

Get a specific user

GET /Users/{id}

Returns a user by their unique ID (RandomCoffee), which is received when using the POST operation, for example. To get the user by externalID, use "Get all users" instead and use the filter or utilize RandomCoffee ID.

Get all users

GET /Users

Returns all users in RandomCoffee for the organization. Filtering is supported by userName and externalId and by the operator eq.

For pagination, check SCIM 2.0 documentation for startIndex and count. If the count is omitted, 1000 is the standard amount. The max count amount is also 1000.

GET /Users?filter=userName eq "firstname.lastname@company.com" GET /Users?filter=externalId eq "someIdOfUser"

Create a user

POST /Users

Create a new user when providing the following mandatory fields:

Field nameDescriptionComment


The username of the user

Max 255 characters


The external ID of the user

Max 255 characters


First name of the user

Max 255 characters


Last name of the user

Max 255 characters


List at least one email address

Example: [{”primary”: true, “value”: “juliette@random-coffee.com”}]

Update a user

PUT /Users/{id}

Use this to update a specific user with data.

Partial update of a user

PATCH /Users/{id}

→ Makes partial updates to a user. For more information, check this documentation. Example:

{"Operations": [{"op": "replace","path": "externalId","value": "34567"},{"op": "replace","path": "name.familyName","value": "Changed"},]}

Delete a user

DELETE /Users/{id}

Deletes a specific user.

Get schemas

GET /Schemas

Returns all schemas and fields in the organization, including attributes created.

Get service provider config

GET /ServiceProviderConfig

Returns the Service Provider configuration of the SCIM 2.0 API containing capabilities and supported features.

Bulk operations

Bulk operations are not supported.

* SCIM: System for Cross-domain Identity Management

** IDP: Identity Provider

🎓 You might be interested:

How to set SCIM provisioning in OKTA

How to set SCIM provisioning in Azure AD

Last updated