Enable SCIM provisioning
RandomCoffee supports SCIM, allowing you to automate user provisioning and de-provisioning for your team.
You can efficiently deploy RandomCoffee at scale across your organization and control access to it with your IDP**.
This functionality is available with the "Enterprise plan".
Why enable provisioning for RandomCoffee?
With provisioning, the IT administrators of a company are enabled to manage access permissions from a central hub, namely their identity provider. It adds extra security and reduces the manual tasks of user management.
You can integrate RandomCoffee with your identity provider on a self-service basis through your provider’s dashboard. The next step is activating provisioning in RandomCoffee’s Admin Center.
Configuration in RandomCoffee
Go to "Setting -> Configuration"
Select "SCIM Provisioning"
Press the "Enable" button
Copy the "SCIM 2.0 URL" and the "Bearer Token" and send it to your IT professional
The Bearer Token is a sensitive "password" and should be handled securely.
GET /Users Identity provider
If an identity provider that supports SCIM 2.0 is used, then custom integration is not needed. Set up the user provisioning through the identity provider and enjoy. If a custom integration is needed, check the next section.
Custom integration
Operations
The official documentation of SCIM 2.0 should be used for general information. This description will only provide the specifics of RandomCoffee’s SCIM 2.0 implementation. RandomCoffee supports the following operations in the SCIM 2.0 protocol.
Get a specific user
GET /Users/{id}
→ Returns a user by their unique ID (RandomCoffee), which is received when using the POST operation, for example. To get the user by externalID, use "Get all users" instead and use the filter or utilize RandomCoffee ID.
Get all users
GET /Users
→ Returns all users in RandomCoffee for the organization. Filtering is supported by userName and externalId and by the operator eq.
For pagination, check SCIM 2.0 documentation for startIndex and count. If the count is omitted, 1000 is the standard amount. The max count amount is also 1000.
GET /Users?filter=userName eq "firstname.lastname@company.com" GET /Users?filter=externalId eq "someIdOfUser"
Create a user
POST /Users
Create a new user when providing the following mandatory fields:
Field name | Description | Comment |
---|---|---|
Username | The username of the user | Max 255 characters |
externalId | The external ID of the user | Max 255 characters |
name.givenName | First name of the user | Max 255 characters |
name.familyName | Last name of the user | Max 255 characters |
emails | List at least one email address | Example: [{”primary”: true, “value”: “juliette@random-coffee.com”}] |
Update a user
PUT /Users/{id}
Use this to update a specific user with data.
Partial update of a user
PATCH /Users/{id}
→ Makes partial updates to a user. For more information, check this documentation. Example:
{"Operations": [{"op": "replace","path": "externalId","value": "34567"},{"op": "replace","path": "name.familyName","value": "Changed"},]}
Delete a user
DELETE /Users/{id}
→ Deletes a specific user.
Get schemas
GET /Schemas
→ Returns all schemas and fields in the organization, including attributes created.
Get service provider config
GET /ServiceProviderConfig
→ Returns the Service Provider configuration of the SCIM 2.0 API containing capabilities and supported features.
Bulk operations
Bulk operations are not supported.
* SCIM: System for Cross-domain Identity Management
** IDP: Identity Provider
🎓 You might be interested:
How to set SCIM provisioning in OKTA
How to set SCIM provisioning in Azure AD
Last updated