Deployment: Invicti Platform on-demand, Invicti Platform on-premises Package: Invicti Ultimate Requires: API access
SCIM provisioning reference
This document is a reference for SCIM 2.0 provisioning in Invicti Platform, covering supported schemas, features, attributes, and known limitations. For setup instructions, see Set up SCIM provisioning.
The endpoint examples on this page use https://platform.invicti.com. Replace this with the URL for your region: EU (https://platform-eu.invicti.com), CA (https://platform-ca.invicti.com), or your on-premises or private tenant URL.
Supported schemas
All standard SCIM 2.0 schemas as defined by RFC 7643:
urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfigurn:ietf:params:scim:schemas:core:2.0:ResourceTypeurn:ietf:params:scim:schemas:core:2.0:Schemaurn:ietf:params:scim:schemas:core:2.0:Userurn:ietf:params:scim:schemas:core:2.0:Group
The following message schemas are used in requests and responses to SCIM 2.0 protocol endpoints as defined by RFC 7644:
urn:ietf:params:scim:api:messages:2.0:ListResponseurn:ietf:params:scim:api:messages:2.0:SearchRequesturn:ietf:params:scim:api:messages:2.0:PatchOpurn:ietf:params:scim:api:messages:2.0:BulkRequesturn:ietf:params:scim:api:messages:2.0:BulkResponseurn:ietf:params:scim:api:messages:2.0:Error
You can retrieve the full list of schemas and attribute details from:
https://platform.invicti.com/api/scim/v2/Schemas
Features
You can retrieve the service provider configuration from:
https://platform.invicti.com/api/scim/v2/ServiceProviderConfig
Supported
- Filtering using the
filterquery parameter on list endpoints - Sorting using
sortByandsortOrderquery parameters on list endpoints - Patch operations
- Bearer token authentication
- OAuth 2.0 Client Credentials grant
Unsupported
- Bulk operations
- ETags
- Creating and updating user passwords - when a new user is created, Invicti sends an invitation email so the user can set their own password
Attributes
The following SCIM 2.0 attributes are supported for users and groups.
User attributes
| Attribute | Type | Constraint | Notes |
|---|---|---|---|
externalId | string | Optional | |
id | string | Read-only | |
name | object | Required | |
name.givenName | string | Required | First name |
name.familyName | string | Required | Last name |
userName | string | Required | User's email address |
countryCode | string | Optional | |
locale | string | Optional | For example, en-US. Only used when creating a new user. |
timezone | string | Optional | IANA timezone, for example America/New_York. Only used when creating a new user. |
password | string | Optional | Unused |
phoneNumber | string | Optional | Only used when creating a new user. |
groups | Array of reference | Read-only | User group memberships |
Group attributes
SCIM 2.0 groups correspond to teams in Invicti Platform.
| Attribute | Type | Constraint | Notes |
|---|---|---|---|
externalId | string | Optional | |
id | string | Read-only | |
displayName | object | Required | |
members | Array of reference | Optional | Group members |
Known limitations
- SCIM 2.0 can't update user timezone, locale, or country code after you create the user.
- SCIM 2.0 can't set passwords. Users receive an invitation email to create their own password.
- You can only set group members via a patch operation.
- Sub-attribute filtering isn't supported. For example, use
name.givenName eq "joe"instead ofname[givenName eq "joe"].
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center