Frontegg SCIM Provisioning API
The Frontegg SCIM 2.0 Provisioning API implements directory provisioning for users and groups from external identity providers such as Okta, Azure AD, and Google Workspace.
OpenAPI Specification
openapi: 3.0.0
paths:
/resources/v1/configurations/scim2:
get:
operationId: Scim2ConnectionConfigController_fetchAll
summary: Get All SCIM Configurations
description: Retrieve all provisioning (SCIM) configurations for the environment.
parameters:
- name: tenantId
required: false
in: query
schema:
type: string
- name: source
required: false
in: query
schema:
type: string
- name: connectionName
required: false
in: query
schema:
type: string
- name: id
required: false
in: query
schema:
type: string
responses:
'200':
description: List of SCIM configurations. Vendor only endpoint
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/Scim2ConnectionConfigResponse'
tags:
- SCIM Settings
post:
operationId: Scim2ConnectionConfigController_create
summary: Create a SCIM Configuration
description: Create a provisioning (SCIM) configuration for an account (tenant).
parameters:
- name: frontegg-tenant-id
in: header
description: The account (tenant) ID identifier
required: false
schema:
type: string
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/Scim2CreateConnectionConfigRequest'
responses:
'201':
description: ''
content:
application/json:
schema:
$ref: '#/components/schemas/Scim2CreateConnectionConfigResponse'
tags:
- SCIM Configurations
/resources/v1/configurations/scim2/{id}:
get:
operationId: Scim2ConnectionConfigController_fetchById
summary: Get a SCIM Configuration by ID
description: Get a provisioning (SCIM) configuration by its ID.
parameters:
- name: id
required: true
in: path
schema:
type: string
- name: frontegg-tenant-id
in: header
description: The account (tenant) ID identifier
required: false
schema:
type: string
responses:
'200':
description: ''
content:
application/json:
schema:
$ref: '#/components/schemas/Scim2ConnectionConfigResponse'
tags:
- SCIM Configurations
patch:
operationId: Scim2ConnectionConfigController_partialUpdate
summary: Update a SCIM Configuration
description: Create a provisioning (SCIM) configuration for an account (tenant).
parameters:
- name: id
required: true
in: path
schema:
type: string
- name: frontegg-tenant-id
in: header
description: The account (tenant) ID identifier
required: false
schema:
type: string
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/Scim2PatchConnectionConfigRequest'
responses:
'204':
description: ''
tags:
- SCIM Configurations
delete:
operationId: Scim2ConnectionConfigController_deleteById
summary: Delete a SCIM Configuration
description: Create a provisioning (SCIM) configuration for an account (tenant).
parameters:
- name: id
required: true
in: path
schema:
type: string
- name: frontegg-tenant-id
in: header
description: The account (tenant) ID identifier
required: false
schema:
type: string
responses:
'204':
description: ''
tags:
- SCIM Configurations
info:
title: SCIM Provisioning Overview
description: 'The SCIM Provisioning endpoints enable seamless management of user identities and groups in compliance with the [SCIM (System for Cross-domain Identity Management) standard](https://datatracker.ietf.org/doc/html/rfc7644). This service supports automatic provisioning and deprovisioning of user accounts, ensuring data synchronization across multiple identity providers and applications.
Fully compliant with SCIM 2.0, the SCIM Provisioning Service guarantees compatibility and interoperability across various identity platforms.
This section lists all relevant API endpoints, organized into Management and Self-Service categories:
**Management Endpoints**: Require environment-level authorization and offer comprehensive control over SCIM resources.
<br>
**Self-Service Endpoints**: Accessible with a user token (JWT) and allow users with the necessary permissions to create, update, and delete a SCIM connection on their account.'
version: '1.0'
servers:
- url: https://api.frontegg.com/directory
description: EU Region
- url: https://api.us.frontegg.com/directory
description: US Region
- url: https://api.ca.frontegg.com/directory
description: CA Region
- url: https://api.au.frontegg.com/directory
description: AU Region
- url: https://{domain}.frontegg.com/directory
description: Frontegg sub-domain for use with user tokens
variables:
domain:
default: app-xxx
components:
securitySchemes:
bearer:
scheme: bearer
bearerFormat: JWT
type: http
schemas:
Scim2ConnectionConfigResponse:
type: object
properties:
id:
type: string
tenantId:
type: string
connectionName:
type: string
source:
type: string
syncToUserManagement:
type: boolean
lastSync:
format: date-time
type: string
nullable: true
createdAt:
format: date-time
type: string
required:
- id
- tenantId
- connectionName
- source
- syncToUserManagement
- lastSync
- createdAt
Scim2CreateConnectionConfigRequest:
type: object
properties:
source:
type: string
enum:
- frontegg
- okta
- azure-ad
- other
connectionName:
type: string
syncToUserManagement:
type: boolean
required:
- source
Scim2CreateConnectionConfigResponse:
type: object
properties:
id:
type: string
connectionName:
type: string
token:
type: string
required:
- id
- connectionName
- token
Scim2PatchConnectionConfigRequest:
type: object
properties:
syncToUserManagement:
type: boolean
required:
- syncToUserManagement
x-tagGroups:
- name: Management
tags:
- SCIM settings
- name: Self-Service
tags:
- SCIM configurations