Ironclad

Ironclad SCIM 2.0 API

SCIM 2.0 endpoints for Just-in-Time and bulk provisioning of Ironclad users and groups from an upstream identity provider (Okta, Azure AD, OneLogin, etc.). Implements /Users, /Groups, and /Schemas with standard SCIM semantics — list/get/create/replace/delete plus PATCH for partial updates and group-membership edits. Enables SSO-aligned lifecycle management and role-based access.

Ironclad SCIM 2.0 API is one of 4 APIs that Ironclad publishes on the APIs.io network, described by a machine-readable OpenAPI specification.

This API exposes 1 machine-runnable capability that can be deployed as REST, MCP, or Agent Skill surfaces via Naftiko and 1 JSON Schema definition.

Tagged areas include SCIM, Identity, User Provisioning, Groups, and Directory. The published artifact set on APIs.io includes API documentation, an OpenAPI specification, 1 Naftiko capability spec, and 1 JSON Schema.

GitHub OpenAPI

Documentation

📖
Documentation
https://developer.ironcladapp.com/reference/retrieve-all-users

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/ironclad/refs/heads/main/openapi/ironclad-scim-api-openapi.yml

Schemas & Data

📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/ironclad/refs/heads/main/json-schema/ironclad-user-schema.json

Other Resources

🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/ironclad/refs/heads/main/capabilities/scim.yaml

OpenAPI Specification

ironclad-scim-api-openapi.yml Raw ↑ 
openapi: 3.1.0
info:
  title: Ironclad SCIM API
  description: Documentation for Ironclad's SCIM Implementation.
  version: '1'
  contact:
    name: Ironclad Support
    email: [email protected]
servers:
- url: https://na1.ironcladapp.com/scim/v2
  description: Production server
- url: https://eu1.ironcladapp.com/scim/v2
  description: EU Production server
- url: https://demo.ironcladapp.com/scim/v2
  description: Demo server
components:
  schemas:
    GroupSchema:
      type: object
      properties:
        id:
          type: string
          example: urn:ietf:params:scim:schemas:core:2.0:Group
        name:
          type: string
          example: Group
        description:
          type: string
          example: Group
        attributes:
          type: array
          items:
            anyOf:
            - type: object
              properties:
                type:
                  type: string
                  example: string
                multiValued:
                  type: boolean
                  example: false
                description:
                  type: string
                  example: A human-readable name for the Group.  REQUIRED.
                required:
                  type: boolean
                  example: true
                caseExact:
                  type: boolean
                  example: false
                mutability:
                  type: string
                  example: readWrite
                returned:
                  type: string
                  example: default
                uniqueness:
                  type: string
                  example: none
                name:
                  type: string
                  example: displayName
            - type: object
              properties:
                type:
                  type: string
                  example: complex
                multiValued:
                  type: boolean
                  example: true
                description:
                  type: string
                  example: A list of members of the Group.
                required:
                  type: boolean
                  example: false
                mutability:
                  type: string
                  example: readWrite
                returned:
                  type: string
                  example: default
                name:
                  type: string
                  example: members
                subattributes:
                  type: array
                  items:
                    anyOf:
                    - type: object
                      properties:
                        type:
                          type: string
                          example: string
                        multiValued:
                          type: boolean
                          example: false
                        description:
                          type: string
                          example: Identifier of the member of this Group.
                        required:
                          type: boolean
                          example: false
                        caseExact:
                          type: boolean
                          example: false
                        mutability:
                          type: string
                          example: immutable
                        returned:
                          type: string
                          example: default
                        uniqueness:
                          type: string
                          example: none
                        name:
                          type: string
                          example: value
                    - type: object
                      properties:
                        type:
                          type: string
                          example: reference
                        referenceTypes:
                          type: array
                          items:
                            type: string
                            enum:
                            - User
                            - Group
                          example:
                          - User
                          - Group
                        multiValued:
                          type: boolean
                          example: false
                        description:
                          type: string
                          example: The URI corresponding to a SCIM resource that is a member of this Group.
                        required:
                          type: boolean
                          example: false
                        caseExact:
                          type: boolean
                          example: false
                        mutability:
                          type: string
                          example: immutable
                        returned:
                          type: string
                          example: default
                        uniqueness:
                          type: string
                          example: none
                        name:
                          type: string
                          example: $ref
                    - type: object
                      properties:
                        type:
                          type: string
                          example: string
                        multiValued:
                          type: boolean
                          example: false
                        description:
                          type: string
                          example: A label indicating the type of resource, e.g., 'User' or 'Group'.
                        required:
                          type: boolean
                          example: false
                        caseExact:
                          type: boolean
                          example: false
                        canonicalValues:
                          type: array
                          items:
                            type: string
                          example:
                          - User, Group
                        mutability:
                          type: string
                          example: immutable
                        returned:
                          type: string
                          example: default
                        uniqueness:
                          type: string
                          example: none
                        name:
                          type: string
                          example: type
        meta:
          type: object
          properties:
            resourceType:
              type: string
              example: Schema
            location:
              type: string
              format: uri
              example: https://na1.ironcladapp.com/scim/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:Group
    CoreUserSchema:
      type: object
      properties:
        id:
          type: string
          example: urn:ietf:params:scim:schemas:core:2.0:User
        name:
          type: string
          example: User
        description:
          type: string
          example: User Account
        attributes:
          type: array
          items:
            anyOf:
            - type: object
              properties:
                type:
                  type: string
                  example: string
                multiValued:
                  type: boolean
                  example: false
                description:
                  type: string
                  example: Unique identifier for the User, typically used by the user to directly authenticate to the service
                    provider.  Each User MUST include a non-empty userName value.  This identifier MUST be unique across the
                    service provider's entire set of Users.  REQUIRED.
                required:
                  type: boolean
                  example: true
                caseExact:
                  type: boolean
                  example: false
                mutability:
                  type: string
                  example: readWrite
                returned:
                  type: string
                  example: default
                uniqueness:
                  type: string
                  example: server
                name:
                  type: string
                  example: userName
            - type: object
              properties:
                type:
                  type: string
                  example: complex
                multiValued:
                  type: boolean
                  example: false
                description:
                  type: string
                  example: The components of the user's real name.  Providers MAY return just the full name as a single string
                    in the formatted sub-attribute, or they MAY return just the individual component attributes using the
                    other sub-attributes, or they MAY return both.  If both variants are returned, they SHOULD be describing
                    the same name, with the formatted name indicating how the component attributes should be combined.
                required:
                  type: boolean
                  example: false
                mutability:
                  type: string
                  example: readWrite
                returned:
                  type: string
                  example: default
                uniqueness:
                  type: string
                  example: none
                name:
                  type: string
                  example: name
                subattributes:
                  type: array
                  items:
                    anyOf:
                    - type: object
                      properties:
                        type:
                          type: string
                          example: string
                        multiValued:
                          type: boolean
                          example: false
                        description:
                          type: string
                          example: The full name, including all middle names, titles, and suffixes as appropriate, formatted
                            for display (e.g., 'Ms. Barbara J Jensen, III').
                        required:
                          type: boolean
                          example: false
                        caseExact:
                          type: boolean
                          example: false
                        mutability:
                          type: string
                          example: readWrite
                        returned:
                          type: string
                          example: default
                        uniqueness:
                          type: string
                          example: none
                        name:
                          type: string
                          example: formatted
                    - type: object
                      properties:
                        type:
                          type: string
                          example: string
                        multiValued:
                          type: boolean
                          example: false
                        description:
                          type: string
                          example: The family name of the User, or last name in most Western languages (e.g., 'Jensen' given
                            the full name 'Ms. Barbara J Jensen, III').
                        required:
                          type: boolean
                          example: false
                        caseExact:
                          type: boolean
                          example: false
                        mutability:
                          type: string
                          example: readWrite
                        returned:
                          type: string
                          example: default
                        uniqueness:
                          type: string
                          example: none
                        name:
                          type: string
                          example: familyName
                    - type: object
                      properties:
                        type:
                          type: string
                          example: string
                        multiValued:
                          type: boolean
                          example: false
                        description:
                          type: string
                          example: The given name of the User, or first name in most Western languages (e.g., 'Barbara' given
                            the full name 'Ms. Barbara J Jensen, III').
                        required:
                          type: boolean
                          example: false
                        caseExact:
                          type: boolean
                          example: false
                        mutability:
                          type: string
                          example: readWrite
                        returned:
                          type: string
                          example: default
                        uniqueness:
                          type: string
                          example: none
                        name:
                          type: string
                          example: givenName
            - type: object
              properties:
                type:
                  type: string
                  example: string
                multiValued:
                  type: boolean
                  example: false
                description:
                  type: string
                  example: The name of the User, suitable for display to end-users.  The name SHOULD be the full name of the
                    User being described, if known.
                required:
                  type: boolean
                  example: false
                caseExact:
                  type: boolean
                  example: false
                mutability:
                  type: string
                  example: readWrite
                returned:
                  type: string
                  example: default
                uniqueness:
                  type: string
                  example: server
                name:
                  type: string
                  example: displayName
            - type: object
              properties:
                type:
                  type: string
                  example: string
                multiValued:
                  type: boolean
                  example: false
                description:
                  type: string
                  example: The casual way to address the user in real life, e.g., 'Bob' or 'Bobby' instead of 'Robert'.  This
                    attribute SHOULD NOT be used to represent a User's username (e.g., 'bjensen' or 'mpepperidge').
                required:
                  type: boolean
                  example: false
                caseExact:
                  type: boolean
                  example: false
                mutability:
                  type: string
                  example: readWrite
                returned:
                  type: string
                  example: default
                uniqueness:
                  type: string
                  example: server
                name:
                  type: string
                  example: nickName
            - type: object
              properties:
                type:
                  type: string
                  example: string
                multiValued:
                  type: boolean
                  example: false
                description:
                  type: string
                  example: The user's title, such as "Vice President."
                required:
                  type: boolean
                  example: false
                caseExact:
                  type: boolean
                  example: false
                mutability:
                  type: string
                  example: readWrite
                returned:
                  type: string
                  example: default
                uniqueness:
                  type: string
                  example: server
                name:
                  type: string
                  example: title
            - type: object
              properties:
                type:
                  type: string
                  example: boolean
                multiValued:
                  type: boolean
                  example: false
                description:
                  type: string
                  example: A Boolean value indicating the User's administrative status.
                required:
                  type: boolean
                  example: false
                mutability:
                  type: string
                  example: readWrite
                returned:
                  type: string
                  example: default
                name:
                  type: string
                  example: active
            - type: object
              properties:
                type:
                  type: string
                  example: complex
                multiValued:
                  type: boolean
                  example: true
                description:
                  type: string
                  example: Email addresses for the user.  The value SHOULD be canonicalized by the service provider, e.g.,
                    '[email protected]' instead of '[email protected]'.  Canonical type values of 'work', 'home', and
                    'other'.
                required:
                  type: boolean
                  example: false
                mutability:
                  type: string
                  example: readWrite
                returned:
                  type: string
                  example: default
                uniqueness:
                  type: string
                  example: none
                name:
                  type: string
                  example: emails
                subattributes:
                  type: array
                  items:
                    anyOf:
                    - type: object
                      properties:
                        type:
                          type: string
                          example: string
                        multiValued:
                          type: boolean
                          example: false
                        description:
                          type: string
                          example: Email addresses for the user.  The value SHOULD be canonicalized by the service provider,
                            e.g., '[email protected]' instead of '[email protected]'.  Canonical type values of 'work',
                            'home', and 'other'.
                        required:
                          type: boolean
                          example: false
                        caseExact:
                          type: boolean
                          example: false
                        mutability:
                          type: string
                          example: readWrite
                        returned:
                          type: string
                          example: default
                        uniqueness:
                          type: string
                          example: none
                        name:
                          type: string
                          example: value
                    - type: object
                      properties:
                        type:
                          type: string
                          example: string
                        multiValued:
                          type: boolean
                          example: false
                        description:
                          type: string
                          example: A human-readable name, primarily used for display purposes.  READ-ONLY.
                        required:
                          type: boolean
                          example: false
                        caseExact:
                          type: boolean
                          example: false
                        mutability:
                          type: string
                          example: readOnly
                        returned:
                          type: string
                          example: default
                        uniqueness:
                          type: string
                          example: none
                        name:
                          type: string
                          example: name
                    - type: object
                      properties:
                        type:
                          type: string
                          example: string
                        multiValued:
                          type: boolean
                          example: false
                        description:
                          type: string
                          example: A label indicating the attribute's function, e.g., 'work' or 'home'.
                        required:
                          type: boolean
                          example: false
                        caseExact:
                          type: boolean
                          example: false
                        canonicalValues:
                          type: array
                          items:
                            type: string
                          example:
                          - work
                          - home
                          - other
                        mutability:
                          type: string
                          example: readWrite
                        returned:
                          type: string
                          example: default
                        uniqueness:
                          type: string
                          example: none
                        name:
                          type: string
                          example: type
        meta:
          type: object
          properties:
            resourceType:
              type: string
              example: Schema
            location:
              type: string
              format: uri
              example: https://na1.ironcladapp.com/scim/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:User
    EnterpriseUserSchema:
      type: object
      properties:
        id:
          type: string
          example: urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
        name:
          type: string
          example: EnterpriseUser
        description:
          type: string
          example: Enterprise User
        attributes:
          type: array
          items:
            anyOf:
            - type: object
              properties:
                type:
                  type: string
                  example: string
                multiValued:
                  type: boolean
                  example: false
                description:
                  type: string
                  example: Numeric or alphanumeric identifier assigned to a person, typically based on order of hire or association
                    with an organization.
                required:
                  type: boolean
                  example: false
                caseExact:
                  type: boolean
                  example: false
                mutability:
                  type: string
                  example: readWrite
                returned:
                  type: string
                  example: default
                uniqueness:
                  type: string
                  example: none
                mapping:
                  type: object
                  properties:
                    type:
                      type: string
                      example: direct
                    key:
                      type: string
                      example: employeeNumber
                name:
                  type: string
                  example: employeeNumber
            - type: object
              properties:
                type:
                  type: string
                  example: string
                multiValued:
                  type: boolean
                  example: false
                description:
                  type: string
                  example: Identifies the name of a cost center.
                required:
                  type: boolean
                  example: false
                caseExact:
                  type: boolean
                  example: false
                mutability:
                  type: string
                  example: readWrite
                returned:
                  type: string
                  example: default
                uniqueness:
                  type: string
                  example: none
                mapping:
                  type: object
                  properties:
                    type:
                      type: string
                      example: direct
                    key:
                      type: string
                      example: costCenter
                name:
                  type: string
                  example: costCenter
            - type: object
              properties:
                type:
                  type: string
                  example: string
                multiValued:
                  type: boolean
                  example: false
                description:
                  type: string
                  example: Identifies the name of an organization.
                required:
                  type: boolean
                  example: false
                caseExact:
                  type: boolean
                  example: false
                mutability:
                  type: string
                  example: readWrite
                returned:
                  type: string
                  example: default
                uniqueness:
                  type: string
                  example: none
                mapping:
                  type: object
                  properties:
                    type:
                      type: string
                      example: direct
                    key:
                      type: string
                      example: organization
                name:
                  type: string
                  example: organization
            - type: object
              properties:
                type:
                  type: string
                  example: string
                multiValued:
                  type: boolean
                  example: false
                description:
                  type: string
                  example: Identifies the name of a department.
                required:
                  type: boolean
                  example: false
                caseExact:
                  type: boolean
                  example: false
                mutability:
                  type: string
                  example: readWrite
                returned:
                  type: string
                  example: default
                uniqueness:
                  type: string
                  example: none
                mapping:
                  type: object
                  properties:
                    type:
                      type: string
                      example: direct
                    key:
                      type: string
                      example: department
                name:
                  type: string
                  example: department
            - type: object
              properties:
                type:
                  type: string
                  example: complex
                multiValued:
                  type: boolean
                  example: false
                description:
                  type: string
                  example: The User's manager.  A complex type that optionally allows service providers to represent organizational
                    hierarchy by referencing the 'id' attribute of another User.
                required:
                  type: boolean
                  example: false
                mutability:
                  type: string
                  example: readWrite
                returned:
                  type: string
                  example: default
                name:
                  type: string
                  example: manager
                subattributes:
                  type: array
                  items:
                    anyOf:
                    - type: object
                      properties:
                        type:
                          type: string
                          example: string
                        multiValued:
                          type: boolean
                          example: false
                        description:
                          type: string
                          example: The id of the SCIM resource representing the User's manager.  REQUIRED.
                        required:
                          type: boolean
                          example: true
                        caseExact:
                          type: boolean
                          example: false
                        mutability:
                          type: string
                          example: readWrite
                        returned:
                          type: string
                          example: default
                        uniqueness:
                          type: string
                          example: none
                        name:
                          type: string
                          example: value
                    - type: object
                      properties:
                        type:
                          type: string
                          example: reference
                        referenceTypes:
                          type: array
                          items:
                            type: string
                            example: User
                        multiValued:
                          type: boolean
                          example: false
                        description:
                          type: string
                          example: The URI of the SCIM resource representing the User's manager.  REQUIRED.
                        required:
                          type: boolean
                          example: true
                        caseExact:
                          type: boolean
                          example: false
                        mutability:
                          type: string
                          example: readWrite
                        returned:
                          type: string
                          example: default
                        uniqueness:
                          type: string
                          example: none
                        name:
                          type: string
                          example: $ref
                    - type: object
                      properties:
                        type:
                          type: string
                          example: string
                        multiValued:
                          type: boolean
                          example: false
                        description:
                          type: string
                          example: The displayName of the User's manager.  OPTIONAL and READ-ONLY.
                        required:
                          type: boolean
                          example: false
                        caseExact:
                          type: boolean
                          example: false
                        mutability:
                          type: string
                          example: readOnly
                        returned:
                          type: string
                          example: default
                        uniqueness:
                          type:

# --- truncated at 32 KB (72 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/ironclad/refs/heads/main/openapi/ironclad-scim-api-openapi.yml