Skip to main content

SCIM 2.0

Automate user provisioning and group management using the SCIM 2.0 standard. Connect Showpad with identity providers like Okta, Azure AD, or OneLogin to keep users in sync automatically.

What you'll learn

  • How to configure SCIM endpoints for your identity provider
  • How to map SCIM attributes to Showpad user fields
  • How to manage users and groups via SCIM
TL;DR
  • Base endpoint: https://{{subdomain}}.showpad.biz/api/Users/scim/v2
  • Create users? Use POST /Users
  • List users? Use GET /Users
  • Update users? Use PUT /Users/\{id\}
  • Manage groups? Use /Groups endpoints

When to use the API

Identity Provider
Integration		Automated
Provisioning		Group
Management		Enterprise
SSO
Connect Okta, Azure AD, OneLogin, or other SCIM-compatible identity providers.Automatically create and deactivate users based on your directory.Sync user group memberships from your identity provider.Combine with SSO for seamless enterprise authentication.
Prerequisites
  • Plan: Ultimate with Enterprise add-on | Advanced or Expert
  • Permissions: Administrator access to Showpad's Admin App
  • Authentication: Valid OAuth 2.0 access token (learn more)
  • Config: A SCIM-compatible identity management system

Resources

Base Endpoint

All SCIM requests use this base URL:

https://{{subdomain}}.showpad.biz/api/Users/scim/v2

Append resource paths (e.g., /Users, /Groups) to this base endpoint.

Mapping

User maps SCIM attributes to a Showpad User. You can list, filter, add, edit or remove users.

A new user will be automatically assigned to the "All Users" group. This is a default group that you can't unassign from the user. If you want to assign the user to another group, it should exist already or be created via the groups endpoint.

SCIM attributeShowpad FieldAttribute TypeRequiredDefault
IDidSingularTrue
userNameuserNameSingularTrue
name.givenNamefirstNameSingularTrue
name.familyNamelastNameSingularTrue
emails[0].valueemailSingularTrue
activeisActiveSingularFalse
timezonetimezoneSingularFalse
localelanguage

Supported values:
bucsdade
enesfrfr-CA
itjakono
nlplptpt-PT
rusvtrzh
SingularFalseen
titlecompanyRoleSingularFalse""
externalIDscimIdSingularFalse""
enterprise.organizationcompanyNameSingularFalseCurrent organization
phoneNumbers[0].valuephoneSingularFalse""
phoneNumbers[0].type--SingularFalse"work" (read-only)
emails[0].type--SingularFalse"work" (read-only)
emails[0].primary--SingularFalseTrue (read-only)
roles[0].value  OR
roles.^[primary==‘true’].value		userTypeSingularFalse"tablet"
groupsusergroupsMulti-ValuedFalse"All users" group
groups.valueusergroups.idSingularFalse"All users" group ID
groups.displayusergroups.nameSingularFalse"All users"
entitlementsmanagedUsergroupsMulti-ValuedFalse
entitlements.type--SingularFalse
entitlements.valuemanagedUsergroups.idSingularFalse
manager.valuemanagerIdSingularFalse

Attributes

User

User attributes are multi-valued in SCIM but singular in Showpad. When you're creating or replacing the user and specify multiple values, the primary value will be mapped and the other values discarded. If there is no primary, the first value will be used.

AttributeDescription
phoneNumbers
emails
rolesA means of grouping users with similar permissions, each group of users has access to the information intended for them according to rules that have been pre-defined by an administrator.

When changing this value, be aware that only certain roles are supported:

  • owner - Only 1 owner is allowed. You will get a uniqueness error if you try to create another one.
  • admin - Administrator
  • tablet - This is a default role.
  • manager - When a user has the manager role, they can have groups assigned for which they can coach other users. Assigning these groups can happen via the entitlements section. A single manager can have multiple entitlements assigned to them. Note: This is the only entitlement currently supported by Showpad. Be sure to verify that entitlements are supported for managers and/or users by your identity provider.
groupsRead-only attribute. This allows you to see to which user groups a user belongs. Modifying a user's membership to a group should be handled through the Usergroup resource.
enterpriseIn the table corresponds to enterprise schema urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
emails[0].valueShould follow email pattern. Must be unique in the system. Otherwise you will get an uniquenesserror.
usernameThis must be unique in the system, otherwise you'll get a uniquenesserror.
manager.valueThis value should be either the Showpad ID or the email address of an existing Showpad user.

Entitlements Example

When a user has the manager role, they can have groups assigned for which they can coach other users. Assigning these groups can happen via the entitlements section using:

"entitlements": [
    {
        "value": "22b3d7f8eea74c37d3d140642ccbaeba",
        "type": "coach_for_group"
    }
]
caution

This is the only entitlement currently supported by Showpad. Be sure to verify that entitlements are supported for managers and/or users by your identity provider.

Groups

SCIM attributeShowpad fieldAttribute TypeRequiredDefault
IDidSingularTrue
displayNamenameSingularTrue
membersusersMulti-ValuedFalse
members.valueusers.idSingularFalse
members.displayusers.usernameSingularFalse

Pagination

You can paginate through results by using startIndex and count query parameters.

For example, the following code will output the second page of a 10-paged result:

User

/Users?startIndex=11&count=10

Groups

/Groups?startIndex=11&count=10

Filtering

You can filter for users by fields following the specs. Currently, only the EQ operator on username is supported.

User

The following code will result in a list of users whose username is "john.doe@showpad.com":

/Users?filter=username%20eq%20"john.doe@showpad.com"

Groups

Filtering for groups has not been implemented in Showpad's SCIM 2.0 version.

POST

Users

Create a new user in Showpad.

curl -X POST "https://{{subdomain}}.showpad.biz/api/Users/scim/v2/Users" \
  -H "Authorization: Bearer {access_token}" \
  -H "Content-Type: application/json" \
  -d '{
    "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
    "userName": "john.doe@showpad.com",
    "name": {
      "givenName": "John",
      "familyName": "Doe"
    },
    "emails": [{"value": "john.doe@showpad.com", "primary": true, "type": "work"}],
    "active": true,
    "locale": "en",
    "timezone": "Europe/Brussels"
  }'

Groups

Create a new user group in Showpad.

curl -X POST "https://{{subdomain}}.showpad.biz/api/Users/scim/v2/Groups" \
  -H "Authorization: Bearer {access_token}" \
  -H "Content-Type: application/json" \
  -d '{
    "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
    "displayName": "Sales Team",
    "members": [
      {"value": "{user_id_1}"},
      {"value": "{user_id_2}"}
    ]
  }'

GET

Schemas

Retrieve SCIM schema definitions:

EndpointDescription
/SchemasRetrieves all configuration details.
/Schemas/urn:ietf:params:scim:schemas:core:2.0:UserRetrieves user configuration details.
/Schemas/urn:ietf:params:scim:schemas:core:2.0:GroupRetrieves group configuration details.
/Schemas/urn:ietf:params:scim:schemas:extension:enterprise:2.0:UserRetrieves enterprise user extensions.

ResourceTypes

Retrieve available resource types:

EndpointDescription
/ResourceTypesOutputs types of resources.
/ResourceTypes/UserUser resource type details.
/ResourceTypes/GroupGroup resource type details.

ServiceProviderConfig

Retrieve supported operations:

EndpointDescription
/ServiceProviderConfigReturns a list of operations supported in the current implementation.

Users

List users with optional pagination and filtering (100 per page by default).

curl -X GET "https://{{subdomain}}.showpad.biz/api/Users/scim/v2/Users?startIndex=1&count=25" \
  -H "Authorization: Bearer {access_token}"

Users/{Id}

Retrieve a specific user by ID.

curl -X GET "https://{{subdomain}}.showpad.biz/api/Users/scim/v2/Users/{user_id}" \
  -H "Authorization: Bearer {access_token}"

Groups

List groups (100 per page by default).

curl -X GET "https://{{subdomain}}.showpad.biz/api/Users/scim/v2/Groups?startIndex=1&count=25" \
  -H "Authorization: Bearer {access_token}"

Groups/{id}

Retrieve a specific group by ID.

curl -X GET "https://{{subdomain}}.showpad.biz/api/Users/scim/v2/Groups/{group_id}" \
  -H "Authorization: Bearer {access_token}"

PUT

Users/{id}

Replace all attributes of a user.

curl -X PUT "https://{{subdomain}}.showpad.biz/api/Users/scim/v2/Users/{user_id}" \
  -H "Authorization: Bearer {access_token}" \
  -H "Content-Type: application/json" \
  -d '{
    "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
    "userName": "john.doe@showpad.com",
    "name": {"givenName": "John", "familyName": "Smith"},
    "emails": [{"value": "john.doe@showpad.com", "primary": true}],
    "active": true
  }'

Groups/{id}

Replace all attributes of a group.

curl -X PUT "https://{{subdomain}}.showpad.biz/api/Users/scim/v2/Groups/{group_id}" \
  -H "Authorization: Bearer {access_token}" \
  -H "Content-Type: application/json" \
  -d '{
    "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
    "displayName": "Updated Sales Team",
    "members": [{"value": "{user_id_1}"}, {"value": "{user_id_2}"}]
  }'

DELETE

Users/{id}

Delete a user. Returns 204 No Content on success.

curl -X DELETE "https://{{subdomain}}.showpad.biz/api/Users/scim/v2/Users/{user_id}" \
  -H "Authorization: Bearer {access_token}"

Groups/{id}

Delete a group. Returns 204 No Content on success.

curl -X DELETE "https://{{subdomain}}.showpad.biz/api/Users/scim/v2/Groups/{group_id}" \
  -H "Authorization: Bearer {access_token}"

PATCH

Not Implemented PATCH operations are not currently supported in Showpad's SCIM 2.0 implementation. Use PUT

to replace resources. :::

Next Steps

Was this page helpful?