What is SCIM?
SCIM is an open standard that allows for the automation of user provisioning. SCIM is used by Single Sign-On (SSO) Services and identity providers to manage people across multiple domains.
Note: UserVoice supports SCIM v2, and works with IdPs such as Okta. However, we do not support Microsoft Entra ID (formerly Azure Active Directory) at this time due to Entra using an extended SCIM protocol. If you're configuring with Okta, follow our guide found here.
Configuring SCIM
Step One: Enable SCIM in UserVoice
To find the setting, go to General Settings -> User Authentication and enable SCIM by toggling the feature "On". Once enabled, click "Create Token" to obtain the API Token for configuring in your IdP.
Note: Admins with owner-level permissions are the only admins able to enable and obtain the token.
Step Two: Configure within your Identity Provider
Setup will depend upon which Identity Provider you use as long as it allows setting up SCIM v2. During the configuration, you will need to enter the Base URL https://yourdomain.uservoice.com/api/scim_v2
and Token obtained from Step One.
Supported Features
- Assign License
- Pass a
licenseType
for users to determine which license type they are provisioned.
- Pass a
- Assign User Traits
- Deactivate License
- When deleting or deactivating a user via the IdP or SCIM, this will only deactivate their license within UserVoice. The user will be moved from one of the Licensed Types to End-User.
Attributes
SCIM Attribute |
UserVoice Field |
||||
Variables | Permission Reference | ||||
licenseType |
Capture Feedback | Internal Roadmap | Idea Management | Settings | |
fullaccess_owner |
On |
View & Edit |
View & Edit |
Full edit |
|
|
On |
View & Edit |
View & Edit |
Partial |
|
|
On |
View & Edit |
View & Edit |
Disabled |
|
|
On |
View & Edit |
View only |
Disabled |
|
admin_ideas_only |
On |
Disabled |
View & Edit |
Disabled |
|
admin_feedback_only |
On |
Disabled |
View only |
Disabled |
|
|
On |
Disabled |
Disabled |
Disabled |
|
|
Off |
N/A |
N/A |
N/A |
|
userName |
email |
Note: Once SCIM has been configured, any further provisioning of licenses (add/removing/updating) will be done through the IdP. If attempted within the UI, changes will not be saved.
Endpoints
- GET
Schemas
to list the schemas - GET
ServiceProviderConfig
to return the service provider configurations - GET
Users
to list users permissions - GET
Users/:id
to list a specific user permissions - POST
Users
to create a permission record - PUT
Users/:id
to replace a permission record - DELETE
Users/:id
to delete a permission record