SCIM API

  • Tier: Premium, Ultimate
  • Offering: GitLab.com
History

Use this API to manage SCIM identities in groups.

Prerequisites:

This API differs from the internal group SCIM API and the instance SCIM API:

  • This API:

    • Does not implement the RFC7644 protocol.
    • Gets, checks, updates, and deletes SCIM identities within groups.
  • The internal group and instance SCIM APIs:

    • Are for system use for SCIM provider integration.
    • Implement the RFC7644 protocol.
    • Get a list of SCIM provisioned users for the group or instance.
    • Create, delete and update SCIM provisioned users for the group or instance.

Get SCIM identities for a group

History
GET /groups/:id/scim/identities

Supported attributes:

AttributeTypeRequiredDescription
idinteger/stringYesThe ID or URL-encoded path of the group

If successful, returns 200 and the following response attributes:

AttributeTypeDescription
extern_uidstringExternal UID for the user
user_idintegerID for the user
activebooleanStatus of the identity

Example response:

[
    {
        "extern_uid": "be20d8dcc028677c931e04f387",
        "user_id": 48,
        "active": true
    }
]

Example request:

curl --location --request GET "https://gitlab.example.com/api/v4/groups/33/scim/identities" \
--header "PRIVATE-TOKEN: <PRIVATE-TOKEN>"

Get a single SCIM identity

History
GET /groups/:id/scim/:uid

Supported attributes:

AttributeTypeRequiredDescription
idintegeryesThe ID or URL-encoded path of the group
uidstringyesExternal UID of the user.

Example request:

curl --location --request GET "https://gitlab.example.com/api/v4/groups/33/scim/be20d8dcc028677c931e04f387" --header "PRIVATE-TOKEN: <PRIVATE TOKEN>"

Example response:

{
    "extern_uid": "be20d8dcc028677c931e04f387",
    "user_id": 48,
    "active": true
}

Update extern_uid field for a SCIM identity

History

Fields that can be updated are:

SCIM/IdP fieldGitLab field
id/externalIdextern_uid
PATCH /groups/:groups_id/scim/:uid

Parameters:

AttributeTypeRequiredDescription
idinteger/stringyesThe ID or URL-encoded path of the group
uidstringyesExternal UID of the user.

Example request:

curl --location --request PATCH "https://gitlab.example.com/api/v4/groups/33/scim/be20d8dcc028677c931e04f387" \
--header "PRIVATE-TOKEN: <PRIVATE TOKEN>" \
--form "extern_uid=yrnZW46BrtBFqM7xDzE7dddd"

Delete a single SCIM identity

History
DELETE /groups/:id/scim/:uid

Supported attributes:

AttributeTypeRequiredDescription
idintegeryesThe ID or URL-encoded path of the group.
uidstringyesExternal UID of the user.

Example request:

curl --location --request DELETE "https://gitlab.example.com/api/v4/groups/33/scim/yrnZW46BrtBFqM7xDzE7dddd" --header "PRIVATE-TOKEN: <your_access_token>"

Example response:

{
    "message" : "204 No Content"
}