openapi: 3.1.0 info: title: Ironclad SCIM API description: Documentation for Ironclad's SCIM Implementation. version: '1' contact: name: Ironclad Support email: support@ironcladapp.com servers: - url: https://na1.ironcladapp.com/scim/v2 description: Production server - url: https://eu1.ironcladapp.com/scim/v2 description: EU Production server - url: https://demo.ironcladapp.com/scim/v2 description: Demo server components: schemas: GroupSchema: type: object properties: id: type: string example: urn:ietf:params:scim:schemas:core:2.0:Group name: type: string example: Group description: type: string example: Group attributes: type: array items: anyOf: - type: object properties: type: type: string example: string multiValued: type: boolean example: false description: type: string example: A human-readable name for the Group. REQUIRED. required: type: boolean example: true caseExact: type: boolean example: false mutability: type: string example: readWrite returned: type: string example: default uniqueness: type: string example: none name: type: string example: displayName - type: object properties: type: type: string example: complex multiValued: type: boolean example: true description: type: string example: A list of members of the Group. required: type: boolean example: false mutability: type: string example: readWrite returned: type: string example: default name: type: string example: members subattributes: type: array items: anyOf: - type: object properties: type: type: string example: string multiValued: type: boolean example: false description: type: string example: Identifier of the member of this Group. required: type: boolean example: false caseExact: type: boolean example: false mutability: type: string example: immutable returned: type: string example: default uniqueness: type: string example: none name: type: string example: value - type: object properties: type: type: string example: reference referenceTypes: type: array items: type: string enum: - User - Group example: - User - Group multiValued: type: boolean example: false description: type: string example: The URI corresponding to a SCIM resource that is a member of this Group. required: type: boolean example: false caseExact: type: boolean example: false mutability: type: string example: immutable returned: type: string example: default uniqueness: type: string example: none name: type: string example: $ref - type: object properties: type: type: string example: string multiValued: type: boolean example: false description: type: string example: A label indicating the type of resource, e.g., 'User' or 'Group'. required: type: boolean example: false caseExact: type: boolean example: false canonicalValues: type: array items: type: string example: - User, Group mutability: type: string example: immutable returned: type: string example: default uniqueness: type: string example: none name: type: string example: type meta: type: object properties: resourceType: type: string example: Schema location: type: string format: uri example: https://na1.ironcladapp.com/scim/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:Group CoreUserSchema: type: object properties: id: type: string example: urn:ietf:params:scim:schemas:core:2.0:User name: type: string example: User description: type: string example: User Account attributes: type: array items: anyOf: - type: object properties: type: type: string example: string multiValued: type: boolean example: false description: type: string example: Unique identifier for the User, typically used by the user to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the service provider's entire set of Users. REQUIRED. required: type: boolean example: true caseExact: type: boolean example: false mutability: type: string example: readWrite returned: type: string example: default uniqueness: type: string example: server name: type: string example: userName - type: object properties: type: type: string example: complex multiValued: type: boolean example: false description: type: string example: The components of the user's real name. Providers MAY return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined. required: type: boolean example: false mutability: type: string example: readWrite returned: type: string example: default uniqueness: type: string example: none name: type: string example: name subattributes: type: array items: anyOf: - type: object properties: type: type: string example: string multiValued: type: boolean example: false description: type: string example: The full name, including all middle names, titles, and suffixes as appropriate, formatted for display (e.g., 'Ms. Barbara J Jensen, III'). required: type: boolean example: false caseExact: type: boolean example: false mutability: type: string example: readWrite returned: type: string example: default uniqueness: type: string example: none name: type: string example: formatted - type: object properties: type: type: string example: string multiValued: type: boolean example: false description: type: string example: The family name of the User, or last name in most Western languages (e.g., 'Jensen' given the full name 'Ms. Barbara J Jensen, III'). required: type: boolean example: false caseExact: type: boolean example: false mutability: type: string example: readWrite returned: type: string example: default uniqueness: type: string example: none name: type: string example: familyName - type: object properties: type: type: string example: string multiValued: type: boolean example: false description: type: string example: The given name of the User, or first name in most Western languages (e.g., 'Barbara' given the full name 'Ms. Barbara J Jensen, III'). required: type: boolean example: false caseExact: type: boolean example: false mutability: type: string example: readWrite returned: type: string example: default uniqueness: type: string example: none name: type: string example: givenName - type: object properties: type: type: string example: string multiValued: type: boolean example: false description: type: string example: The name of the User, suitable for display to end-users. The name SHOULD be the full name of the User being described, if known. required: type: boolean example: false caseExact: type: boolean example: false mutability: type: string example: readWrite returned: type: string example: default uniqueness: type: string example: server name: type: string example: displayName - type: object properties: type: type: string example: string multiValued: type: boolean example: false description: type: string example: The casual way to address the user in real life, e.g., 'Bob' or 'Bobby' instead of 'Robert'. This attribute SHOULD NOT be used to represent a User's username (e.g., 'bjensen' or 'mpepperidge'). required: type: boolean example: false caseExact: type: boolean example: false mutability: type: string example: readWrite returned: type: string example: default uniqueness: type: string example: server name: type: string example: nickName - type: object properties: type: type: string example: string multiValued: type: boolean example: false description: type: string example: The user's title, such as "Vice President." required: type: boolean example: false caseExact: type: boolean example: false mutability: type: string example: readWrite returned: type: string example: default uniqueness: type: string example: server name: type: string example: title - type: object properties: type: type: string example: boolean multiValued: type: boolean example: false description: type: string example: A Boolean value indicating the User's administrative status. required: type: boolean example: false mutability: type: string example: readWrite returned: type: string example: default name: type: string example: active - type: object properties: type: type: string example: complex multiValued: type: boolean example: true description: type: string example: Email addresses for the user. The value SHOULD be canonicalized by the service provider, e.g., 'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and 'other'. required: type: boolean example: false mutability: type: string example: readWrite returned: type: string example: default uniqueness: type: string example: none name: type: string example: emails subattributes: type: array items: anyOf: - type: object properties: type: type: string example: string multiValued: type: boolean example: false description: type: string example: Email addresses for the user. The value SHOULD be canonicalized by the service provider, e.g., 'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and 'other'. required: type: boolean example: false caseExact: type: boolean example: false mutability: type: string example: readWrite returned: type: string example: default uniqueness: type: string example: none name: type: string example: value - type: object properties: type: type: string example: string multiValued: type: boolean example: false description: type: string example: A human-readable name, primarily used for display purposes. READ-ONLY. required: type: boolean example: false caseExact: type: boolean example: false mutability: type: string example: readOnly returned: type: string example: default uniqueness: type: string example: none name: type: string example: name - type: object properties: type: type: string example: string multiValued: type: boolean example: false description: type: string example: A label indicating the attribute's function, e.g., 'work' or 'home'. required: type: boolean example: false caseExact: type: boolean example: false canonicalValues: type: array items: type: string example: - work - home - other mutability: type: string example: readWrite returned: type: string example: default uniqueness: type: string example: none name: type: string example: type meta: type: object properties: resourceType: type: string example: Schema location: type: string format: uri example: https://na1.ironcladapp.com/scim/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:User EnterpriseUserSchema: type: object properties: id: type: string example: urn:ietf:params:scim:schemas:extension:enterprise:2.0:User name: type: string example: EnterpriseUser description: type: string example: Enterprise User attributes: type: array items: anyOf: - type: object properties: type: type: string example: string multiValued: type: boolean example: false description: type: string example: Numeric or alphanumeric identifier assigned to a person, typically based on order of hire or association with an organization. required: type: boolean example: false caseExact: type: boolean example: false mutability: type: string example: readWrite returned: type: string example: default uniqueness: type: string example: none mapping: type: object properties: type: type: string example: direct key: type: string example: employeeNumber name: type: string example: employeeNumber - type: object properties: type: type: string example: string multiValued: type: boolean example: false description: type: string example: Identifies the name of a cost center. required: type: boolean example: false caseExact: type: boolean example: false mutability: type: string example: readWrite returned: type: string example: default uniqueness: type: string example: none mapping: type: object properties: type: type: string example: direct key: type: string example: costCenter name: type: string example: costCenter - type: object properties: type: type: string example: string multiValued: type: boolean example: false description: type: string example: Identifies the name of an organization. required: type: boolean example: false caseExact: type: boolean example: false mutability: type: string example: readWrite returned: type: string example: default uniqueness: type: string example: none mapping: type: object properties: type: type: string example: direct key: type: string example: organization name: type: string example: organization - type: object properties: type: type: string example: string multiValued: type: boolean example: false description: type: string example: Identifies the name of a department. required: type: boolean example: false caseExact: type: boolean example: false mutability: type: string example: readWrite returned: type: string example: default uniqueness: type: string example: none mapping: type: object properties: type: type: string example: direct key: type: string example: department name: type: string example: department - type: object properties: type: type: string example: complex multiValued: type: boolean example: false description: type: string example: The User's manager. A complex type that optionally allows service providers to represent organizational hierarchy by referencing the 'id' attribute of another User. required: type: boolean example: false mutability: type: string example: readWrite returned: type: string example: default name: type: string example: manager subattributes: type: array items: anyOf: - type: object properties: type: type: string example: string multiValued: type: boolean example: false description: type: string example: The id of the SCIM resource representing the User's manager. REQUIRED. required: type: boolean example: true caseExact: type: boolean example: false mutability: type: string example: readWrite returned: type: string example: default uniqueness: type: string example: none name: type: string example: value - type: object properties: type: type: string example: reference referenceTypes: type: array items: type: string example: User multiValued: type: boolean example: false description: type: string example: The URI of the SCIM resource representing the User's manager. REQUIRED. required: type: boolean example: true caseExact: type: boolean example: false mutability: type: string example: readWrite returned: type: string example: default uniqueness: type: string example: none name: type: string example: $ref - type: object properties: type: type: string example: string multiValued: type: boolean example: false description: type: string example: The displayName of the User's manager. OPTIONAL and READ-ONLY. required: type: boolean example: false caseExact: type: boolean example: false mutability: type: string example: readOnly returned: type: string example: default uniqueness: type: string example: none mapping: type: object properties: type: type: string example: direct key: type: string example: managerName name: type: string example: displayName meta: type: object properties: resourceType: type: string example: Schema location: type: string format: uri example: https://na1.ironcladapp.com/scim/v2/Schemas/urn:ietf:params:scim:schemas:extension:enterprise:2.0:User IroncladUserSchema: type: object properties: id: type: string example: urn:ietf:params:scim:schemas:extension:ironclad:2.0:User name: type: string example: IroncladUser description: type: string example: Ironclad User attributes: type: array items: type: object properties: type: type: string example: string multiValued: type: boolean example: false description: type: string example: The email address (username) of the user's department head required: type: boolean example: false caseExact: type: boolean example: false mutability: type: string example: readWrite returned: type: string example: default uniqueness: type: string example: none name: type: string example: departmentHead meta: type: object properties: resourceType: type: string example: Schema location: type: string format: uri example: https://na1.ironcladapp.com/scim/v2/Schemas/urn:ietf:params:scim:schemas:extension:ironclad:2.0:User UserResponseObject: type: object required: - schemas - id properties: schemas: type: array items: type: string example: urn:ietf:params:scim:schemas:core:2.0:User userName: type: string description: The email address of the user (e.g., jdoe@acme.com). example: alex.doe@example.com name: type: object description: The first name and last name of the user. properties: givenName: type: string description: The first name of the user. example: Alex familyName: type: string description: The last name of the user. example: Doe title: type: string description: The user's legal title. example: Vice President id: type: string description: The user's unique identifier. example: 6660d37dec0eac3deffb680e emails: type: array description: A list of emails associated with the user. The email with type work and primary flag is typically copied from the main email stored in the userName property. items: type: object properties: value: type: string description: The email address value. example: alex.doe@example.com type: type: string description: The type of email this is. Canonical values include 'work', 'home', and 'other'. example: work primary: type: boolean description: Whether this is the user's primary email address. example: true default: true active: type: boolean description: Whether this user is currently active. Ironclad users do not have the concept of active vs. inactive, and a SCIM User with active set to `false` will be removed from the company. On subsequent reads, inactive users would be not found. example: true default: true urn:ietf:params:scim:schemas:extension:enterprise:2.0:User: type: object description: Enterprise User attributes properties: department: type: string description: Which department the user is a part of. example: Legal urn:ietf:params:scim:schemas:extension:ironclad:2.0:User: type: object description: Ironclad User attributes properties: departmentHead: type: string format: email description: The email address (username) of the user's department head. example: jane.doe@test.com provider: type: string enum: - local - magicLink - saml - google description: The user's authentication method. example: local allowProviderConversion: type: boolean description: Whether the user is allowed to convert from `local` to `google` provider. example: false meta: type: object description: Metadata for the user. properties: resourceType: type: string enum: - User description: 'Type of the SCIM resource. In this case: ''User''.' example: User created: type: string description: When the User was created. example: '2025-03-26T18:33:48.336Z' lastModified: type: string description: When the User was last modified. example: '2025-03-26T18:33:48.336Z' location: type: string format: url description: The URI of the User resource being returned. example: https://na1.ironcladapp.com/scim/v2/Users/67e4488c605caf0d8aa2e5c6 GroupResponseObject: type: object required: - schemas - id properties: schemas: type: array items: type: string example: urn:ietf:params:scim:schemas:core:2.0:Group displayName: type: string description: The name of the group. example: Legal Ops Group id: type: string description: The group's identifier. example: 74906dd6-f2c6-4442-8875-57846f15b061 externalId: type: string description: An optional identifier of the group sourced from the identity provider. example: '123' members: type: array description: The list of users who are members of this group. items: type: object properties: type: type: string enum: - User description: The type of member for this group. This is usually 'User'. example: User value: type: string description: The user's identifier. example: 2bf1bb84-f7ed-4a11-8cbe-138814f9fc21 meta: type: object description: Metadata for the group. properties: resourceType: type: string enum: - Group description: 'Type of the SCIM resource. In this case: ''Group''.' example: Group location: type: string format: https-url description: The URI of the Group resource being returned. example: https://na1.ironcladapp.com/scim/v2/Groups/67e4488c605caf0d8aa2e5c6 parameters: XAsUserEmail: name: x-as-user-email in: header description: Denotes the actor of the request. When used, the API will take into account this user's permissions and access. This or `x-as-user-id` is required when the associated token was produced from the Client Credentials grant or with legacy bearer tokens on select endpoints. More information about [permissions](https://support.ironcladapp.com/hc/en-us/articles/23063233934999-Ironclad-Permissions-Overview). required: false schema: type: string example: jane.doe@test.com XAsUserId: name: x-as-user-id in: header description: Denotes the actor of the request. When used, the API will take into account this user's permissions and access. This or `x-as-user-email` is required when the associated token was produced from the Client Credentials grant or with legacy bearer tokens on select endpoints. More information about [permissions](https://support.ironcladapp.com/hc/en-us/articles/23063233934999-Ironclad-Permissions-Overview). required: false schema: type: string example: 5f0375c4cdc1927a3c5edcd3 ExcludedAttributes: name: excludedAttributes in: query description: A comma-separated list of attributes to exclude from the resources in the response. schema: type: string StartIndex: name: startIndex in: query description: The starting index for retrieving this resource. Resources are indexed based on when they were first added to Ironclad. schema: type: integer format: int32 default: 1 minimum: 1 Count: name: count in: query description: Specifies the maximum number of resources to return in a single page of results. schema: type: integer format: int32 default: 25 minimum: 0 maximum: 1000 UserId: name: userId in: path description: A user's unique id can be identified using the Retrieve all Users endpoint with a filter parameter schema: type: string required: true GroupId: name: groupId in: path description: A group's unique id can be identified using the Retrieve all Groups endpoint with a filter parameter schema: type: string required: true SchemaId: name: schemaId in: path description: A schema's unique id can be identified using the Retrieve all Schemas endpoint schema: type: string required: true requestBodies: UserCreateRequestBody: content: application/json: schema: type: object required: - schemas - userName - name properties: schemas: type: array default: - urn:ietf:params:scim:schemas:core:2.0:User items: type: string userName: type: string description: The email address of the user (e.g., jdoe@acme.com). name: type: object description: The first name and last name of the user. properties: givenName: type: string description: The first name of the user. familyName: type: string description: The last name of the user. title: type: string description: The user's legal title. password: type: string description: "The user's password for username/password type sign in method. Required if there are no SAML\ \ configurations set up for the company. \n\nPassword requirements:\n- 16+ characters \n- At least one lowercase\ \ letter \n- At least one uppercase letter \n- At least one number \n- At least one special character (!\"\ #$%&'()*+,-./:;<=>?@[\\]^_`{|}~)" active: type: boolean description: Whether the user is currently active. Ironclad users cannot be marked as inactive, and will be removed from the company if this is set to false. default: true urn:ietf:params:scim:schemas:extension:enterprise:2.0:User: type: object description: Enterprise User attributes properties: department: type: string description: Which department the user is a part of. example: Legal urn:ietf:params:scim:schemas:extension:ironclad:2.0:User: type: object description: Ironclad User attributes properties: departmentHead: type: string format: email description: The email address (username) of the user's department head. example: jane.doe@test.com allowProviderConversion: type: boolean description: Allow the user to convert from 'local' to 'google' provider. example: false GroupCreateRequestBody: content: application/json: schema: type: object required: - schemas - displayName properties: schemas: type: array default: - urn:ietf:params:scim:schemas:core:2.0:Group items: type: string displayName: type: string description: The name you want to give the group in Ironclad. members: type: array items: properties: value: type: string description: The unique id of the user. User Ids can be found by filtering the Retrieve all Users endpoint. required: - value type: object responses: UserResponse200: description: 200 OK content: application/json: schema: $ref: '#/components/schemas/UserResponseObject' UsersResponse200: description: 200 OK content: application/json: schema: type: object properties: schemas: type: array items: type: string example: urn:ietf:params:scim:api:messages:2.0:ListResponse totalResults: type: integer description: The total number of users that match this filter. This may be larger than the number of users in this page, in which case pagination may be used to retrieve the next page of results. example: 2 default: 0 Resources: type: array description: The current page of user results. items: $ref: '#/components/schemas/UserResponseObject' startIndex: type: integer description: The 1-based index of the first result in the current set of list results. example: 1 default: 0 itemsPerPage: type: integer description: Specifies the maximum number of resources that can be returned in a single page of results. example: 25 default: 0 UserResponse201: description: 201 Created content: application/json: schema: $ref: '#/components/schemas/UserResponseObject' UserResponse204: description: 204 No Content UserResponse400: description: 400 Bad Request content: application/json: schema: type: object properties: schemas: type: array items: type: string example: urn:ietf:params:scim:api:messages:2.0:Error status: type: string description: The HTTP status code expressed as a string. example: '400' scimType: type: string description: The SCIM detail error keyword. example: invalidValue detail: type: string description: A detailed human-readable message. example: 'Invalid value at name.givenName: 123' UserFilterResponse400: description: 400 Bad Request content: application/json: schema: type: object properties: schema: type: array items: type: string example: urn:ietf:params:scim:api:messages:2.0:Error status: type: string description: The HTTP status code expressed as a string. example: '400' scimType: type: string description: The SCIM detail error keyword. example: invalidFilter detail: type: string description: A detailed human-readable message. example: 'No matching schema for attribute: name,lastName' GroupResponse200: description: 200 OK content: application/json: schema: $ref: '#/components/schemas/GroupResponseObject' GroupsResponse200: description: 200 OK content: application/json: schema: type: object properties: schemas: type: array items: type: string example: urn:ietf:params:scim:api:messages:2.0:ListResponse totalResults: type: integer description: The total number of groups that match this filter. This may be larger than the number of groups in this page, in which case pagination may be used to retrieve the next page of results. example: 2 default: 0 Resources: type: array description: The current page of user results. items: $ref: '#/components/schemas/GroupResponseObject' startIndex: type: integer description: The 1-based index of the first result in the current set of list results. example: 1 default: 0 itemsPerPage: type: integer description: Specifies the maximum number of resources that can be returned in a single page of results. example: 25 default: 0 GroupResponse201: description: 201 Created content: application/json: schema: $ref: '#/components/schemas/GroupResponseObject' GroupResponse204: description: 204 No Content GroupResponse400: description: 400 Bad Request content: application/json: schema: type: object properties: schemas: type: array items: type: string example: urn:ietf:params:scim:api:messages:2.0:Error status: type: string description: The HTTP status code expressed as a string. example: '400' scimType: type: string description: The SCIM detail error keyword. example: invalidValue detail: type: string description: A detailed human-readable message. example: 'Invalid value at displayName: 123' GroupFilterResponse400: description: 400 Bad Request content: application/json: schema: type: object properties: schema: type: array items: type: string example: urn:ietf:params:scim:api:messages:2.0:Error status: type: string description: The HTTP status code expressed as a string. example: '400' scimType: type: string description: The SCIM detail error keyword. example: invalidFilter detail: type: string description: A detailed human-readable message. example: 'No matching schema for attribute: legalName' SchemaResponse200: description: 200 OK content: application/json: schema: type: object anyOf: - $ref: '#/components/schemas/GroupSchema' - $ref: '#/components/schemas/CoreUserSchema' - $ref: '#/components/schemas/EnterpriseUserSchema' - $ref: '#/components/schemas/IroncladUserSchema' SchemasResponse200: description: 200 OK content: application/json: schema: type: object properties: schemas: type: array items: type: string example: urn:ietf:params:scim:api:messages:2.0:ListResponse totalResults: type: integer description: Total number of schemas. example: 4 Resources: type: array description: Schema information. items: anyOf: - $ref: '#/components/schemas/GroupSchema' - $ref: '#/components/schemas/CoreUserSchema' - $ref: '#/components/schemas/EnterpriseUserSchema' - $ref: '#/components/schemas/IroncladUserSchema' ForbiddenResponse403: description: 403 Forbidden content: application/json: schema: type: object properties: schemas: type: array items: type: string example: urn:ietf:params:scim:api:messages:2.0:Error status: type: string description: The HTTP status code expressed as a string. example: '403' NotFoundResponse404: description: 404 Not Found content: application/json: schema: type: object properties: schemas: type: array items: type: string example: urn:ietf:params:scim:api:messages:2.0:Error status: type: string description: The HTTP status code expressed as a string. example: '404' detail: type: string description: A detailed human-readable message. example: Resource 6643ce2e22daa40f80025aee not found AlreadyExistsResponse409: description: 409 Conflict content: application/json: schema: type: object properties: schemas: type: array items: type: string example: urn:ietf:params:scim:api:messages:2.0:Error status: type: string description: The HTTP status code expressed as a string. example: '409' ServerErrorResponse500: description: 500 Internal Server Error content: application/json: schema: type: object properties: schemas: type: array items: type: string example: urn:ietf:params:scim:api:messages:2.0:Error status: type: string description: The HTTP status code expressed as a string. example: '500' detail: type: string description: A detailed human-readable message. example: Internal server error securitySchemes: sec0: type: apiKey in: header name: Authorization x-bearer-format: bearer security: - sec0: [] paths: /Users: get: summary: List all Users description: "Documentation on listing Users via SCIM. \n\n**OAuth Scope required:** `scim.users.readUsers`" operationId: retrieve-all-users parameters: - $ref: '#/components/parameters/XAsUserEmail' - $ref: '#/components/parameters/XAsUserId' - $ref: '#/components/parameters/StartIndex' - $ref: '#/components/parameters/Count' - name: filter in: query description: Filters for identifying subsets of users. Filters must comply with the SCIM protocol's convention. For more details, see SCIM [RFC 7644 Section 3.4.2.2](https://datatracker.ietf.org/doc/html/rfc7644#section-3.4.2.2). example: userName eq "alex.doe@example.com" schema: type: string - $ref: '#/components/parameters/ExcludedAttributes' responses: '200': $ref: '#/components/responses/UsersResponse200' '400': $ref: '#/components/responses/UserFilterResponse400' '403': $ref: '#/components/responses/ForbiddenResponse403' '500': $ref: '#/components/responses/ServerErrorResponse500' tags: - Users post: summary: Create a User description: "Documentation on creating a User via SCIM. \n\n**OAuth Scope required:** `scim.users.createUsers`" operationId: create-a-user parameters: - $ref: '#/components/parameters/XAsUserEmail' - $ref: '#/components/parameters/XAsUserId' - $ref: '#/components/parameters/ExcludedAttributes' requestBody: $ref: '#/components/requestBodies/UserCreateRequestBody' responses: '201': $ref: '#/components/responses/UserResponse201' '400': $ref: '#/components/responses/UserResponse400' '403': $ref: '#/components/responses/ForbiddenResponse403' '409': $ref: '#/components/responses/AlreadyExistsResponse409' '500': $ref: '#/components/responses/ServerErrorResponse500' tags: - Users /Users/{userId}: get: summary: Retrieve a User description: "Documentation on accessing User info via SCIM. \n\n**OAuth Scope required:** `scim.users.readUsers`" operationId: retrieve-a-user parameters: - $ref: '#/components/parameters/XAsUserEmail' - $ref: '#/components/parameters/XAsUserId' - $ref: '#/components/parameters/UserId' - $ref: '#/components/parameters/ExcludedAttributes' responses: '200': $ref: '#/components/responses/UserResponse200' '403': $ref: '#/components/responses/ForbiddenResponse403' '404': $ref: '#/components/responses/NotFoundResponse404' '500': $ref: '#/components/responses/ServerErrorResponse500' tags: - Users patch: summary: Update User Data description: "Documentation on updating a User via SCIM. \n\n**OAuth Scope required:** `scim.users.updateUsers`" operationId: update-user-data parameters: - $ref: '#/components/parameters/XAsUserEmail' - $ref: '#/components/parameters/XAsUserId' - $ref: '#/components/parameters/UserId' - $ref: '#/components/parameters/ExcludedAttributes' requestBody: content: application/json: schema: type: object required: - schemas properties: schemas: type: array default: - urn:ietf:params:scim:api:messages:2.0:PatchOp items: type: string Operations: type: array items: properties: op: type: string description: Must be "add", "remove", or "replace" path: type: string description: The path of the attribute that you wish to change (e.g., emails, name.givenName, name.familyName) value: type: string description: The value you wish to use for "add" or "replace" operations. The "remove" operation does not take the "value" parameter. required: - op - path type: object responses: '200': $ref: '#/components/responses/UserResponse200' '400': $ref: '#/components/responses/UserResponse400' '403': $ref: '#/components/responses/ForbiddenResponse403' '404': $ref: '#/components/responses/NotFoundResponse404' '500': $ref: '#/components/responses/ServerErrorResponse500' tags: - Users put: summary: Replace a User description: "Documentation on replacing a User via SCIM. \n\n**OAuth Scope required:** `scim.users.updateUsers`" operationId: replace-a-user parameters: - $ref: '#/components/parameters/XAsUserEmail' - $ref: '#/components/parameters/XAsUserId' - $ref: '#/components/parameters/UserId' - $ref: '#/components/parameters/ExcludedAttributes' requestBody: $ref: '#/components/requestBodies/UserCreateRequestBody' responses: '200': $ref: '#/components/responses/UserResponse200' '400': $ref: '#/components/responses/UserResponse400' '403': $ref: '#/components/responses/ForbiddenResponse403' '404': $ref: '#/components/responses/NotFoundResponse404' '500': $ref: '#/components/responses/ServerErrorResponse500' tags: - Users delete: summary: Delete a User description: "Delete a user on Ironclad. If the deletion is successful, all active workflows associated with the deleted\ \ user should be automatically reassigned to the default user within the admin group. To learn how to set a default\ \ user, see the [Manage Groups](https://support.ironcladapp.com/hc/en-us/articles/12286570480791-Manage-Groups) guide.\ \ \n\n**OAuth Scope required:** `scim.users.deleteUsers`" operationId: delete-a-user parameters: - $ref: '#/components/parameters/XAsUserEmail' - $ref: '#/components/parameters/XAsUserId' - $ref: '#/components/parameters/UserId' responses: '204': $ref: '#/components/responses/UserResponse204' '403': $ref: '#/components/responses/ForbiddenResponse403' '404': $ref: '#/components/responses/NotFoundResponse404' '500': $ref: '#/components/responses/ServerErrorResponse500' tags: - Users /Groups: get: summary: List all Groups description: "Documentation on listing Groups via SCIM. \n\n**OAuth Scope required:** `scim.groups.readGroups`" operationId: retrieve-all-groups parameters: - $ref: '#/components/parameters/XAsUserEmail' - $ref: '#/components/parameters/XAsUserId' - $ref: '#/components/parameters/StartIndex' - $ref: '#/components/parameters/Count' - name: filter in: query description: Filters for identifying subsets of groups. Filters must comply with the SCIM protocol's convention. For more details, see SCIM [RFC 7644 Section 3.4.2.2](https://datatracker.ietf.org/doc/html/rfc7644#section-3.4.2.2). example: displayName eq "Legal Ops Group" schema: type: string - $ref: '#/components/parameters/ExcludedAttributes' responses: '200': $ref: '#/components/responses/GroupsResponse200' '400': $ref: '#/components/responses/GroupFilterResponse400' '403': $ref: '#/components/responses/ForbiddenResponse403' '500': $ref: '#/components/responses/ServerErrorResponse500' tags: - Groups post: summary: Create a Group description: "Documentation on creating a Group via SCIM. \n\n**OAuth Scope required:** `scim.groups.createGroups`" operationId: create-a-group parameters: - $ref: '#/components/parameters/XAsUserEmail' - $ref: '#/components/parameters/XAsUserId' - $ref: '#/components/parameters/ExcludedAttributes' requestBody: $ref: '#/components/requestBodies/GroupCreateRequestBody' responses: '201': $ref: '#/components/responses/GroupResponse201' '400': $ref: '#/components/responses/GroupResponse400' '403': $ref: '#/components/responses/ForbiddenResponse403' '409': $ref: '#/components/responses/AlreadyExistsResponse409' '500': $ref: '#/components/responses/ServerErrorResponse500' tags: - Groups /Groups/{groupId}: get: summary: Retrieve a Group description: "Documentation on accessing a Group via SCIM. \n\n**OAuth Scope required:** `scim.groups.readGroups`" operationId: retrieve-a-group parameters: - $ref: '#/components/parameters/XAsUserEmail' - $ref: '#/components/parameters/XAsUserId' - $ref: '#/components/parameters/GroupId' - $ref: '#/components/parameters/ExcludedAttributes' responses: '200': $ref: '#/components/responses/GroupResponse200' '403': $ref: '#/components/responses/ForbiddenResponse403' '404': $ref: '#/components/responses/NotFoundResponse404' '500': $ref: '#/components/responses/ServerErrorResponse500' tags: - Groups patch: summary: Update a Group description: "Documentation on updating a Group via SCIM. This includes updating group membership. \n\n**OAuth Scope\ \ required:** `scim.groups.updateGroups`" operationId: update-group-membership parameters: - $ref: '#/components/parameters/XAsUserEmail' - $ref: '#/components/parameters/XAsUserId' - $ref: '#/components/parameters/GroupId' - $ref: '#/components/parameters/ExcludedAttributes' requestBody: content: application/json: schema: type: object required: - schemas - Operations properties: schemas: type: array default: - urn:ietf:params:scim:api:messages:2.0:PatchOp items: type: string Operations: type: array description: Operations for updating groups. See snippets below for more details. items: properties: op: type: string description: '"add" or "remove"' path: type: string default: members value: type: array description: An array of User Ids. User Ids can be found by filtering results from the Retrieve all Users endpoint. items: properties: value: type: string description: The unique id of the user. User Ids can be found by filtering the Retrieve all Users endpoint. required: - value type: object required: - op - path type: object responses: '200': $ref: '#/components/responses/GroupResponse200' '204': $ref: '#/components/responses/GroupResponse204' '400': $ref: '#/components/responses/GroupResponse400' '403': $ref: '#/components/responses/ForbiddenResponse403' '404': $ref: '#/components/responses/NotFoundResponse404' '500': $ref: '#/components/responses/ServerErrorResponse500' tags: - Groups put: summary: Replace a Group description: "Documentation on replacing a Group via SCIM. \n\n**OAuth Scope required:** `scim.groups.updateGroups`" operationId: replace-a-group parameters: - $ref: '#/components/parameters/XAsUserEmail' - $ref: '#/components/parameters/XAsUserId' - $ref: '#/components/parameters/GroupId' - $ref: '#/components/parameters/ExcludedAttributes' requestBody: $ref: '#/components/requestBodies/GroupCreateRequestBody' responses: '200': $ref: '#/components/responses/GroupResponse200' '400': $ref: '#/components/responses/GroupResponse400' '403': $ref: '#/components/responses/ForbiddenResponse403' '404': $ref: '#/components/responses/NotFoundResponse404' '500': $ref: '#/components/responses/ServerErrorResponse500' tags: - Groups delete: summary: Delete a Group description: "Documentation on deleting a Group via SCIM. \n\n**OAuth Scope required:** `scim.groups.deleteGroups`" operationId: delete-a-group parameters: - $ref: '#/components/parameters/XAsUserEmail' - $ref: '#/components/parameters/XAsUserId' - $ref: '#/components/parameters/GroupId' responses: '204': $ref: '#/components/responses/GroupResponse204' '403': $ref: '#/components/responses/ForbiddenResponse403' '404': $ref: '#/components/responses/NotFoundResponse404' '500': $ref: '#/components/responses/ServerErrorResponse500' tags: - Groups /Schemas: get: summary: List all Schemas description: "Documentation on listing all Schemas via SCIM. \n\n**OAuth Scope required:** `scim.schemas.readSchemas`" operationId: list-all-schemas parameters: - $ref: '#/components/parameters/XAsUserEmail' - $ref: '#/components/parameters/XAsUserId' responses: '200': $ref: '#/components/responses/SchemasResponse200' '403': $ref: '#/components/responses/ForbiddenResponse403' '500': $ref: '#/components/responses/ServerErrorResponse500' tags: - Schemas /Schemas/{schemaId}: get: summary: Retrieve a Schema description: "Documentation on retrieving a schema via SCIM. \n\n**OAuth Scope required:** `scim.schemas.readSchemas`" operationId: retrieve-a-schema parameters: - $ref: '#/components/parameters/XAsUserEmail' - $ref: '#/components/parameters/XAsUserId' - $ref: '#/components/parameters/SchemaId' responses: '200': $ref: '#/components/responses/SchemaResponse200' '403': $ref: '#/components/responses/ForbiddenResponse403' '404': $ref: '#/components/responses/NotFoundResponse404' '500': $ref: '#/components/responses/ServerErrorResponse500' tags: - Schemas tags: - name: Users description: Documentation on SCIM Users. - name: Groups description: Documentation on SCIM Groups. - name: Schemas description: Documentation on SCIM Schemas. x-readme: headers: [] explorer-enabled: true proxy-enabled: true samples-languages: - curl - node - ruby - javascript - python