Learn
Help
Updates

Go to app
Log inGet Dovetail free

Product

PlatformProjectsChannelsAsk DovetailRecruitIntegrationsEnterpriseMagicAnalysisInsightsPricingRoadmap

Company

About us
Careers15
Legal

© Dovetail Research Pty. Ltd.

TermsPrivacy Policy
Help centerEnterprise admin

SCIM API

Last updated17 October 2023
Read time3 min

When SCIM is provisioned with your identity provider, users in your workspace can be automatically provisioned, managed, and deactivated.

Note: Dovetail implements SCIM 2.0 as specified in the RFC documents from the Internet Engineering Task Force:

  • Definitions, Overview, Concepts, and Requirements: RFC 7642

  • Core Schema: RFC 7643

  • Protocol: RFC 7644


Contents


Enterprise only

This feature is only available on our enterprise plan. Enterprise workspaces come with additional features and support to meet your organization’s needs. Check out our pricing page for more information on enterprise.

Pricing page

What can you do with Dovetail's SCIM API

  • Push New Users → New users created through your identity provider will also be created in Dovetail.

  • Push Profile Updates → Updates made to the user’s profile through your identity provider will be pushed to Dovetail.

  • Push New Groups → New user groups created through your identity provider will also be created in Dovetail.

  • Push User Deactivation → Deactivating the user or deleting the user will deactivate the user in Dovetail.

  • Reactivate Users → Reactivated users are also reactivated in Dovetail.

Supported identity providers

We currently support Okta, but we’re working on adding more identity providers soon. Please contact us to integrate with your identity provider.

Users

User attributes

All attributes are in the "urn:ietf:params:scim:schemas:core:2.0:User" namespace

AttributeSCIM namespaceSCIM attributeTypeRequiredDescription
Emailurn:ietf:params:scim:schemas:core:2.0:UseruserNameemailyesUser email
Activeurn:ietf:params:scim:schemas:core:2.0:UseractivebooleanyesDetermines whether or not this user can log in to Dovetail
Full nameurn:ietf:params:scim:schemas:core:2.0:UserdisplayNamestring (max length 100 characters)noName displayed in Dovetail
Roleurn:ietf:params:scim:schemas:core:2.0:Userrole“MANAGER” or “CONTRIBUTOR” or “VIEWER”noSets the Dovetail role
Workspace adminurn:ietf:params:scim:schemas:extension:dovetail:2.0:UserworkspaceAdminbooleannoSet Dovetail workspace admin

User methods

  • GET /Users

    • Returns a paginated list of users.

    • You can paginate using the startIndex and count parameters.

    • You can filter results with the filter parameter. Valid attributes to filter are displayName and userName using eq and and.

  • POST /Users

    • Create a new user in your workspace.

    • Required attributes are userName and active.

Groups

Group attributes

AttributeSCIM namespaceSCIM attributeDescription
Nameurn:ietf:params:scim:schemas:core:2.0:GroupdisplayNameName of the user group. Required
Membersurn:ietf:params:scim:schemas:core:2.0:GroupmembersList of Dovetail users in the group.

Group methods

  • GET /Groups

    • Returns a paginated list of user groups.

    • You can paginate using the startIndex and count parameters.

    • You can filter results with the filter parameter. Valid attributes to filter are displayName using eq.

  • POST /Groups

    • Create a new user group in your workspace.

    • Required attributes are displayName.

  • PATCH /Groups/<id>

    • Update an existing user group.

    • We only support adding members to a group via the Dovetail user ID.

{ "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"], "Operations": [ { "op": "add", "path": "members", "value": [ { "value": <dovetail_user_id> } ] } ]}

Automate and manage provisioning with Okta

Before you start

Ensure that you have configured Okta as your identity provider before configuring SCIM provisioning.

Configure Okta SSO

Configure SCIM provisioning in Okta

  1. Open the Dovetail app you’ve set up in Okta and navigate to Provisioning.

  2. Under Integration, click Configure API integration, check Enable API integration, and click Authenticate with Dovetail. Ensure you are logged in to Dovetail as a workspace admin.

  3. From within the pop-up window, select your Dovetail workspace and click Allow. Once you are directed back to Okta, click Save.

  4. Under To app, click Edit and enable your preferred features: Create users, Update user attributes, or Deactivate users. Click Save.

  5. Navigate to the Sign On tab, and ensure that the Application username format is set to Email.

Provision users from Okta

To provision users in Dovetail from Okta, complete these steps:

  1. Navigate to the Assignments tab.

  2. Click Assign, then Assign to People, or Assign to Groups.

  3. Select a user or a group, and assign a Dovetail role and Dovetail workspace admin from the relevant fields. Click Save.

Your users in Okta have now been provisioned in your Dovetail workspace. If a user is deactivated in Okta, their Dovetail account will also be deactivated and they will lose access to your workspace.

Note: If you do not already have a group in Okta that you’d like to link or push to a user group in Dovetail, navigate to Directory > Groups > Add Group.

To link a user group in Dovetail with a group in Okta, complete these steps:

  1. Navigate to the Push Groups tab.

  2. Click Push Group and enter the name of the group.

  3. Click Push Groups, and find your group by name, or by rule.

  4. If you have an existing user group in Dovetail you would like to link this group to, select Link Group and enter the name of the user group in Dovetail. If you would like to create a new user group, select Create Group, and click Save.

Your group in Okta and your user group in Dovetail are now linked. Any users you add to the group in Okta who are also assigned to your Dovetail application will be added to the group in Dovetail.

FAQs


We would like to use SCIM but our identity provider isn't supported. Is there a way we can still configure this for our workspace?

Yes, we may be able to help integrate with your identity provider. Reach out to us and our team can help set this up for your workspace.

Give us feedback

Was this article useful?

Log in or sign up

Get started for free


or


By clicking “Continue with Google / Email” you agree to our User Terms of Service and Privacy Policy