Overview and Setup
This feature is available for Enterprise deployments only. If you’d like to get started, please contact support@loginid.io for further details.
The System for Cross-domain Identity Management (SCIM) 2.0 is an open standard (RFCs 7643 and 7644) that automates user and group management across systems.
LoginID supports a subset of the SCIM 2.0 protocol, enabling provisioning, deprovisioning, and profile updates through your identity provider (such as Okta).
The following categories of operations are supported:
| Category | Description |
|---|---|
| User Management | Covers user accounts, including creation, retrieval, modification, and removal. |
| Group Management | Manage groups and their membership, including creating, listing, updating, and deleting groups. |
| Service Metadata & Discovery | Enables retrieval of details such as supported schemas, resource types, and provider configuration. |
Current Limitations
At this time, LoginID’s SCIM 2.0 implementation does not support SCIM 2.0 extensions. The API provides only the core capabilities for provisioning users and managing groups.
Authentication and Access
LoginID’s SCIM 2.0 API uses Basic authentication. Each request must include an Authorization header containing your API key,
encoded in Base64, as credentials.
The remaining sections will go over the setup.
Get Your Base URL
Your base URL is the endpoint used to interact with the LoginID SCIM 2.0 API. You can find it by navigating to your organization security settings.
The base URL will be displayed here. You’ll need this value in all SCIM requests, replacing ${LOGINID_BASE_URL} in the examples
provided.
Get Your API Key
To authenticate with the SCIM 2.0 API, you’ll need an API key. You can create and manage keys from the same location:
- Click Create New API Key.
- Your API key will be generated with the required scopes:
profile:readprofile:write
These permissions are mandatory for SCIM provisioning. Once created:
- Store your API key securely.
- Encode the API key using Base64. The encoded value will be used in the
Authorizationheader of your SCIM requests.
Example Requests
- Curl
- Nodejs
curl -X GET "${LOGINID_BASE_URL}/fido2/v2/scim/v2/Users" \
-H "Content-Type: application/json" \
-u $LOGINID_API_KEY: # Will set authorization header to basic.
const LOGINID_BASE_URL = process.env.LOGINID_BASE_URL;
const LOGINID_API_KEY = process.env.LOGINID_API_KEY;
export const requestExternalAuthToken = async () => {
const basicToken = Buffer.from(`${LOGINID_API_KEY}:`).toString("base64");
const res = await fetch(`${LOGINID_BASE_URL}/fido2/v2/scim/v2/Users`, {
method: "GET",
headers: {
"Content-Type": "application/json",
Authorization: `Basic ${basicToken}`,
},
});
const data = await res.json();
if (!res.ok) {
throw new Error(data.message || data.msg);
}
return data;
};
Verifying Setup
You can test your setup by running the request above. If the response returns an empty list, it means your SCIM 2.0 integration with LoginID is correctly configured.
Group Management with LoginID Dashboard
The Groups tab allows admins to manage application-level groups, assign other admins, and remove obsolete groups.
Only dashboard admins with the role admin may have access to group management via the dashboard UI.
This feature provides a way for dashboard admins to manage groups for each LoginID application directly from the dashboard, without needing to interact with the SCIM 2.0 API.
