SCIM API
Introduced in GitLab 15.5.
GitLab provides an SCIM API that both implements the RFC7644 protocol and provides the /Users endpoint. The base URL is /api/scim/v2/groups/:group_path/Users/.
To use this API, Group SSO must be enabled for the group. This API is only in use where SCIM for Group SSO is enabled. It’s a prerequisite to the creation of SCIM identities.
Not to be confused with the internal group SCIM API.
Get SCIM identities for a group
Introduced in GitLab 15.5.
GET /groups/:id/scim/identities Supported attributes:
| Attribute | Type | Required | Description |
|---|---|---|---|
id | integer | Yes | Return SCIM identities for the given group ID. |
If successful, returns 200 and the following response attributes:
| Attribute | Type | Description |
|---|---|---|
extern_uid | string | External UID for the user |
user_id | integer | ID for the user |
active | boolean | Status of the identity |
Example response:
[ { "extern_uid": "4", "user_id": 48, "active": true } ] Example request:
curl --location --request GET "https://gitlab.example.com/api/v4/groups/33/scim/identities" \ --header "PRIVATE-TOKEN: <PRIVATE-TOKEN>" Update extern_uid field for a SCIM identity
Introduced in GitLab 15.5.
Fields that can be updated are:
| SCIM/IdP field | GitLab field |
|---|---|
id/externalId | extern_uid |
PATCH /groups/:groups_id/scim/:uid Parameters:
| Attribute | Type | Required | Description |
|---|---|---|---|
uid | string | yes | External UID of the user. |
Example request:
curl --location --request PATCH "https://gitlab.example.com/api/v4/groups/33/scim/sydney_jones" \ --header "PRIVATE-TOKEN: <PRIVATE TOKEN>" \ --form "extern_uid=sydney_jones_new"