SCIM API

The SCIM API allows for the managing of groups and users within the Celonis Platform. The SCIM API is a well-documented standard, with most resources mentioned on simplecloud.info. The SCIM API provides a common user schema and a method for automating the exchange of user identity information.

NOTE: ALL SCIM OPERATIONS ARE SCOPED TO A TEAM. CHANGES TO A USER IN ONE TEAM DO NOT AFFECT ANY OTHER MEMBERSHIPS FOR THAT USER.

Use Cases

The SCIM API can be used to:

Manage user identities across cloud-based applications such as your source identity system and your Celonis Platform team.
Integrate Identity Providers / Managers such as Active Directory and Okta to the Celonis Platform in order to automatically provision and manage Celonis users and groups.

Authentication

The SCIM API supports the OAuth method of authentication:

OAuth 2.0 token with a scope platform-adoption.tracking-events:read, passed in an HTTP header like this: Authorization: Bearer TOKEN .

NOTE: If you are using Azure with SCIM using OAuth in Celonis, then you will need to enter your OAuth scope in the Token Endpoint field in Azure. Your Token Endpoint field in Azure will then look like this:

Copy

Copied

[https://[TEAM].[REALM].cloud/oauth2/token?scope=user-provisioning.scim]

See this help page for more information on how to use OAuth 2.0.