# SCIM API

The SCIM API allows for the managing of groups and users within the Celonis Platform. The SCIM API is a well-documented standard, with most resources mentioned on [simplecloud.info](https://simplecloud.info). The SCIM API provides a common user schema and a method for automating the exchange of user identity information.

Important
All SCIM operations are scoped to a team. Changes to a user in one team do not affect any other memberships for that user.

## Base URL

The base URL for the SCIM API is:

* https://**your-team**.celonis.cloud/api/user-provisioning


Replace **your-team** with the name of your Celonis instance to access the SCIM API.

## Use Cases

The SCIM API can be used to:

* Manage user identities across cloud-based applications such as your source identity system and your Celonis Platform team.
* Integrate Identity Providers / Managers such as Active Directory and Okta to the Celonis Platform in order to automatically provision and manage Celonis users and groups.


## Authentication

The SCIM API supports the OAuth method of authentication:

* OAuth 2.0 token with a scope `user-provisioning.scim`, passed in an HTTP header like this: `Authorization: Bearer TOKEN`.
If you are using Azure with SCIM using OAuth in Celonis, then you will need to enter your OAuth scope in the **Token Endpoint** field in Azure. Your Token Endpoint field in Azure will then look like this:

```
[https://[TEAM].[REALM].celonis.cloud/oauth2/token?scope=user-provisioning.scim]
```


See [this help page](https://docs.celonis.com/en/using-oauth-2-0.html) for more information on how to use OAuth 2.0.