SendSafely

Articles in this section

See more

SAML SSO SCIM Provisioning

Follow

Overview

The SendSafely REST API exposes three SCIM endpoints:

You can query these endpoints in a script or via a program Postman to programmatically retrieve, add, and remove users to your SendSafely portal via SCIM.

If you're using Okta, follow this article instead.

Note: the SCIM endpoints of our REST API collection use a separate authentication scheme from the other endpoints in the collection. Required variables for this authentication include the baseSCIMUrl, which will follow the format https://yourcompany.sendsafely.com/scim/v2, and a SCIMUsername and SCIMPasword, which you'll generate in the Prerequisite steps that follow.

Prerequisites

SAML SSO SCIM Provisioning for SendSafely requires the following:

  • Setup Single Sign-On (SSO) with SAML in your SendSafely portal.
  • Create a SendSafely Service Account with administrative privileges to perform all provisioning actions from Okta. Follow these steps:
    • First, create a Service Account.
    • Next, promote that Service Account to Admin by having another Admin click the checkbox beside its name in the Users tab of the Enterprise Console.

Screenshot 2024-12-05 at 3.12.19 PM.png

    • Then, impersonate the new Administrator Service Account by clicking the icon with three dots and selecting Profile.
    • Select API Keys. Generate a new API Access Key.
    • Click the link that reads, "Click here if you would like to use this API key for SCIM authentication" (Fig. 1). This will display the SCIM API Username and SCIM API Password required for configuring the SCIM API integration (Fig. 2). Note that the SCIM API Password will only be displayed once, when generated. 
    • This SCIM API Username and SCIM API Password will be required for any programmatic SCIM workflows, so store them somewhere safe, such as your Password Manager.

Figure 1.

Screenshot 2024-12-05 at 4.13.36 PM.png

Figure 2.

SCIM_2.png

 

Querying the SCIM Endpoints

Now that you've got your SCIMUsername, SCIMPassword, and baseSCIMURL, you can include those as needed in any SCIM script you write that queries the relevant endpoints in the SendSafely REST API.

If you're querying those endpoints via Postman, you'll fill in the corresponding collection variables like so:

Screenshot 2024-12-06 at 4.30.20 PM.png

Related articles

Comments

0 comments

Please sign in to leave a comment.