# Scim Configurations ## CreateSCIMConfiguration **post** `/gitpod.v1.OrganizationService/CreateSCIMConfiguration` Creates a new SCIM configuration for automated user provisioning. Use this method to: - Set up SCIM 2.0 provisioning from an identity provider - Generate a bearer token for SCIM API authentication - Link SCIM provisioning to an existing SSO configuration ### Examples - Create basic SCIM configuration: Creates a SCIM configuration linked to an SSO provider with default 1 year token expiration. ```yaml organizationId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047" ssoConfigurationId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" ``` - Create SCIM configuration with custom token expiration: Creates a SCIM configuration with a 90-day token expiration. ```yaml organizationId: "b0e12f6c-4c67-429d-a4a6-d9838b5da047" ssoConfigurationId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" tokenExpiresIn: "7776000s" ``` ### Body Parameters - `organizationId: string` organization_id is the ID of the organization to create the SCIM configuration for - `ssoConfigurationId: string` sso_configuration_id is the SSO configuration to link (required for user provisioning) - `name: optional string` name is a human-readable name for the SCIM configuration - `tokenExpiresIn: optional string` token_expires_in is the duration until the token expires. Defaults to 1 year. Minimum 1 day, maximum 2 years. ### Returns - `token: string` token is the bearer token for SCIM API authentication. This is only returned once during creation - store it securely. - `scimConfiguration: ScimConfiguration` scim_configuration is the created SCIM configuration - `id: string` id is the unique identifier of the SCIM configuration - `createdAt: string` created_at is when the SCIM configuration was created - `organizationId: string` organization_id is the ID of the organization this SCIM configuration belongs to - `tokenExpiresAt: string` token_expires_at is when the current SCIM token expires - `updatedAt: string` updated_at is when the SCIM configuration was last updated - `enabled: optional boolean` enabled indicates if SCIM provisioning is active - `name: optional string` name is a human-readable name for the SCIM configuration - `ssoConfigurationId: optional string` sso_configuration_id is the linked SSO configuration (optional) - `tokenExpiresAt: string` token_expires_at is when the token will expire ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.OrganizationService/CreateSCIMConfiguration \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{ "organizationId": "b0e12f6c-4c67-429d-a4a6-d9838b5da047", "ssoConfigurationId": "d2c94c27-3b76-4a42-b88c-95a85e392c68" }' ``` #### Response ```json { "token": "token", "scimConfiguration": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "createdAt": "2019-12-27T18:11:19.117Z", "organizationId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "tokenExpiresAt": "2019-12-27T18:11:19.117Z", "updatedAt": "2019-12-27T18:11:19.117Z", "enabled": true, "name": "name", "ssoConfigurationId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e" }, "tokenExpiresAt": "2019-12-27T18:11:19.117Z" } ``` ## DeleteSCIMConfiguration **post** `/gitpod.v1.OrganizationService/DeleteSCIMConfiguration` Removes a SCIM configuration from an organization. Use this method to: - Disable SCIM provisioning completely - Remove unused configurations - Clean up after migration ### Examples - Delete SCIM configuration: Removes a specific SCIM configuration. ```yaml scimConfigurationId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" ``` ### Body Parameters - `scimConfigurationId: string` scim_configuration_id is the ID of the SCIM configuration to delete ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.OrganizationService/DeleteSCIMConfiguration \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{ "scimConfigurationId": "d2c94c27-3b76-4a42-b88c-95a85e392c68" }' ``` #### Response ```json {} ``` ## ListSCIMConfigurations **post** `/gitpod.v1.OrganizationService/ListSCIMConfigurations` Lists SCIM configurations for an organization. Use this method to: - View all SCIM configurations - Monitor provisioning status - Audit SCIM settings ### Examples - List SCIM configurations: Shows all SCIM configurations for an organization. ```yaml pagination: pageSize: 20 ``` ### Query Parameters - `token: optional string` - `pageSize: optional number` ### Body Parameters - `pagination: optional object { token, pageSize }` - `token: optional string` Token for the next set of results that was returned as next_token of a PaginationResponse - `pageSize: optional number` Page size is the maximum number of results to retrieve per page. Defaults to 25. Maximum 100. ### Returns - `pagination: object { nextToken }` - `nextToken: optional string` Token passed for retrieving the next set of results. Empty if there are no more results - `scimConfigurations: optional array of ScimConfiguration` scim_configurations are the SCIM configurations for the organization - `id: string` id is the unique identifier of the SCIM configuration - `createdAt: string` created_at is when the SCIM configuration was created - `organizationId: string` organization_id is the ID of the organization this SCIM configuration belongs to - `tokenExpiresAt: string` token_expires_at is when the current SCIM token expires - `updatedAt: string` updated_at is when the SCIM configuration was last updated - `enabled: optional boolean` enabled indicates if SCIM provisioning is active - `name: optional string` name is a human-readable name for the SCIM configuration - `ssoConfigurationId: optional string` sso_configuration_id is the linked SSO configuration (optional) ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.OrganizationService/ListSCIMConfigurations \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{}' ``` #### Response ```json { "pagination": { "nextToken": "nextToken" }, "scimConfigurations": [ { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "createdAt": "2019-12-27T18:11:19.117Z", "organizationId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "tokenExpiresAt": "2019-12-27T18:11:19.117Z", "updatedAt": "2019-12-27T18:11:19.117Z", "enabled": true, "name": "name", "ssoConfigurationId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e" } ] } ``` ## RegenerateSCIMToken **post** `/gitpod.v1.OrganizationService/RegenerateSCIMToken` Regenerates the bearer token for a SCIM configuration. Use this method to: - Rotate SCIM credentials - Recover from token compromise - Update IdP configuration ### Examples - Regenerate token: Creates a new bearer token with the same expiration duration as the previous token. ```yaml scimConfigurationId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" ``` - Regenerate token with new expiration: Creates a new bearer token with a custom 180-day expiration. ```yaml scimConfigurationId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" tokenExpiresIn: "15552000s" ``` ### Body Parameters - `scimConfigurationId: string` scim_configuration_id is the ID of the SCIM configuration to regenerate token for - `tokenExpiresIn: optional string` token_expires_in is the duration until the new token expires. If not specified, uses the same duration as the previous token. ### Returns - `token: string` token is the new bearer token for SCIM API authentication. This invalidates the previous token - store it securely. - `tokenExpiresAt: string` token_expires_at is when the new token will expire ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.OrganizationService/RegenerateSCIMToken \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{ "scimConfigurationId": "d2c94c27-3b76-4a42-b88c-95a85e392c68" }' ``` #### Response ```json { "token": "token", "tokenExpiresAt": "2019-12-27T18:11:19.117Z" } ``` ## GetSCIMConfiguration **post** `/gitpod.v1.OrganizationService/GetSCIMConfiguration` Retrieves a specific SCIM configuration. Use this method to: - View SCIM configuration details - Check if SCIM is enabled - Verify SSO linkage ### Examples - Get SCIM configuration: Retrieves details of a specific SCIM configuration. ```yaml scimConfigurationId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" ``` ### Body Parameters - `scimConfigurationId: string` scim_configuration_id is the ID of the SCIM configuration to get ### Returns - `scimConfiguration: ScimConfiguration` scim_configuration is the SCIM configuration identified by the ID - `id: string` id is the unique identifier of the SCIM configuration - `createdAt: string` created_at is when the SCIM configuration was created - `organizationId: string` organization_id is the ID of the organization this SCIM configuration belongs to - `tokenExpiresAt: string` token_expires_at is when the current SCIM token expires - `updatedAt: string` updated_at is when the SCIM configuration was last updated - `enabled: optional boolean` enabled indicates if SCIM provisioning is active - `name: optional string` name is a human-readable name for the SCIM configuration - `ssoConfigurationId: optional string` sso_configuration_id is the linked SSO configuration (optional) ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.OrganizationService/GetSCIMConfiguration \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{ "scimConfigurationId": "d2c94c27-3b76-4a42-b88c-95a85e392c68" }' ``` #### Response ```json { "scimConfiguration": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "createdAt": "2019-12-27T18:11:19.117Z", "organizationId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "tokenExpiresAt": "2019-12-27T18:11:19.117Z", "updatedAt": "2019-12-27T18:11:19.117Z", "enabled": true, "name": "name", "ssoConfigurationId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e" } } ``` ## UpdateSCIMConfiguration **post** `/gitpod.v1.OrganizationService/UpdateSCIMConfiguration` Updates a SCIM configuration. Use this method to: - Enable or disable SCIM provisioning - Link or unlink SSO configuration - Update configuration name ### Examples - Disable SCIM: Disables SCIM provisioning. ```yaml scimConfigurationId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" enabled: false ``` - Link to SSO: Links SCIM configuration to an SSO provider. ```yaml scimConfigurationId: "d2c94c27-3b76-4a42-b88c-95a85e392c68" ssoConfigurationId: "f53d2330-3795-4c5d-a1f3-453121af9c60" ``` ### Body Parameters - `scimConfigurationId: string` scim_configuration_id is the ID of the SCIM configuration to update - `enabled: optional boolean` enabled controls whether SCIM provisioning is active - `name: optional string` name is a human-readable name for the SCIM configuration - `ssoConfigurationId: optional string` sso_configuration_id is the SSO configuration to link ### Returns - `scimConfiguration: ScimConfiguration` scim_configuration is the updated SCIM configuration - `id: string` id is the unique identifier of the SCIM configuration - `createdAt: string` created_at is when the SCIM configuration was created - `organizationId: string` organization_id is the ID of the organization this SCIM configuration belongs to - `tokenExpiresAt: string` token_expires_at is when the current SCIM token expires - `updatedAt: string` updated_at is when the SCIM configuration was last updated - `enabled: optional boolean` enabled indicates if SCIM provisioning is active - `name: optional string` name is a human-readable name for the SCIM configuration - `ssoConfigurationId: optional string` sso_configuration_id is the linked SSO configuration (optional) ### Example ```http curl https://app.gitpod.io/api/gitpod.v1.OrganizationService/UpdateSCIMConfiguration \ -H 'Content-Type: application/json' \ -H "Authorization: Bearer $GITPOD_API_KEY" \ -d '{ "scimConfigurationId": "d2c94c27-3b76-4a42-b88c-95a85e392c68" }' ``` #### Response ```json { "scimConfiguration": { "id": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "createdAt": "2019-12-27T18:11:19.117Z", "organizationId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e", "tokenExpiresAt": "2019-12-27T18:11:19.117Z", "updatedAt": "2019-12-27T18:11:19.117Z", "enabled": true, "name": "name", "ssoConfigurationId": "182bd5e5-6e1a-4fe4-a799-aa6d9a6ab26e" } } ``` ## Domain Types ### Scim Configuration - `ScimConfiguration object { id, createdAt, organizationId, 5 more }` SCIMConfiguration represents a SCIM 2.0 provisioning configuration - `id: string` id is the unique identifier of the SCIM configuration - `createdAt: string` created_at is when the SCIM configuration was created - `organizationId: string` organization_id is the ID of the organization this SCIM configuration belongs to - `tokenExpiresAt: string` token_expires_at is when the current SCIM token expires - `updatedAt: string` updated_at is when the SCIM configuration was last updated - `enabled: optional boolean` enabled indicates if SCIM provisioning is active - `name: optional string` name is a human-readable name for the SCIM configuration - `ssoConfigurationId: optional string` sso_configuration_id is the linked SSO configuration (optional) ### Scim Configuration Create Response - `ScimConfigurationCreateResponse object { token, scimConfiguration, tokenExpiresAt }` - `token: string` token is the bearer token for SCIM API authentication. This is only returned once during creation - store it securely. - `scimConfiguration: ScimConfiguration` scim_configuration is the created SCIM configuration - `id: string` id is the unique identifier of the SCIM configuration - `createdAt: string` created_at is when the SCIM configuration was created - `organizationId: string` organization_id is the ID of the organization this SCIM configuration belongs to - `tokenExpiresAt: string` token_expires_at is when the current SCIM token expires - `updatedAt: string` updated_at is when the SCIM configuration was last updated - `enabled: optional boolean` enabled indicates if SCIM provisioning is active - `name: optional string` name is a human-readable name for the SCIM configuration - `ssoConfigurationId: optional string` sso_configuration_id is the linked SSO configuration (optional) - `tokenExpiresAt: string` token_expires_at is when the token will expire ### Scim Configuration Delete Response - `ScimConfigurationDeleteResponse = unknown` ### Scim Configuration Regenerate Token Response - `ScimConfigurationRegenerateTokenResponse object { token, tokenExpiresAt }` - `token: string` token is the new bearer token for SCIM API authentication. This invalidates the previous token - store it securely. - `tokenExpiresAt: string` token_expires_at is when the new token will expire ### Scim Configuration Retrieve Response - `ScimConfigurationRetrieveResponse object { scimConfiguration }` - `scimConfiguration: ScimConfiguration` scim_configuration is the SCIM configuration identified by the ID - `id: string` id is the unique identifier of the SCIM configuration - `createdAt: string` created_at is when the SCIM configuration was created - `organizationId: string` organization_id is the ID of the organization this SCIM configuration belongs to - `tokenExpiresAt: string` token_expires_at is when the current SCIM token expires - `updatedAt: string` updated_at is when the SCIM configuration was last updated - `enabled: optional boolean` enabled indicates if SCIM provisioning is active - `name: optional string` name is a human-readable name for the SCIM configuration - `ssoConfigurationId: optional string` sso_configuration_id is the linked SSO configuration (optional) ### Scim Configuration Update Response - `ScimConfigurationUpdateResponse object { scimConfiguration }` - `scimConfiguration: ScimConfiguration` scim_configuration is the updated SCIM configuration - `id: string` id is the unique identifier of the SCIM configuration - `createdAt: string` created_at is when the SCIM configuration was created - `organizationId: string` organization_id is the ID of the organization this SCIM configuration belongs to - `tokenExpiresAt: string` token_expires_at is when the current SCIM token expires - `updatedAt: string` updated_at is when the SCIM configuration was last updated - `enabled: optional boolean` enabled indicates if SCIM provisioning is active - `name: optional string` name is a human-readable name for the SCIM configuration - `ssoConfigurationId: optional string` sso_configuration_id is the linked SSO configuration (optional)