SCIM Provisioning
Automatic user provisioning and deprovisioning from your identity provider.
Setup
- In NOBA Settings → SCIM: click Generate Token, copy the token and SCIM Base URL.
- In your IdP, configure SCIM 2.0: paste the base URL and token, map
userName → username,emails → email. - Test the connection and enable provisioning.
Supported Operations
| Operation | Endpoint | Description |
|---|---|---|
| Create user | POST /Users | Provision new user |
| Update user | PATCH /Users/{id} | Update attributes (role, active status) |
| Delete user | DELETE /Users/{id} | Soft-delete with grace period |
| List users | GET /Users | All users with optional filter |
| Bulk operations | POST /Bulk | Batch create/update/delete (RFC 7644 §3.7) |
Safety Features
- Soft-delete: All deletes are soft with configurable grace period (default 30 days)
- Dry-run mode:
POST /Bulk?dry_run=truereturns diff without executing - Rate limiting: Max 50 SCIM deletes per rolling hour
- Two-step confirmation: Mass deletes require server-generated one-time token
- Restore endpoint:
POST /DeletedUsers/{id}/restore - Seat limit enforcement: Respects license seat limits