Skip to main content
Eptura Knowledge Center

SCIM Provisioning FAQs

  1. Last updated
  2. Save as PDF

Explore the Frequently Asked Questions or if you want an overview, see User Provisioning Overview.

Q. Does on-premises Active Directory work with SCIM API?

No, on-premises Active Directory does not work with SCIM API.

Q. What version of SCIM do you support?

SCIM v2.0

Q. Can a SCIM client be set up to work with two Eptura clients?

No.

Q. Can Eptura clients be set up to accept user imports from two SCIM clients?

No.

Q. Is the Eptura SCIM API a 2-way synchronization of users?

No. Eptura SCIM API is never triggered from within Eptura. Only from the SCIM client.

Q. How frequently does Eptura receive changes via SCIM API?

The period between synchronization and calculating changes in data is entirely dependent on the SCIM client. The client is responsible for reading the current user data by using the GET endpoints. Alternatively, it can save the last sync state and then decide what changes to communicate.

Q. What permissions or secret details are communicated to Eptura by  Microsoft Entra ID?

No Azure AD permission or secret details are communicated to the Eptura SCIM API. The customer’s domain name is needed for verification purposes.

Q. Can I change the field mappings of the supported SCIM fields with those of the Eptura fields?

No. However, the client can change the mapping between their Identity Provider and supported SCIM standard fields. Handling this conversion is the responsibility of the SCIM client.

Q. Can multiple Organizational Units be configured or filtered for SCIM?

No, SCIM does not support organizational units therefore no organization units information is passed to the Eptura SCIM API. However, if your own SCIM compatible client supports it (MS Entra ID does not) you can filter using your own client before passing the information across.

Q. How do we get an access token?

Eptura creates the SCIM-API valid bearer access token that you add to your Microsoft EntraID. Contact Eptura for more information.

Q. How do you check the group membership of a user?

Use ‘Get Group’ by filter with ‘userId’ to return the group a user is a member of.

Q. Can ‘Get Group’ endpoint return the entire member list?

No, the ‘Get group’ endpoint does not return the entire member list.

Q. What filters are supported by the ‘Get Group’ filter endpoint?

The following group attributes are supported by the ‘Get Group’ filter endpoint: ‘groupName’, ‘externalId’, ‘members’, and ‘groupid’.

Q. What filter operators are supported by the ‘Get Group’ filter endpoint?

The following filter operators are supported by the ‘Get Group’ filter endpoints (operator command in brackets): equals (eq), contains (co), starts with (sw), ends with (ew), and not equals (ne). However, the ‘members’ and ‘groupId’ group attributes support only the equals (eq) operator.

Q. What filters are supported by the ‘Get User’ filter endpoint?

The following user attributes are supported by the ‘Get user’ filter endpoint: ‘userName’, ‘firstName’, ‘lastName’, ‘email’, ‘telephone’, ‘mobile’, ‘externalId’, ‘accountactive’, 'created', and 'lastModified'.

Q. What filter operators are supported by the ‘Get User’ filter endpoint?

The following filter operators are supported by the ‘Get User’ filter endpoints (operator command in brackets): equals (eq), contains (co), starts with (sw), ends with (ew), and not equals (ne). However, the ‘accountactive’ user attribute supports only the equals (eq) operator.

Q. What users are returned when ‘Get User’ endpoint is called with no filter?

Only the active users created/merged from SCIM and of the same user type defined in the SCIM client. By default, the tenant setting ‘userType’ is set to Forms users.

Q. Can I delete a user created in the Eptura application?

No. You can only delete users created/merged from SCIM and those of the same user type defined as ‘userType’ tenant setting in the SCIM client. By default, the tenant setting ‘userType’ is set to Forms users.

Q. Can the userName attribute for a user be updated through SCIM?

Yes, if the userName does not already exist in Eptura SCIM can update the user attribute.

Q. Can I filter users by created/last modified date values?

Yes. SCIM allows users to be filtered by date values: 

  • Created date: for example - meta.created gt "2024-05-30"
  • Last modified date: for example – meta.lastModified gt "2024-05-30"

Q. How many group members can be provisioned in a single request?

Currently, we support passing a maximum of 100 members (users) in a single Group post/patch/put call.