Credo AI SCIM 2.0 APIs
      Back to home
      1. Knowledge Center
      2. API Documentation
      3. Credo AI SCIM 2.0 APIs

      Credo AI SCIM 2.0 APIs

      Introduction

      This guide explains how to integrate your Identity Provider (IdP)—such as Okta or Azure AD—with Credo AI using the SCIM 2.0 protocol. This enables automated provisioning and de-provisioning of users and groups, ensuring your identity management processes remain efficient, secure, and enterprise-grade.

      Credo AI’s SCIM v2.0 APIs allow our customers to:

      • Automatically provision and deprovision users
      • Sync team (group) membership
      • Reduce manual overhead and human error
      • Comply with enterprise identity governance standards

      Note: Customers must have their SCIM API entitlement turned on for accessing these APIs. Please contact your Credo AI customer success representative for more information on SCIM API entitlement.

      Getting Started

      • Generate your SCIM token via tenant settings.
      • Configure your IdP (e.g., Okta or Azure AD) with:
        • SCIM base URL: https://${Credo AI app url}/scim/v2/${tenant}
        • Bearer token: (as generated)
      • Use our API documentation to test provisioning and de-provisioning workflows.

      SCIM API Token

      All SCIM API requests must include a SCIM bearer token.

      Supported Operations

      Endpoint

      Operation

      POST /api/v2/${tenant}/tenant_info/scim_token

      Generate or rotate a static bearer token to be used with the SCIM API.

      GET /api/v2/${tenant}/tenant_info

      Retrieves updated tenant's information including whether SCIM API token is active and when it was last used.

      PATCH /api/v2/${tenant}/tenant_info

      Allow user to disable or enable the SCIM token.


      SCIM API tokens can also be manually generated by visiting Settings -> Information section of Credo AI user interface as shown below. Click on “Generate Token” to generate a new token. Use the “Enable SCIM Token” toggle to enable or disable this token.

      Supported SCIM Fields

      Credo AI supports the following SCIM fields for Users and Groups, aligned with the SCIM 2.0 specification.

      User Resource

      Each user is mapped to the SCIM User schema with the following fields:

        • schemas: Fixed value ["urn:ietf:params:scim:schemas:core:2.0:User"].
        • meta.resourceType: Always "User".
        • meta.location: The URL to access the user resource.
        • id: The internal user ID.
        • userName: The user's email address.
        • externalId: An external identifier, if provided.
        • active: Boolean indicating if the user is active.
        • emails: Primary email in the format: { "value": email, "primary": true }.
        • Name:

          • givenName: First name

          • familyName: Last name
        • nickName: Nickname or preferred name.
        • photos: Profile photo URL, with type "photo". The URL must be accessible from your Credo AI instance.

      ​​Group Resource

      Each team is mapped to the SCIM Group schema with the following fields:

      • schemas: Fixed value ["urn:ietf:params:scim:schemas:core:2.0:Group"].
      • meta.resourceType: Always "Group".
      • meta.location: The URL to access the group resource.
      • id: The internal team (group) ID.
      • displayName: The name of the team.
      • members: A list of user members, each represented according to SCIM member structure.