Use the REST API to Manage User Identities with SCIM 2.0

Salesforce now supports version 2.0 of System for Cross-Domain Identity Management (SCIM). SCIM is an open standard for exchanging user identity information across systems using the REST API. Salesforce provides extensions to the spec for Salesforce-specific identity information. SCIM makes it easier to manage user identities, especially for large companies that host thousands of apps and related servers and databases. Without a standard connection method, companies must write custom software connectors to join these services.

Where: This feature applies to Lightning Experience and Salesforce Classic in all editions.

How: We added these SCIM endpoints for Salesforce extensions, where salesforce_org_url is the org URL (such as a custom domain) for the user. An asterisk (*) indicates the endpoints that we added with SCIM 2.0.

  • https://salesforce_org_url/services/scim/v2/Users
  • https://salesforce_org_url/services/scim/v2/Groups
  • https://salesforce_org_url/services/scim/v2/Entitlements
  • https://salesforce_org_url/services/scim/v2/Schemas
  • https://salesforce_org_url/services/scim/v2/Roles*
  • https://salesforce_org_url/services/scim/v2/ResourceTypes*
  • https://salesforce_org_url/services/scim/v2/Me*

You can request the capabilities of the Salesforce SCIM implementation using https://salesforce_org_url/services/scim/v2/ServiceProviderConfigs.

Request the properties of a specific user using https://salesforce_org_url/services/scim/v1/Users/userID, where userId is the user’s 18-character org ID.