Authentication & Authorization

Authentication is done by adding your organization’s SCIM token, issued via Organization settings > User provisioning, to the request parameter

Who can issue SCIM tokens?

SCIM tokens can be issued by admins of organizations that have:

• A Nulab Pass subscription
• Domain authentication enabled
• SAML authentication (SSO) enabled
• User provisioning enabled

Notes on token-issuer accounts

Accounts that have issued tokens can’t:

• Delete an account
• Change an account role
• Deactivate an account

To perform these actions, have another account with admin privileges issue a new token first.

API access using tokens

To call the API, copy the SCIM token from the user provisioning screen to the authorization header.

GET /Users
HTTP/1.1
Host: https://api.apps.nulab.com/spaces/YOUR_SPACE_KEY/scim/v2/
Authorization: Bearer YOUR_SCIM_TOKEN

If an authentication error occurs, status code 401 is returned. Check the response for error details.

• Incorrect access token

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:Error"
    ],
    "status": "401",
    "detail": "Authorization failure. invalid token."
}