Skip to main content
Available on Enterprise plan

Overview

When SCIM is provisioned with your identity provider, users in your workspace can be automatically provisioned, managed, and deactivated. Note: Dovetail implements SCIM 2.0 as specified in the RFC documents from the Internet Engineering Task Force:

What can you do with Dovetail’s SCIM API

  • Push New Users → New users created through your identity provider will also be created in Dovetail.
  • Push Profile Updates → Updates made to the user’s profile through your identity provider will be pushed to Dovetail.
  • Push New Groups → New user groups created through your identity provider will also be created in Dovetail.
  • Push User Deactivation → Deactivating the user or deleting the user will deactivate the user in Dovetail.
  • Reactivate Users → Reactivated users are also reactivated in Dovetail.
We currently support Okta, but we’re working on adding more identity providers soon. Please contact us to integrate with your identity provider.

Users

User attributes

All attributes are in the “urn:ietf:params:scim:schemas:core:2.0:User” namespace
AttributeSCIM namespaceSCIM attributeTypeRequiredDescription
Emailurn:ietf:params:scim:schemas:core:2.0:UseruserNameemailyesUser email
Activeurn:ietf:params:scim:schemas:core:2.0:UseractivebooleanyesDetermines whether or not this user can log in to Dovetail
Full nameurn:ietf:params:scim:schemas:core:2.0:UserdisplayNamestring (max length 100 characters)noName displayed in Dovetail
Roleurn:ietf:params:scim:schemas:core:2.0:Userrole“MANAGER” or “CONTRIBUTOR” or “VIEWER”noSets the Dovetail role
Workspace adminurn:ietf:params:scim:schemas:extension:dovetail:2.0:UserworkspaceAdminbooleannoSet Dovetail workspace admin

User methods

  • GET /Users
    • Returns a paginated list of users.
    • You can paginate using the startIndex and count parameters.
    • You can filter results with the filter parameter. Valid attributes to filter are displayName and userName using eq and and.
  • POST /Users
    • Create a new user in your workspace.
    • Required attributes are userName and active.

Groups

Group attributes

AttributeSCIM namespaceSCIM attributeDescription
Nameurn:ietf:params:scim:schemas:core:2.0:GroupdisplayNameName of the user group. Required
Membersurn:ietf:params:scim:schemas:core:2.0:GroupmembersList of Dovetail users in the group.

Group methods

  • GET /Groups
    • Returns a paginated list of user groups.
    • You can paginate using the startIndex and count parameters.
    • You can filter results with the filter parameter. Valid attributes to filter are displayName using eq.
  • POST /Groups
    • Create a new user group in your workspace.
    • Required attributes are displayName.
  • PATCH /Groups/<id>
    • Update an existing user group.
    • We only support adding members to a group via the Dovetail user ID.


{
	"schemas": [
		"urn:ietf:params:scim:api:messages:2.0:PatchOp"
	],
	"Operations": [
		{
			"op": "add",
			"path": "members",
			"value": [
				{
					"value": <dovetail_user_id>
				}
			]
		}
	]
}

Automate and manage provisioning with Okta

Ensure that you have configured Okta as your identity provider in your Dovetail workspace before configuring SCIM provisioning.

Configure SCIM provisioning in Okta

  • Open the Dovetail app you’ve set up in Okta and navigate to Provisioning.
  • Under Integration, click Configure API integration, check Enable API integration, and click Authenticate with Dovetail. Ensure you are logged in to Dovetail as a workspace admin.
  • From within the pop-up window, select your Dovetail workspace and click Allow. Once you are directed back to Okta, click Save.
  • Under To app, click Edit and enable your preferred features: Create users, Update user attributes, or Deactivate users. Click Save.
  • Navigate to the Sign On tab, and ensure that the Application username format is set to Email.

Provision users from Okta

To provision users in Dovetail from Okta, complete these steps:
  • Navigate to the Assignments tab.
  • Click Assign, then Assign to People, or Assign to Groups.
  • Select a user or a group, and assign a Dovetail role and Dovetail workspace admin from the relevant fields. Click Save.
Your users in Okta have now been provisioned in your Dovetail workspace. If a user is deactivated in Okta, their Dovetail account will also be deactivated and they will lose access to your workspace.
If you do not already have a group in Okta that you’d like to link or push to a user group in Dovetail, navigate to Directory → Groups → Add Group.
To link a user group in Dovetail with a group in Okta, complete these steps:
  • Navigate to the Push Groups tab, select Push Group and enter the name of the group.
  • From there, select Push Groups, and find your group by name, or by rule.
  • If you have an existing user group in Dovetail you would like to link this group to, select Link Group and enter the name of the user group in Dovetail. If you would like to create a new user group, select Create Group, and click Save.
Your group in Okta and your user group in Dovetail are now linked. Any users you add to the group in Okta who are also assigned to your Dovetail application will be added to the group in Dovetail.