Configuring SCIM provisioning
Postman supports SCIM (System for Cross-domain Identity Management), allowing you to automate user provisioning and de-provisioning for your team. With this feature, you can efficiently deploy Postman at scale across your organization and control access to it via your identity provider.
You can enable SCIM with the SCIM API or utilize the Postman Okta app for provisioning. You must be a Postman team admin to enable SCIM for your team. With SCIM enabled, users will not have the option to leave your team on their own, and will not be able to change their account email or password. Only team admins will have the right to remove team members.
Postman supports the following provisioning features:
- Create user: Creates a new user account in Postman, adds the account to your organization's Postman team, and activates authentication for the user. If an account with the same email ID exists, an email invite to join your Postman team is sent to the user. Once the user accepts the invite, they will be added to your team.
The newly added user will have the developer role in Postman by default. You can later update account roles in Postman.
Update user information: Updates a user’s first and last name in Postman.
Activate user: Creates a new user on your Postman team, if one does not already exist, and activates the user to authenticate into your Postman team.
Deactivate user: Removes a user from your Postman team and deactivates their account, blocking the account from authenticating into Postman.
The user account and the data corresponding to it will not be deleted. To permanently delete the user account and their data, contact Postman support.
- Reactivate user: Reactivates an existing deactivated user by unblocking the account's authentication into Postman and adds the account back to your Postman team.
Currently, Postman does not support the following provisioning features:
- Push groups
- Import groups
- Push/sync password updates
- Push user attribute updates from Okta to Postman other than name
- Pull user attribute updates from Postman to Okta
You must have SSO configured prior to enabling SCIM for your Postman team.
To use SCIM, you must have only one SSO method configured. If you have more than one SSO method enabled, you will not have the option to generate a SCIM API key.
To enable SCIM, navigate to Postman and select Team > Team Settings in the upper-right. Select Authentication in the left sidebar.
Next to SCIM provisioning, select the OFF toggle.
Click Turn On to enable SCIM provisioning.
Under SCIM provisioning, select Generate SCIM API Key.
Name your key and click Generate. Copy your new API key for later use and click Done.
You can revisit this page to manage your SCIM API keys. If you regenerate an existing API key, you will have the option to keep the previous key active briefly while you switch over.
For further information or assistance configuring SCIM, contact Postman support.
Postman is available as an app in the Okta Integration Network, allowing you to enable user provisioning directly through Okta.
To set up provisioning with the Postman Okta app, take the following steps:
In Okta, navigate to the Postman app and select Provisioning. Click Configure API Integration.
Check Enable API integration and enter your SCIM API key as the API Token.
Click Test API Credentials. If successful, a verification message will appear.
If verification is unsuccessful, confirm that you have SCIM enabled for your team in Postman, are using the correct SCIM API key, and that your API key's status is ACTIVE in your team authentication settings. If you continue to face issues, contact Postman support for assistance.
The Postman Okta app supports the provisioning features detailed above.
To enable or disable features, navigate to the Postman app in Okta and select To App on the left, then click Edit.
Select features to enable them, or de-select to disable. Click Save to save your changes.
Any provisioning features you've enabled will be immediately available for use in your Postman Okta app. If a user is already provisioned from the Postman app, you may encounter an error in Okta. If this occurs, remove the pending invite from the Postman manage team settings, and Okta will then provision them.
Visit Postman's SCIM API docs for information on setting up SCIM for your Postman team via the SCIM 2.0 API.
Learn more about defining roles in your team.
Last modified: 2022/01/04