Configuring SCIM provisioning

Provisioning with SCIM is only available to Postman Enterprise teams.

Postman supports SCIM (System for Cross-domain Identity Management), allowing you to automate user provisioning and de-provisioning for your team. With this feature, you can efficiently deploy Postman at scale across your organization and control access to it via your identity provider.

You can enable SCIM with the SCIM API or utilize the Postman Okta app for provisioning. You must be a Postman team admin to enable SCIM for your team. With SCIM enabled, users will not have the option to leave your team on their own, and will not be able to change their account email or password. Only team admins will have the right to remove team members.


SCIM features

Postman supports the following provisioning features:

  • Create user: Creates a new user account in Postman, adds the account to your organization's Postman team, and activates authentication for the user. If an account with the same email ID exists, an email invite to join your Postman team is sent to the user. Once the user accepts the invite, they will be added to your team.

The newly added user will have the developer role in Postman by default. You can later update account roles in Postman.

  • Update user information: Updates a user’s first and last name in Postman.

  • Activate user: Creates a new user on your Postman team, if one does not already exist, and activates the user to authenticate into your Postman team.

  • Deactivate user: Removes a user from your Postman team and deactivates their account, blocking the account from authenticating into Postman.

The user account and the data corresponding to it will not be deleted. To permanently delete the user account and their data, contact Postman support.

  • Reactivate user: Reactivates an existing deactivated user by unblocking the account's authentication into Postman and adds the account back to your Postman team.

Currently, Postman does not support the following provisioning features:

  • Push groups
  • Import groups
  • Push/sync password updates
  • Push user attribute updates from Okta to Postman other than name
  • Pull user attribute updates from Postman to Okta

Enabling SCIM provisioning

You must have SSO configured prior to enabling SCIM for your Postman team.

To use SCIM, you must have only one SSO method configured. If you have more than one SSO method enabled, you will not have the option to generate a SCIM API key.

Learn how to configure SSO in Postman.

Enabling SCIM in Postman

To enable SCIM, navigate to Postman and select Team > Team Settings in the upper-right. Select Authentication in the left sidebar.

Enable SCIM in dashboard

Next to SCIM provisioning, select the OFF toggle.

Enable SCIM in dashboard

Click Turn On to enable SCIM provisioning.

Generating SCIM API key

Under SCIM provisioning, select Generate SCIM API Key.

Generate SCIM API key

Name your key and click Generate. Copy your new API key for later use and click Done.

You can revisit this page to manage your SCIM API keys. If you regenerate an existing API key, you will have the option to keep the previous key active briefly while you switch over.

For further information or assistance configuring SCIM, contact Postman support.

Enabling SCIM in Okta

Postman is available as an app in the Okta Integration Network, allowing you to enable user provisioning directly through Okta.

Prior to enabling SCIM in Okta, you must add the Postman app in Okta and configure Okta's SSO for your Postman team.

To set up provisioning with the Postman Okta app, take the following steps:

  1. Enable SCIM in Postman and generate a SCIM API key.

  2. In Okta, navigate to the Postman app and select Provisioning. Click Configure API Integration.

    Configure API Integration in Okta Postman app
  3. Check Enable API integration and enter your SCIM API key as the API Token.

    Configure provisioning in Okta's Postman app
  4. Click Test API Credentials. If successful, a verification message will appear.

    If verification is unsuccessful, confirm that you have SCIM enabled for your team in Postman, are using the correct SCIM API key, and that your API key's status is ACTIVE in your team authentication settings. If you continue to face issues, contact Postman support for assistance.

  5. Click Save.

Configuring the Okta SCIM integration

The Postman Okta app supports the provisioning features detailed above.

To enable or disable features, navigate to the Postman app in Okta and select To App on the left, then click Edit.

Configure features in Okta's Postman app

Select features to enable them, or de-select to disable. Click Save to save your changes.

Enabled features in Okta's Postman app

Any provisioning features you've enabled will be immediately available for use in your Postman Okta app. If a user is already provisioned from the Postman app, you may encounter an error in Okta. If this occurs, remove the pending invite from the Postman manage team settings, and Okta will then provision them.

Enabling SCIM with the SCIM API

Visit Postman's SCIM API docs for information on setting up SCIM for your Postman team via the SCIM 2.0 API.

Next steps

Learn more about defining roles in your team.

Last modified: 2022/01/04