This article explains how to enable SCIM API provisioning, generate API keys, and describes the current SCIM limitations.

📘

Important Notes

• MURAL's SCIM implementation targets the SCIM 2.0 reference.

• The base URL for all calls to MURAL is https://api.mural.co/enterprise/v1/scim. All SCIM methods are branches of this base URL.

• You must be a MURAL company administrator to generate SCIM API keys.

• SAML-based single sign-on (SSO) must be properly set up and functional in your Enterprise account before you start configuring automated provisioning.

Enable SCIM API endpoints

By default, SCIM API endpoints are not enabled. To enable SCIM API endpoints, please contact your MURAL Success Architect. If you do not see a SCIM option when creating an API key, your endpoints have not been enabled yet.

Generate SCIM API keys

Once SCIM endpoints are enabled, your company administrator can create SCIM API keys.

Follow the steps in the Create API Keys article to create a SCIM API key. Be sure to select SCIM on the Create API Key modal.

Current SCIM limitations

There are a few limitations to the SCIM API implementation, described below.

• SCIM is available only with MURAL's Enterprise plan.

• Members can be deactivated (suspended), but not permanently deleted from MURAL.

  • Suspending is done with the PATCH endpoint or the DELETE endpoint. Note that the member will only be deactivated.

  • When a member is suspended, they cannot sign in, but their data remains on MURAL as an inactive member. When a suspended member is reactivated (unsuspended) through the SCIM API, the member can access all their previous content, if it was not transferred to another member before suspension.

• If any profile fields in a custom profile are invalid, all of the fields will be ignored. Carefully review custom profile information before creating new users.

• Only MURAL members can be provisioned via SCIM, not guests. See Types of users in MURAL.

• The last admin in a workspace cannot be suspended through the SCIM API. This action generates a 409 error. One workaround for this is to add an additional admin to your workspace.

• The SCIM API uses rate limiting to prevent server overload. If your app sends more than 25 requests per second, you will receive a 429 error.

• Filter and sort options for GET endpoints are not currently available. However, you can filter by email address in the GET endpoint to find a member's mural ID, which can then be used with other endpoints. See additional SCIM examples.

• User roles are not available through the SCIM API. For example, if a user has a role of “Admin,” attempting to pass this attribute to MURAL does not enable an Admin account for the user.