Set up the SCIM API

This article explains how to enable SCIM API provisioning, generate API keys, and describes the current SCIM limitations.

๐Ÿ“˜

Important notes

  • Mural's SCIM implementation targets the SCIM 2.0 reference.

  • The base URL for all calls to Mural is https://api.mural.co/enterprise/v1/scim. All SCIM methods are branches of this base URL.

  • You must be a Mural company administrator to generate SCIM API keys.

  • SSO (SAML-based single sign-on) must be properly set up and functional in your Enterprise account before you start configuring automated provisioning.

Generate SCIM API keys

To set up automatic SCIM provisioning and create a SCIM API key, check out our Automatic SCIM provisioning article.

Generate Mapping API keys

To use SCIM Groups in Mural, you need to map your groups to your Mural workspaces and also set your group permissions. You can do this using Mural's Enterprise SCIM and Mapping API in an API tool like Postman. Or, you can set up Group mapping and permissions from the company dashboard. Learn more in our article, Managing user accounts through SCIM groups.

๐Ÿ“˜

Mapping API endpoints aren't enabled by default. To enable them, reach out to your Mural Customer Support Representative.

Once the Mapping API is enabled, you will see it displayed as a separate scope on the API Keys page of the company dashboard under the name "Mapping." From there, you can access the API endpoints and map your groups to your Mural workspaces.

Current SCIM limitations

There are some limitations to the SCIM API implementation, described below.

  • SCIM is available only with Mural's Enterprise plan.

  • Members can be deactivated (suspended), but not permanently deleted from Mural. When a member is suspended, they cannot sign in, but their data remains on Mural as an inactive member. When a suspended member is reactivated (unsuspended) through the SCIM API, the member can access all their previous content, if it was not transferred to another member before suspension.

  • If any profile fields in a custom profile are invalid, all of the fields will be ignored. Carefully review custom profile information before creating new users.

  • Only Mural members can be provisioned via SCIM, not guests. See Types of users in Mural.

  • The SCIM API uses rate limiting to prevent server overload. If your app sends more than 25 requests per second, you will receive a 429 error.

  • Filter and sort options for GET endpoints are not currently available. However, you can filter by email address in the GET endpoint to find a member's mural ID, which can then be used with other endpoints. See additional SCIM examples.

  • Last access information is temporarily unavailable for SCIM group-managed members in workspace admin-managed members tables. We're actively working on a fix. In the meantime, company admins can retrieve last access information for group-managed members through our reports in the company dashboard or by utilizing our reporting API.

  • When mapping SCIM groups to Mural workspaces, keep these guidelines in mind: workspaces can handle up to 40,000 users without significant performance impact. Avoid mapping a single group of more than 40,000 users to an empty workspace. If mapping multiple groups, ensure the total number of users across all groups stays below 40,000. Consider existing users in the workspace who won't be part of the mapped group.