Automatically monitor regulatory updates to map to your internal policies, procesures and controls. Learn More
-

1558 Enforcement Actions in the U.S. over past 30 days

-

FTC enforcements decreased 55% over the past 30 days

-

SEC issued enforcements: $37,812,859 over the past 30 days

-

50 Final Rules go into effect in the next 7 days

-

49 Mortgage Lending docs published in the last 7 days

-

1670 docs with extracted obligations from the last 7 days

-

new Proposed and Final Rules were published in the past 7 days

-

11906 new docs in pro.compliance.ai within the last 7 days

-

Check out Expert In The Loop Forum OnDemand!

-

Considering RCM Solutions?  Here’s an RFP to get started.

-
NAVIGATION

SCIM Identity Management

Overview

The System for Cross-domain Identity Management (SCIM) standard is used to simplify user provisioning and management by integrating your own user management system to the Compliance.ai platform. Compliance.ai currently supports SCIM 2.0 to help you manage your users’ access rights, along with provisioning and de-provisioning users across multiple platforms from your corporation’s identity management systems like OKTA, SailPoint, etc. Our SCIM support relies on the the following setup:

  • Schemas defining the API endpoints and expectations for request / response payloads
  • RESTful API endpoints for all necessary user management operations

In order to access the SCIM Schemas and API endpoints, you will first need to register for an API key and client ID to authorize and authenticate requests to Compliance.ai’s Platform. Follow the API User Guide to get started. Once the API key is generated, it needs to be associated with your User account on Compliance.ai – please contact support@compliance.ai for assistance. 

Implementation

Once you are set up on the Developer Platform, Compliance.ai provides multiple endpoints that can be used to implement SCIM:

  • GET /scim/ServiceProviderConfig
    Specification compliance, authentication schemes, data models.
  • GET /scim/ResourceTypes
    An endpoint used to discover the types of resources available.
  • GET /scim/ResourceTypes/:resource_type
    An endpoint used to discover information about a specific resource available.
  • GET /scim/Schemas
    Introspect resources and attribute extensions.
  • GET /scim/Schemas/:schema_type
    Attribute supported by a specific resource.

Compliance.ai supports modifying attributes for a specific User – the user’s roles (access rights), the ​​externalId, and enabled (activate or deactivate account status) can be updated using SCIM. SCIM also supports the creation/provisioning of a new user. If your organization decides to leverage Compliance.ai’s SCIM integration – you will create new users, manage and update user roles and account status via your own identity management system, and the role management within pro.compliance.ai will be locked. The endpoints to retrieve, create, and modify user information are as follows:

  • GET /scim/Users
    Endpoint used to get a list of Users that are a part of your organization.
    To filter the results based on the username, utilize the filter parameter using the format: userName eq “user@domain.com“.
  • GET /scim/Users/:user_id
    Endpoint used to get attributes associated with a specific User.
  • PUT /scim/Users/:user_id
    Endpoint used to modify the following attributes for a specific User:

    • userType: A userTye collectively represents a user’s permissions within an organization on pro.compliance.ai, and can be assigned as one of the following: “Org Admin”, “Team Admin”, “Workflow Admin”, “Active Team User”, “Lite Team User”
    • ​​externalId: An external id for the user to help it be identified in outside systems. This can be set as any string value
    • ​​active: Status that reflects if the account is active or deactivated. This is set as a boolean value
  • POST /scim/Users
    Endpoint used to create a user account with the following attributes for a specific User:

    • ​​userName: Please make sure to use an email for this value so the new user can use that email to log into pro.compliance.ai using your Corporate Login.
    • userType
    • ​​externalId
    • active
  • PATCH /scim/Users
    Endpoint is used to make partial updates to a user representation. It allows users to modify following specific attributes or properties of a user:

    • userType: A userTye collectively represents a user’s permissions within an organization on pro.compliance.ai, and can be assigned as one of the following: “Org Admin”, “Team Admin”, “Workflow Admin”, “Active Team User”, “Lite Team User”
    • ​​externalId: An external id for the user to help it be identified in outside systems. This can be set as any string value
    • active: Status that reflects if the account is active or deactivated. This is set as a boolean value

     

These endpoints can be found and tested in our I/O Docs on Compliance.ai Developer Platform. Go to https://developer.compliance.ai/io-docs, and then select “SCIM” to get the full list of SCIM endpoints available.

Example API References

GET User by user_id

  • Resource URL
https://api.compliance.ai/scim/Users/:user_id
  • Header Parameter
Authorization: Bearer
Content-Type: application/json

  • Sample Responses

{   "active": true, 
    “enabled”: true,      
    "externalId": XYZ,
    "id": XYZ,
    "meta": {
        "created": "2021-12-13 17:10:51.234218",
        "lastModified": "2022-02-03 22:50:15.322791",
        "location": "https://api.compliance.ai/v1/Users/XYZ",
        "resourceType": "User" },
    "roles": ["Team Admin"],
    "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
    "timezone": "UTC",
    "userName": "test@compliance.ai" }

PUT User by user_id

  • Resource URL
https://api.compliance.ai/scim/Users/:user_id
  • Header Parameter
Authorization: Bearer
Content-Type: application/json

  • Request Body

{"externalId": "XYZ",
"roles":  "Org Admin"}

  • Sample Responses

{   "active": true,
    “enabled”: true,      
    "externalId": XYZ,
    "id": XYZ,
    "meta": {
        "created": "2021-12-13 17:10:51.234218",
        "lastModified": "2022-02-03 23:50:15.322791",
        "location": "https://api.compliance.ai/v1/Users/XYZ",
        "resourceType": "User" },
    "roles": ["Org Admin"],
    "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
    "timezone": "UTC",
    "userName": "test@compliance.ai" }

GET User

  • Resource URL
https://api.compliance.ai/scim/Users
  • Header Parameter
Authorization: Bearer

  • Sample Responses

{ "Resources": [{
    "active": true,
    “enabled”: true,
    "externalId": XYZ,
    "id": XYZ,
    "meta": {
        "created": "2021-12-13 17:10:51.234218",
        "lastModified": "2022-02-03 22:50:15.322791",
        "location": "https://api.compliance.ai/v1/Users/XYZ",
        "resourceType": "User" },
    "roles": ["Team Admin"],
    "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
    "timezone": "UTC",
    "userName": "test@compliance.ai" 
    }, {
    "active": true,
    “enabled”: true,
    "externalId": ABC,
    "id": ABC,
    "meta": {
        "created": "2021-11-18 17:10:51.234218",
        "lastModified": "2022-01-01 22:50:15.322791",
        "location": "https://api.compliance.ai/v1/Users/ABC",
        "resourceType": "User" },
    "roles": ["Active Team User"],
    "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
    "timezone": "UTC",
    "userName": "test2@compliance.ai" }],
  "itemsPerPage": 100,
  "schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
  "startIndex": 1,
  "totalResults": 2 }

  • Sample responses when filter is used:

{
    "Resources": [{
        "active": true,
        "enabled": true,
        "externalId": null,
        "id": 1234,
        "meta": {
            "created": "2023-02-27 21:45:07.157662",
            "lastModified": "2023-05-17 04:42:58.364070",
            "location": "https://api.compliance.ai/v1/Users/1234",
            "resourceType": "User"
        },
        "roles": "Admin",
        "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
        "timezone": "America/Vancouver",
        "userName": "user@domain.com"
    }],
    "itemsPerPage": 100,
    "schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
    "startIndex": 1,
    "totalResults": 1
}

POST User

  • Resource URL
https://api.compliance.ai/scim/Users
  • Header Parameter
Authorization: Bearer

  • Sample Responses

{ "Resources": [{
    "active": true,
    “enabled”: true,
    "externalId": XYZ,
    "id": XYZ,
    "meta": {
        "created": "2021-12-13 17:10:51.234218",
        "lastModified": "2022-02-03 22:50:15.322791",
        "location": "https://api.compliance.ai/v1/Users/XYZ",
        "resourceType": "User" },
    "roles": ["Team Admin"],
    "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
    "timezone": "UTC",
    "userName": "test@compliance.ai" 
    }

PATCH User

  • Resource URL
https://api.compliance.ai/scim/Users/{user_id}
  • Header Parameter
Authorization: Bearer

  • Request Body

{
 "schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
  "Operations":[
   {
    "op":"replace",
    "path":"externalId",
    "value":"123"
    }
  ]
}

  • Sample Responses

{
 "schemas":[
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
  ],
  "Operations":[
   {
    "op":"replace",
    "path":"externalId",
    "value":"123"
    }    
  ]  
}

Next Steps

Contact us to schedule a demo and discuss implementing SCIM in detail.

If you’re a developer, join our Developer Program to learn more and begin using our interactive API.

X