Skillment
EntrarExperimentar grátis

SCIM 2.0

Skillment implementa SCIM 2.0 (System for Cross-domain Identity Management) conforme RFC 7644 + RFC 6902 PATCH ops. Compatible com Workday, Okta, Azure AD (Microsoft Entra), Rippling e outros IdPs comuns em empresas mid-market e enterprise.

Base URL

https://[tenant].skillment.app/scim/v2

Autenticação

Bearer token gerado em /admin/integrations/scim. Tokens têm escopo SCIM-only (não acessam endpoints da API pública). Suporte a múltiplos tokens ativos pra rotação sem downtime.

Authorization: Bearer scim_xxx

Schemas suportados

  • urn:ietf:params:scim:schemas:core:2.0:User — atributos core
  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User — department → área, division → localidade
  • urn:skillment:scim:schemas:extension:1.0:User — turma, cargo (custom extension)

Endpoints principais

POST /scim/v2/Users (criar)

POST /scim/v2/Users
Content-Type: application/scim+json

{
  "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
  "userName": "ana@empresa.com",
  "name": { "givenName": "Ana", "familyName": "Silva" },
  "emails": [{ "primary": true, "value": "ana@empresa.com" }],
  "active": true,
  "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
    "department": "Vendas",
    "division": "São Paulo"
  }
}

PATCH /scim/v2/Users/:id (atualizar)

Suporta RFC 6902 PATCH ops. Casos comuns:

PATCH /scim/v2/Users/abc123
Content-Type: application/scim+json

{
  "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
  "Operations": [
    { "op": "replace", "path": "active", "value": false },
    {
      "op": "replace",
      "path": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department",
      "value": "Logística"
    }
  ]
}

DELETE /scim/v2/Users/:id (soft-delete)

Soft-delete por padrão. Equivalente a PATCH com active=false. O learner não pode mais logar mas histórico de XP, conclusões e certificados fica preservado pra auditoria. Hard-delete via LGPD endpoint DELETE /api/user/me (different endpoint, anonimiza PII).

GET /scim/v2/Users (lista + filtros)

GET /scim/v2/Users?filter=department eq "Vendas" and active eq true
GET /scim/v2/Users?filter=userName eq "ana@empresa.com"
GET /scim/v2/Users?startIndex=1&count=100

Setup no Okta

  1. Em Okta, Applications → Add Application → Create new SCIM 2.0 App
  2. SCIM Connector Base URL: https://[tenant].skillment.app/scim/v2
  3. Unique identifier field: userName
  4. Auth: Bearer Token (cole o token gerado no Skillment)
  5. Push: create, update, deactivate users
  6. Attribute mapping: department, division, custom (turma, cargo)

Setup no Workday

  1. Workday Studio → Integration → REST Connector
  2. Endpoint URL conforme acima
  3. Authentication: OAuth 2.0 Bearer (Skillment token)
  4. Use Workday's SCIM 2.0 outbound template
  5. Atenção: Workday envia emails[primary eq true].value com PATCH. Já testado e suportado.

Setup no Azure AD (Microsoft Entra)

  1. Entra Admin Center → Enterprise Applications → New Application
  2. Galeria: Non-gallery → Custom
  3. Provisioning Mode: Automatic
  4. Tenant URL: https://[tenant].skillment.app/scim/v2
  5. Secret Token: cole o Skillment token
  6. Test Connection → Save → Start provisioning

Erros SCIM padrão

{
  "schemas": ["urn:ietf:params:scim:api:messages:2.0:Error"],
  "status": "400",
  "scimType": "invalidValue",
  "detail": "active must be a boolean"
}

scimType values: invalidPath, invalidValue, invalidSyntax, noTarget, uniqueness, mutability.