QEHSQEHS
Sign inBook a demo

admin guide

SCIM 2.0 provisioning

Auto-create, update, and deactivate users from your IdP using SCIM 2.0. Supported IdPs: Okta, Entra ID, OneLogin, JumpCloud, generic.

10 min read · 2 sections

How it works

SCIM lets your IdP push user lifecycle events to QEHS. When a new hire joins a QEHS-mapped group they get a QEHS account within minutes. When they leave, their account is deactivated. You do not need to touch /settings/members again.

Endpoints & token

SCIM is available at https://app.qehsethos.com/api/scim/v2. Authentication uses a long-lived bearer token you mint from /settings/sso → SCIM tab.

  • POST /Users — create.
  • PATCH /Users/{id} — update (including active=false for deactivation).
  • GET /Users — list with filter support: filter=userName eq "alice@acme.com".
  • POST /Groups — create group; PATCH to add/remove members.
Tags: scim · provisioning · lifecycle · okta · entra