Support Snyk Learn API reference Product updates Sign up for free

Provision users to Organizations using the API

The Provision user endpoints allow you to organize and grant permissions to your single sign-on users before the users log in to the Snyk platform. The endpoints are Provision a user to the organizaton, List pending user provisions, and Delete pending user provisions.

Provisioned users do not need to accept invites. When provisioned users first log in to Snyk, they will have all their permissions. You can use the Provision a user to the organization endpoint to add users to Organizations at scale before their first login.

Prerequisites for provisioning users using the API

The API does not support using service accounts as the inviting user or provisioned user.

  • The user being provisioned must not already exist in the Snyk system.

  • The inviting user must call the API using a personal token.

  • The Snyk Group to which the Organizations belong should have Single Sign On (SSO) configured.

  • Both the inviting user and the provisioned user must log in using SSO.

  • The inviting user should have the permission Provision Users to invoke these calls. All Group and Org Admins, by default, have this permission.

Enable Provision Users permission
Enable Provision Users permission

How to use the Provision user API

The following explains how to use the Provision user endpoints. For more information, see the API documentation: Provision a user to the organizaton, List pending user provisions, and Delete pending user provisions.

Provision a user to the Organization

You provision a user to the specified Organization with a role. When a user first logs into Snyk, the user is automatically assigned the permissions as defined in the role.

POST https://api.snyk.io/v1/org/orgId/provision

Request model:

{

"email": "test@example.com",

"rolePublicId": "",

"role": "ADMIN"

}

Response model:

{

"email": "test@example.com",

"rolePublicId": "",

"role": "ADMIN",

"created": Date

}

Enterprise plan users can define their own customized member roles and can use therolePublicId for assignment. You can use either role or rolePublicId but not both in the same call.

List pending user provisions

The List pending user provisions endpoint returns pending provisioned users in the response.

GET https://api.snyk.io/v1/org/orgId/provision

Response model:

[

....

{

"email": "test@example.com",

"rolePublicId": "",

"role": "ADMIN",

"created": Date

},

....

]

Delete pending user provision

Use the Delete pending use provision endpoint to remove a pending provision request.

DELETE https://api.snyk.io/v1/org/orgId/provision

Query parameters

  • email (string) - The email of the user.

Response model:

{

"ok": true

}

PreviousUser management with the APINextUpdate member roles using the API

Last updated

More information

Snyk privacy policy

© 2024 Snyk Limited | All product and company names and logos are trademarks of their respective owners.