Provision users to Orgs via API
These API endpoints allow you to organise and grant permissions to your SSO users, before the users log into the Snyk platform.
The provisioned users will not need to accept invites; when they first log into Snyk, they will automatically have all permissions ready for them. This provides an alternative to add users to orgs at scale ahead of the first login.
Pre-requisites
The user being provisioned must not already exist in our system.
Inviting user must call the API with their personal token.
The Snyk Group to which orgs belong should have Single Sign On (SSO) configured.
Both inviting user and provisioned user must log in via SSO.
The API does not support service accounts to be used as the inviting user or provisioned user.
The inviting user should have the permission
Provision Usersto invoke these calls. All Group and Org Admins by default have this permission.\
Enable Provision Users permission
Working with provision user API
1. Provision a user to the organization
Provision user to specified org with a role. When a user first logs into Snyk, they will automatically be assigned with the permissions as defined in the role.
POST https://api.snyk.io/api/v1/org/orgId/provision
Request model:
{
"email": "[email protected]",
"rolePublicId": "",
"role": "ADMIN"
}
Response model:
{
"email": "[email protected]",
"rolePublicId": "",
"role": "ADMIN",
"created": Date
}
2. List pending user provisions
The following endpoint will return pending provisioned users in their response.
GET https://api.snyk.io/api/v1/org/orgId/provision
Response model:
[
....
{
"email": "[email protected]",
"rolePublicId": "",
"role": "ADMIN",
"created": Date
},
....
]
3. Delete pending user provision
Remove pending provision request.
DELETE https://api.snyk.io/api/v1/org/orgId/provision
Query parameters
email (string) - The email of the user.
Response model:
{
"ok": true
}
Last updated
Was this helpful?