The Provision user endpoints allow you to organize and grant permissions to your single sign-on users before the users log in to the Snyk platform. The endpoints are , , and .

Provisioned users do not need to accept invites. When provisioned users first log in to Snyk, they will have all their permissions. You can use the endpoint to add users to Organizations at scale before their first login.

Prerequisites for provisioning users using the API

• The user being provisioned must not already exist in the Snyk system.

• The inviting user must call the API using a personal token.

• The Snyk Group to which the Organizations belong should have .

• Both the inviting user and the provisioned user must log in using SSO.

• The inviting user should have the permission Provision Users to invoke these calls. All Group and Org Admins, by default, have this permission.

How to use the Provision user API

Provision a user to the Organization

POST https://api.snyk.io/v1/org/orgId/provision

Request model:

{

"email": "test@example.com",

"rolePublicId": "",

"role": "ADMIN"

}

Response model:

{

"email": "test@example.com",

"rolePublicId": "",

"role": "ADMIN",

"created": Date

}

List pending user provisions

GET https://api.snyk.io/v1/org/orgId/provision

Response model:

[

....

{

"email": "test@example.com",

"rolePublicId": "",

"role": "ADMIN",

"created": Date

},

....

]

Delete pending user provision

DELETE https://api.snyk.io/v1/org/orgId/provision

Query parameters

• email (string) - The email of the user.

Response model:

{

"ok": true

}