Provision users to Organizations using the API

The Provision user endpoints allow you to organize and grant permissions to your single sign-on users before the users log in to the Snyk platform. The endpoints are Provision a user to the organizaton, List pending user provisions, and Delete pending user provision.

Provisioned users do not need to accept invites. When provisioned users first log in to Snyk, they will have all their permissions. You can use the endpoint Provision a user to the organization to add users to Organizations at scale before their first login.

Prerequisites for provisioning users using the API

The API does not support using service accounts as the inviting user or provisioned user.

  • The user being provisioned must not already exist in the Snyk system.

  • The inviting user must call the API using a personal token.

  • The Snyk Group to which the Organizations belong should have Single Sign On (SSO) configured.

  • Both the inviting user and the provisioned user must log in using SSO.

  • The inviting user should have the permission Provision Users to invoke these calls. All Group and Org Admins, by default, have this permission.

Enable Provision Users permission
Enable Provision Users permission

How to use the Provision user API

The following explains how to use the Provision user endpoints. For more information, see the API documentation for the endpoints: Provision a user to the organizaton, List pending user provisions, and Delete pending user provision.

Provision a user to the Organization

You can use the endpoint Provision a user to the organizaton to provision a user to the specified Organization with a role. When a user first logs into Snyk, the user is automatically assigned the permissions as defined in the role.

POST https://api.snyk.io/v1/org/orgId/provision

Request model:

{

"email": "test@example.com",

"rolePublicId": "",

"role": "ADMIN"

}

Response model:

{

"email": "test@example.com",

"rolePublicId": "",

"role": "ADMIN",

"created": Date

}

Enterprise plan users can define their own customized member roles and can use therolePublicId for assignment. You can use either role or rolePublicId but not both in the same call.

List pending user provisions

The endpont List pending user provisions returns pending provisioned users in the response.

GET https://api.snyk.io/v1/org/orgId/provision

Response model:

[

....

{

"email": "test@example.com",

"rolePublicId": "",

"role": "ADMIN",

"created": Date

},

....

]

Delete pending user provision

Use the endpoint Delete pending user provision to remove a pending provision request.

DELETE https://api.snyk.io/v1/org/orgId/provision

Query parameters

  • email (string) - The email of the user.

Response model:

{

"ok": true

}

Last updated

More information

Snyk privacy policy

© 2024 Snyk Limited | All product and company names and logos are trademarks of their respective owners.