Provision users to Organizations using the API
The Provision user endpoints allow you to organize and grant permissions to your single sign-on users before the users log in to the Snyk platform. The endpoints are Provision a user to the organizaton, List pending user provisions, and Delete pending user provision.
Provisioned users do not need to accept invites. When provisioned users first log in to Snyk, they will have all their permissions. You can use the endpoint Provision a user to the organization to add users to Organizations at scale before their first login.
Prerequisites for provisioning users using the API
The API does not support using service accounts as the inviting user or provisioned user.
The user being provisioned must not already exist in the Snyk system.
The inviting user must call the API using a personal token.
The Snyk Group to which the Organizations belong should have Single Sign On (SSO) configured.
Both the inviting user and the provisioned user must log in using SSO.
The inviting user should have the permission
Provision Users
to invoke these calls. All Group and Org Admins, by default, have this permission.
How to use the Provision user API
The following explains how to use the Provision user endpoints. For more information, see the API documentation for the endpoints: Provision a user to the organizaton, List pending user provisions, and Delete pending user provision.
Provision a user to the Organization
You can use the endpoint Provision a user to the organizaton to provision a user to the specified Organization with a role. When a user first logs into Snyk, the user is automatically assigned the permissions as defined in the role.
POST
https://api.snyk.io/v1/org/orgId/provision
Request model:
{
"email": "test@example.com",
"rolePublicId": "",
"role": "ADMIN"
}
Response model:
{
"email": "test@example.com",
"rolePublicId": "",
"role": "ADMIN",
"created": Date
}
Enterprise plan users can define their own customized member roles and can use therolePublicId
for assignment.
You can use either role
or rolePublicId
but not both in the same call.
List pending user provisions
The endpont List pending user provisions returns pending provisioned users in the response.
GET
https://api.snyk.io/v1/org/orgId/provision
Response model:
[
....
{
"email": "test@example.com",
"rolePublicId": "",
"role": "ADMIN",
"created": Date
},
....
]
Delete pending user provision
Use the endpoint Delete pending user provision to remove a pending provision request.
DELETE
https://api.snyk.io/v1/org/orgId/provision
Query parameters
email (string) - The email of the user.
Response model:
{
"ok": true
}
Last updated