Skip to content

Tokens

For Synkzone SCIM, two tokens are needed: one from the application connected to the AD and one from Synkzone API.

Application in Azure

The token from the application in Azure (if using Entra ID) could be anything, e.g. a uuid generated by the customer. This token doesn't have a set expiry. In Azure, the token is added in the settings for the created application and is added as a property to Synkzone SCIM.

Synkzone API

Create a token from Synkzone API with the pre-defined scope "SCIM" which limits the token to only be used for user management. The token should be created from an administrator account in the Synkzone Organization.

If you're using SCIM to manage groups, the groups will be administrator managed. It means that the groups have no dedicated manager by default from creation, but any Synkzone administrator can manage the group.

Create a SCIM scoped token

To create a token used for SCIM, follow these steps:

  1. Sign in
  2. Create token with SCIM defined scope
  3. Verify token

Sign in

curl -i -X POST https://<organization>.synkzone.com/api/access/logon -H 'Content-Type: application/json' -d '{"password":["p","a","s","s","w","o","r","d"],"username":"admin"}'

Replace with correct username and password for an administrator account. The password needs to be in an array.

The session id given in the response of a successful sign in is used as authentication in the next request (<auth>).

Create token with SCIM defined scope

A token with the pre defined SCIM scope can only be used to access user management. It has no access to zones, zone content etc. The validity is set in seconds.

curl -i -X POST https://<organization>.synkzone.com/api/tokens -H 'Content-Type: application/json' -H 'Authorization: <auth>' -d '{"scope": {"clients": ["SynkzoneSSI"],"name": "SCIM"},"tokenName": "<name of token>","validity": <seconds>, "password":["p","a","s","s","w","o","r","d"]}'

The only time the token will be presented is in the response to the POST request, make sure to store it in a secure place.

Verify token

Verify that the created token works by making a request e.g. listing users

curl -i -X GET https://<organization>.synkzone.com/api/users -H 'Authorization: Bearer <token>'