SCIM API always 401

I have a site confiugred with SSO and user provisioning using Azure AD.

Should the SCIM API be available for this site?

I tried following the steps in https://developer.atlassian.com/cloud/admin/user-provisioning/rest/intro/ to call it with curl, but I always get 401 “unauthorized to access”.

My goal is to retrieve the syncrhonized user data like “Department” and “Title” to display in issues, and I think I need to use Automation to call the SCIM API to read those data.

@KCWong,

The short answer, yes.

First, a point of correction. SCIM APIs are not “for this site” they are “for this organization”. The reason this matters is that sites and organizations are different sets of users. A site might have only users from an organization, but that is not strictly true in all cases. Many of our customers have sites with users from outside their own managed organization.

If you are always getting 401, it’s likely a problem with your API key. A common confusion is admin API keys with the common API tokens for accessing the Jira REST API. Those are not the same. The API token you obtain from your user profile will not work. You must obtain a token from the organization admin screen. To generate the admin API key, follow these instructions:

(At time of writing, the admin API docs about auth navigate to the org admin pages correctly but don’t navigate to the API key section correctly. Close, but not entirely accurate.)

I just generated a new admin API key and it works correctly for me.

Yes, I’m generating my API key from:

  1. Gear | User Administration
  2. Settings | API Keys

The screen shows:

  1. organization ID
  2. API key.

I plugged the API key directly into the curl command:

curl --request GET
–url ‘https://api.atlassian.com/scim/directory/{directoryId}/Users
–header ‘Authorization: Bearer [API Key]’
–header ‘Accept: application/json’

Maybe I’m using the wrong directory ID?

This thread says:

  1. To go to your organization
  2. Directory | User Provisioning

But for me my Directory does not have User Provisioning. I only have three items:

  1. Users
  2. Groups
  3. Managed Users

Instead I have Authentication Policies and Identity Providers under Security. Where can I find my directory ID?

Edit: I think I messed up the curl command before. Now I’m using SoapUI and added the headers, it is no longer 401, but 404.

If I use organization ID as directory ID, the response is 404 with errors = none found.

@KCWong,

Yes. I confirm the organization id is not the directory id.

That sounds like you are not an organizational admin. Maybe you can use the following to diagnose:

1 Like

Thanks again. I’ll ask if they can make me org admin, or fetch the directory ID for me.

My user is marked as org admin:
image

This is my Directory menu:
image

This is my Security menu:

Where do I find the directory ID?