Summary and recommendation
Clari's public API surface (developer.clari.com) is scoped to revenue intelligence data - opportunities, forecasts, call recordings - and does not expose user management endpoints. There is no documented REST API for creating, updating, or deactivating users. No SCIM endpoint is publicly documented; the source data confirms has_native_scim: false.
Automated provisioning is limited to SAML JIT via Okta or Entra ID only - Google Workspace and OneLogin are not confirmed supported IdPs. Teams building identity graph pipelines that expect a /users resource or SCIM /Users endpoint will find neither available in Clari's current public API.
API quick reference
| Has user API | No |
| SCIM available | No |
| SCIM plan required | Enterprise |
Authentication
Auth method: Not documented
User object / data model
User object field mapping is not yet verified for this app.
Core endpoints
Endpoint coverage is not yet verified for this app.
Rate limits, pagination, and events
Rate limits: Not documented
Rate-limit headers: No
Retry-After header: No
Rate-limit notes: Not documented
Pagination method: none
Default page size: 0
Max page size: 0
Pagination pointer: Not documented
Webhooks available: No
Webhook notes: No publicly documented webhook system for user lifecycle events found in official Clari documentation.
Alternative event strategy: User provisioning and deprovisioning is managed through SAML SSO IdP integrations (Okta, Entra ID). Admins manage users via the Clari Admin UI or IdP-driven JIT provisioning.
SCIM API status
- SCIM available: No
- SCIM version: Not documented
- Plan required: Enterprise
- Endpoint: Not documented
Limitations:
- No SCIM endpoint is publicly documented in Clari's official developer or help center documentation as of the research date.
- Context data indicates native SCIM is not available (has_native_scim: false).
- User provisioning relies on SAML JIT or manual admin UI management.
- SSO is a prerequisite for any automated provisioning; supported IdPs are Okta and Entra ID only.
Common scenarios
Three scenarios cover the realistic automation surface.
For provisioning, SAML JIT via Okta is the closest to automated: configure the Clari SAML app in Okta, map required attributes (email, firstName, lastName, role), assign to the user or group, and the Clari account is created on first SSO login - but only on first login, and only if the IdP assignment is in place beforehand.
For deprovisioning, the process is explicitly two-step: revoke the Okta or Entra ID application assignment to block login, then manually deactivate the account in Clari Admin UI. there is no event-driven sync that propagates IdP disable actions to Clari account state.
For bulk role updates, no public REST or CSV import path exists - changes must be made individually in the Admin UI, as the revenue data API does not expose user-management endpoints and cannot be repurposed for this use case.
Provision a new user via Okta SAML JIT
- Configure Clari SAML application in Okta using SP metadata from Clari Admin settings.
- Map required SAML attributes (email, firstName, lastName, role) in Okta attribute statements.
- Assign the Okta application to the user or group.
- User logs in via SSO for the first time; Clari creates the account via JIT provisioning.
- Admin verifies user appears in Clari Admin > Users and assigns appropriate role/team.
Watch out for: JIT provisioning only creates the user on first login; deprovisioning (disabling/removing) must be done manually in Clari Admin or by revoking SSO access in Okta, which blocks login but may not immediately deactivate the Clari account.
Deprovision a user when offboarding
- Remove or suspend the user from the Okta/Entra ID application assignment to block SSO login.
- Log in to Clari Admin UI and manually deactivate or remove the user account.
- Reassign any open opportunities or forecasts owned by the departing user to another rep.
Watch out for: Without SCIM, deprovisioning is a two-step manual process (IdP + Clari Admin). There is no automated sync to deactivate Clari accounts when an IdP user is disabled.
Bulk user role update via Admin UI
- Log in to Clari as an Administrator.
- Navigate to Admin > Users.
- Filter or search for target users.
- Update roles or team assignments individually; no bulk API or CSV import is publicly documented.
Watch out for: No public REST API for bulk user updates exists. Large-scale role changes require manual UI work or a custom integration built on top of Clari's revenue data API (which does not expose user-management endpoints).
Why building this yourself is a trap
The core integration risk is the gap between IdP state and Clari account state. Because SCIM is absent, disabling a user in Okta or Entra ID blocks SSO login but leaves the Clari account active - meaning the account persists in the identity graph as provisioned even after the employee is offboarded.
For teams using an MCP server with 60+ deep IT/identity integrations to maintain a unified identity graph, Clari will appear as a perpetually-provisioned app for any user whose IdP access was revoked without a corresponding manual deactivation in Clari Admin.
Additionally, the Clari–Salesloft merger (2025) introduces API surface uncertainty; any integration built today should be treated as subject to revision pending official post-merger developer documentation.
Automate Clari workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
