Summary and recommendation
Cognism does not publish a public REST API for user management. All programmatic user lifecycle operations - provisioning, attribute updates, and deactivation - are handled exclusively through SCIM 2.0 via Okta. No developer portal or public API reference exists as of the research date; any undocumented endpoints should not be relied upon in production integrations.
The SCIM tenant URL and bearer token are generated inside the Cognism admin console and are not disclosed in public documentation.
API quick reference
| Has user API | No |
| SCIM available | Yes |
| SCIM plan required | Enterprise |
Authentication
Auth method: Not documented
User object / data model
User object field mapping is not yet verified for this app.
Core endpoints
Endpoint coverage is not yet verified for this app.
Rate limits, pagination, and events
Rate limits: Not documented
Rate-limit headers: No
Retry-After header: No
Rate-limit notes: Not documented
Pagination method: none
Default page size: 0
Max page size: 0
Pagination pointer: Not documented
Webhooks available: No
Webhook notes: No webhook capability for user-management events is documented in official Cognism sources.
Alternative event strategy: SCIM provisioning via Okta is the supported mechanism for automated user lifecycle management.
SCIM API status
SCIM available: Yes
SCIM version: 2.0
Plan required: Enterprise
Endpoint: Not documented
Supported operations: Create Users, Update User Attributes, Deactivate Users, Push Groups
Limitations:
- SCIM is only supported through Okta as the identity provider; no documented direct SCIM endpoint for other IdPs.
- Requires SAML 2.0 SSO to be configured as a prerequisite before enabling SCIM.
- Restricted to Enterprise plan customers; not available on Platinum or lower tiers.
- Microsoft Entra ID and Google Workspace SCIM provisioning are not officially documented.
- SCIM base URL and bearer token are not publicly disclosed; must be obtained from Cognism support/admin console after Enterprise provisioning.
Common scenarios
Three SCIM-based automation scenarios are supported on Enterprise: (1) Automated provisioning - configure the Okta Cognism app with the SCIM base URL and bearer token, then enable Create Users, Update User Attributes, and Deactivate Users.
(2) Deprovisioning - unassigning or deactivating a user in Okta sends a SCIM PATCH (active: false) to Cognism, suspending login access, though saved lists and exported data are not removed. GDPR erasure requires a separate request to Cognism support.
(3) Group push - Okta groups can be pushed to Cognism via SCIM, but role mapping is not fully automated; manual role assignment inside the Cognism UI may still be required after group sync.
The SCIM token is single-use at generation - re-generating it invalidates the previous token and breaks existing provisioning until Okta is updated.
Automated user provisioning via Okta SCIM
- Ensure Cognism Enterprise plan is active and SAML 2.0 SSO is configured in Okta.
- In the Cognism admin console, navigate to SSO/SCIM settings and generate a SCIM bearer token and tenant URL.
- In Okta, open the Cognism app integration and go to the Provisioning tab.
- Enter the SCIM base URL and bearer token from step 2.
- Enable 'Create Users', 'Update User Attributes', and 'Deactivate Users' in Okta provisioning settings.
- Assign users or groups to the Cognism Okta app to trigger provisioning.
Watch out for: SCIM token is single-use at generation; store it securely. Re-generating invalidates the previous token and breaks existing provisioning until Okta is updated.
Deprovisioning a user when they leave the organization
- In Okta, unassign the departing user from the Cognism app, or deactivate the user in Okta.
- Okta sends a SCIM PATCH (active: false) to Cognism, deactivating the account.
- Confirm deactivation in the Cognism admin console under user management.
- Contact Cognism support if data deletion (GDPR erasure) is also required, as SCIM deactivation alone does not delete user data.
Watch out for: SCIM deactivation suspends login access but does not remove the user's saved lists or exported data from Cognism's backend.
Push Okta groups to Cognism for role/team assignment
- In Okta, enable 'Push Groups' in the Cognism app provisioning settings.
- Select the Okta groups to push (e.g., Sales Team, Admins).
- Okta creates corresponding groups in Cognism via SCIM.
- Verify group membership in the Cognism admin console.
- Assign Cognism roles or seat types to the synced groups within the Cognism UI (role mapping is not fully automated via SCIM).
Watch out for: Cognism's SCIM group support may not map directly to internal permission roles; manual role assignment inside Cognism may still be required after group push.
Why building this yourself is a trap
The absence of a public user management API creates a hard dependency on Okta as the sole identity graph integration point for automated provisioning.
Teams building identity graph pipelines that aggregate user state across SaaS tools cannot pull or push Cognism user records directly - there is no REST endpoint, no webhook for user-lifecycle events, and no documented SCIM support for Entra ID or Google Workspace.
This means Cognism user state is effectively opaque to any orchestration layer that does not route through Okta, creating a blind spot in cross-app identity reconciliation. SCIM provisioning also requires SAML 2.0 SSO to be fully configured as a prerequisite, adding a sequencing constraint that can delay automation setup for new Enterprise customers.
Automate Cognism workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
