Stitchflow
Back to directory
Coralogix logo

Coralogix User Management API Guide

API workflow

How to automate user lifecycle operations through APIs with caveats that matter in production.

UpdatedMar 17, 2026

Summary and recommendation

Coralogix exposes a SCIM 2.0 API at https://<cluster>.coralogix.com/scim for full user and group lifecycle management.

Authentication splits into two distinct credential types: a Teams API Key (Bearer token) for REST operations and a separately generated SCIM token (Settings → SCIM) exclusively for SCIM endpoints

these are not interchangeable.

The base URL is region-specific;

using the wrong cluster domain (e.g., coralogix.com vs.

eu2.coralogix.com vs.

coralogixsg.com) returns 401 or 404 errors with no clear signal about the root cause.

SCIM is gated behind the Business tier and requires SSO (SAML) to be active before provisioning can be enabled.

This API surface integrates cleanly into an identity graph where IdP group membership drives Coralogix team role assignment, making it suitable for automated joiner/mover/leaver workflows at scale.

API quick reference

Has user APIYes
Auth methodAPI Key (Bearer token) — a Coralogix 'Teams API Key' or 'Personal API Key' passed as Authorization: Bearer <key>
Base URLOfficial docs
SCIM availableYes
SCIM plan requiredBusiness (custom pricing); SSO must be configured as a prerequisite

Authentication

Auth method: API Key (Bearer token) - a Coralogix 'Teams API Key' or 'Personal API Key' passed as Authorization: Bearer

Setup steps

  1. Log in to Coralogix and navigate to Settings → API Keys.
  2. Create a 'Teams API Key' with the required scopes (e.g., 'User Management') for programmatic access, or use a 'Personal API Key' for user-scoped operations.
  3. Copy the generated key; it is shown only once.
  4. Pass the key in every request header: Authorization: Bearer .
  5. For SCIM provisioning, generate a dedicated SCIM token under Settings → SCIM and use it as the Bearer token in your IdP connector.

Required scopes

Scope Description Required for
User Management Allows creating, reading, updating, and deleting users within the team. All user CRUD operations via REST and SCIM
Read Only Allows read-only access to team and user data. GET /users, GET /teams

User object / data model

Field Type Description On create On update Notes
id string Unique Coralogix user identifier. system-assigned immutable Used as the SCIM resource ID.
userName string User's email address; used as the login identifier. required allowed Must be a valid email. Maps to SCIM userName.
name.givenName string User's first name. optional allowed SCIM name sub-attribute.
name.familyName string User's last name. optional allowed SCIM name sub-attribute.
emails array List of email objects; primary email used for login. required allowed SCIM multi-valued attribute.
active boolean Whether the user account is active. optional (defaults true) allowed Setting to false deactivates the user without deleting.
roles array Assigned roles within the Coralogix team (e.g., Admin, User, ReadOnly). optional allowed Role names are Coralogix-specific; not a standard SCIM attribute.
groups array SCIM groups the user belongs to. optional allowed Managed via SCIM Groups endpoint.
externalId string Identifier from the external IdP (e.g., Okta user ID). optional allowed Used by SCIM to correlate IdP and Coralogix records.
meta.created string (ISO 8601) Timestamp when the user was created. system-assigned immutable SCIM meta attribute.
meta.lastModified string (ISO 8601) Timestamp of last modification. system-assigned system-assigned SCIM meta attribute.

Core endpoints

List Users (SCIM)

  • Method: GET
  • URL: https://<cluster>.coralogix.com/scim/Users
  • Watch out for: The cluster subdomain varies by region (e.g., coralogix.com, eu2.coralogix.com, coralogixsg.com). Use the correct regional endpoint.

Request example

GET /scim/Users
Authorization: Bearer <scim_token>
Accept: application/scim+json

Response example

{
  "schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
  "totalResults": 2,
  "Resources": [
    {"id":"u1","userName":"alice@example.com","active":true}
  ]
}

Get User by ID (SCIM)

  • Method: GET
  • URL: https://<cluster>.coralogix.com/scim/Users/{id}
  • Watch out for: Returns 404 if the user ID does not exist in the team.

Request example

GET /scim/Users/u1
Authorization: Bearer <scim_token>

Response example

{
  "schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
  "id": "u1",
  "userName": "alice@example.com",
  "active": true
}

Create User (SCIM)

  • Method: POST
  • URL: https://<cluster>.coralogix.com/scim/Users
  • Watch out for: An invitation email may be sent to the new user. Duplicate userName returns a 409 Conflict.

Request example

POST /scim/Users
Authorization: Bearer <scim_token>
Content-Type: application/scim+json

{"schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],"userName":"bob@example.com","active":true}

Response example

{
  "id": "u2",
  "userName": "bob@example.com",
  "active": true,
  "meta": {"created": "2024-01-10T10:00:00Z"}
}

Update User (SCIM PATCH)

  • Method: PATCH
  • URL: https://<cluster>.coralogix.com/scim/Users/{id}
  • Watch out for: PATCH is the preferred update method; PUT (full replace) support should be verified against current docs.

Request example

PATCH /scim/Users/u2
Authorization: Bearer <scim_token>
Content-Type: application/scim+json

{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"replace","path":"active","value":false}]}

Response example

{
  "id": "u2",
  "userName": "bob@example.com",
  "active": false
}

Delete User (SCIM)

  • Method: DELETE
  • URL: https://<cluster>.coralogix.com/scim/Users/{id}
  • Watch out for: Deletion is permanent. Consider deactivating (active=false) instead of deleting to preserve audit history.

Request example

DELETE /scim/Users/u2
Authorization: Bearer <scim_token>

Response example

HTTP 204 No Content

List Groups (SCIM)

  • Method: GET
  • URL: https://<cluster>.coralogix.com/scim/Groups
  • Watch out for: Groups map to Coralogix teams/roles; group membership changes may affect user permissions immediately.

Request example

GET /scim/Groups
Authorization: Bearer <scim_token>

Response example

{
  "schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
  "totalResults": 1,
  "Resources": [{"id":"g1","displayName":"Admins"}]
}

Create Group (SCIM)

  • Method: POST
  • URL: https://<cluster>.coralogix.com/scim/Groups
  • Watch out for: Group names must be unique within the team.

Request example

POST /scim/Groups
Authorization: Bearer <scim_token>
Content-Type: application/scim+json

{"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"displayName":"Developers","members":[]}

Response example

{
  "id": "g2",
  "displayName": "Developers",
  "members": []
}

Filter Users (SCIM)

  • Method: GET
  • URL: https://<cluster>.coralogix.com/scim/Users?filter=userName+eq+%22alice@example.com%22
  • Watch out for: Only a subset of SCIM filter operators may be supported; test filter expressions before relying on them in production.

Request example

GET /scim/Users?filter=userName+eq+%22alice@example.com%22
Authorization: Bearer <scim_token>

Response example

{
  "totalResults": 1,
  "Resources": [{"id":"u1","userName":"alice@example.com"}]
}

Rate limits, pagination, and events

  • Rate limits: Coralogix does not publicly document specific rate-limit thresholds for the user-management or SCIM APIs in official docs as of the research date.

  • Rate-limit headers: No

  • Retry-After header: No

  • Rate-limit notes: No rate-limit headers or Retry-After behavior documented officially. Contact Coralogix support for current limits.

  • Pagination method: none

  • Default page size: 0

  • Max page size: 0

  • Pagination pointer: Not documented

  • Webhooks available: No

  • Webhook notes: Coralogix does not document outbound webhooks for user-management events (user created, deactivated, etc.) in official docs.

  • Alternative event strategy: Poll SCIM /Users endpoint or use IdP-side event logs (e.g., Okta System Log) to track provisioning activity.

SCIM API status

  • SCIM available: Yes

  • SCIM version: 2.0

  • Plan required: Business (custom pricing); SSO must be configured as a prerequisite

  • Endpoint: https://.coralogix.com/scim

  • Supported operations: GET /Users, GET /Users/{id}, POST /Users, PATCH /Users/{id}, DELETE /Users/{id}, GET /Groups, POST /Groups, PATCH /Groups/{id}, DELETE /Groups/{id}

Limitations:

  • SSO (SAML) must be enabled before SCIM provisioning can be activated.
  • SCIM token is generated separately from standard API keys under Settings → SCIM.
  • Regional cluster URL must match the account's data residency region.
  • PUT (full replace) for Users is not explicitly confirmed in official docs; use PATCH.
  • Pagination parameters (startIndex, count) support level is not explicitly documented.
  • Plan gate: Business tier or above required per context data; confirm with Coralogix sales for current entitlements.

Common scenarios

Three primary automation scenarios are supported by the SCIM surface.

First, new-employee provisioning: configure your IdP SCIM connector with the correct regional base URL and SCIM Bearer token, then assign the user to the Coralogix app in the IdP

a POST /scim/Users with userName (email), name fields, and active=true creates the account.

Second, deactivating a departing employee: filter by userName to retrieve the SCIM ID, then PATCH /scim/Users/{id} with active=false;

this blocks login but preserves the user record and historical data - DELETE is a separate, permanent call.

Third, bulk user auditing: GET /scim/Users returns a ListResponse with a Resources array;

pagination via startIndex and count parameters is not explicitly confirmed in official docs, so test behavior at your user volume before relying on it in production pipelines.

Provision a new employee via SCIM from an IdP

  1. Ensure SSO (SAML) is configured in Coralogix Settings → SSO.
  2. Generate a SCIM token in Coralogix Settings → SCIM.
  3. Configure your IdP (e.g., Okta, Azure AD) SCIM connector with base URL https://.coralogix.com/scim and the SCIM token as Bearer auth.
  4. Assign the user to the Coralogix application in the IdP.
  5. IdP sends POST /scim/Users with userName (email), name, and active=true.
  6. Verify the user appears in Coralogix Settings → Users.

Watch out for: If the regional cluster URL is wrong, the IdP will receive 401 or connection errors. Double-check the cluster domain before configuring the connector.

Deactivate a departing employee

  1. Retrieve the user's SCIM ID: GET /scim/Users?filter=userName+eq+"user@example.com".
  2. Send PATCH /scim/Users/{id} with Operations: [{op: replace, path: active, value: false}].
  3. Confirm the response shows active: false.
  4. Optionally, remove the user from all SCIM Groups via PATCH /scim/Groups/{groupId}.

Watch out for: Deactivation prevents login but does not remove the user record or their historical data. Use DELETE only if full removal is required.

Bulk-list all users for an audit

  1. Send GET /scim/Users with Authorization: Bearer .
  2. Parse the Resources array from the ListResponse.
  3. Check totalResults; if it exceeds the returned count, attempt GET /scim/Users?startIndex=1&count=100 (pagination support unconfirmed - test first).
  4. Export id, userName, active, and roles fields for the audit report.

Watch out for: Pagination behavior (startIndex/count) is not explicitly documented; the full user list may be returned in a single response for small teams, but behavior at scale is unconfirmed.

Why building this yourself is a trap

Several non-obvious failure modes exist. Role assignment via SCIM is not fully documented for standard attributes - group-to-role mapping must be configured in the IdP connector, and custom schema extensions may be required; do not assume the roles array behaves identically to other SCIM implementations.

PUT (full replace) for user objects is unconfirmed; use PATCH exclusively. Rate-limit thresholds are not publicly documented and no Retry-After headers are returned, so back-off logic must be implemented defensively without a documented ceiling to target.

No official SDK exists; all integrations require raw HTTP calls. Finally, removing a user from one SCIM group does not affect their membership or role in other Coralogix teams - group membership changes are scoped and can silently leave access intact elsewhere in the identity graph.

Automate Coralogix workflows without one-off scripts

Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.

Every app coverage, including apps without APIs
60+ app integrations plus browser automation for apps without APIs
IT graph reconciliation across apps and your IdP
Less than a week to launch, maintained as APIs and admin consoles change
SOC 2 Type II. ~2 hours of your team's time
Book a Demo

UpdatedMar 17, 2026

* Details sourced from official product documentation and admin references.

Keep exploring

Related apps

15Five logo

15Five

Full API + SCIM
AutomationAPI + SCIM
Last updatedFeb 2026

15Five uses a fixed role-based permission model with six predefined roles: Account Admin, HR Admin, Billing Admin, Group Admin, Manager, and Employee. No custom roles can be constructed. User management lives at Settings gear → People → Manage people p

Admin guideAPI guide
1Password logo

1Password

Full API + SCIM
AutomationAPI + SCIM
Last updatedFeb 2026

1Password's admin console at my.1password.com covers the full user lifecycle — invitations, group assignments, vault access, suspension, and deletion — without any third-party tooling. Like every app that mixes role-based and resource-level permissions

Admin guideAPI guide
8x8 logo

8x8

Full API + SCIM
AutomationAPI + SCIM
Last updatedFeb 2026

8x8 Admin Console supports full lifecycle user management — create, deactivate, and delete — across its X Series unified communications platform. Every app a user can access (8x8 Work desktop, mobile, web, Agent Workspace) is gated by license assignmen

Admin guideAPI guide