Summary and recommendation
Mosaic does not publish a public REST API or developer documentation as of the research date. There are no documented endpoints for user creation, role assignment, deactivation, or any other identity lifecycle operation. All user management is handled exclusively through the Mosaic web UI.
Microsoft Entra ID is listed as a supported SSO identity provider, but SCIM-based automated provisioning is not confirmed even at the Enterprise tier. Webhooks are also undocumented, with no alternative event-streaming mechanism identified. Any integration requiring programmatic user management should be treated as unsupported until confirmed directly with Mosaic sales or support.
For teams building an identity graph across their SaaS stack, Mosaic represents a blind spot: there is no API surface to query current role assignments, detect drift, or trigger deprovisioning events.
An MCP server with 60+ deep IT/identity integrations can surface this gap explicitly, but cannot resolve it without a supported API or SCIM endpoint on Mosaic's side.
API quick reference
| Has user API | No |
| SCIM available | No |
| SCIM plan required | Enterprise |
Authentication
Auth method: Not documented
User object / data model
User object field mapping is not yet verified for this app.
Core endpoints
Endpoint coverage is not yet verified for this app.
Rate limits, pagination, and events
Rate limits: Not documented
Rate-limit headers: No
Retry-After header: No
Rate-limit notes: Not documented
Pagination method: none
Default page size: 0
Max page size: 0
Pagination pointer: Not documented
Webhooks available: No
Webhook notes: No webhook documentation found in official sources.
Alternative event strategy: No documented alternative event-streaming mechanism found.
SCIM API status
- SCIM available: No
- SCIM version: Not documented
- Plan required: Enterprise
- Endpoint: Not documented
Limitations:
- No SCIM provisioning documented in official help center or developer docs as of research date.
- Microsoft Entra ID SSO integration is listed, but automated user provisioning via SCIM is not confirmed.
- Enterprise plan is required for SSO; SCIM availability is unconfirmed even at that tier.
Common scenarios
No API scenarios can be documented because no public API exists. The absence of endpoints, auth methods, rate limit headers, and pagination mechanisms means there is no technical surface to describe. If Mosaic exposes a private or beta API for enterprise accounts, it is not reflected in any official help center or developer documentation reviewed during research.
Developers evaluating Mosaic for programmatic integration should contact Mosaic directly to ask about private API access, any roadmap for SCIM support, and whether Enterprise contracts include undocumented provisioning hooks.
Scenario implementations are not yet verified for this app.
Why building this yourself is a trap
The core trap is assuming that SSO support implies SCIM support - it does not in Mosaic's case. Entra ID SSO can authenticate users, but it cannot provision or deprovision them automatically.
An employee terminated in your IdP will lose the ability to log in via SSO, but their Mosaic seat remains active and billable until an admin manually deactivates it.
There are no rate limit headers, no retry-after signals, and no webhook events to build against - because there is no API. Any automation layer built on top of Mosaic today would require UI-level scripting or manual intervention, both of which are fragile and unauditable.
The identity graph cannot be kept current without a supported programmatic interface.
Automate Mosaic workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
