Summary and recommendation
Proof does not expose a public REST API for user management as of the research date. There is no SCIM endpoint, no documented webhook system, and no programmatic interface for reading or writing user records.
The sole supported provisioning mechanism is SAML 2.0 JIT provisioning, which creates user accounts on first authenticated login but does not support deprovisioning, attribute sync, or group push.
Any identity graph built against Proof must treat it as a read-blind node: you can assert identity via your IdP, but you cannot query or mutate user state through an API.
API quick reference
| Has user API | No |
| SCIM available | No |
| SCIM plan required | Enterprise (Command Center) |
Authentication
Auth method: Not documented
User object / data model
User object field mapping is not yet verified for this app.
Core endpoints
Endpoint coverage is not yet verified for this app.
Rate limits, pagination, and events
Rate limits: Not documented
Rate-limit headers: No
Retry-After header: No
Rate-limit notes: Not documented
Pagination method: none
Default page size: 0
Max page size: 0
Pagination pointer: Not documented
Webhooks available: No
Webhook notes: No webhook documentation found in official sources.
Alternative event strategy: No known programmatic alternative; user lifecycle is managed via SAML 2.0 JIT provisioning through the Command Center SSO configuration.
SCIM API status
- SCIM available: No
- SCIM version: Not documented
- Plan required: Enterprise (Command Center)
- Endpoint: Not documented
Limitations:
- No SCIM provisioning documented in official Proof help center or developer resources.
- User provisioning is handled via SAML 2.0 JIT provisioning only.
- Domain verification is required before SSO/JIT can be enabled.
- SSO requires the Proof Command Center plan.
Common scenarios
Given the absence of a user management API, SCIM endpoint, and webhooks, there are no supported programmatic provisioning or deprovisioning scenarios for Proof at this time. Lifecycle management is limited to what SAML 2.
0 JIT provisioning can accomplish at login time. Offboarding must be handled by disabling or deprovisioning the user in the upstream IdP (Okta or Entra ID) to block future SSO access; there is no confirmed API call or webhook event to trigger account deactivation within Proof directly.
Developers integrating Proof into an automated IAM pipeline should treat it as requiring manual intervention for any lifecycle event beyond initial provisioning.
Scenario implementations are not yet verified for this app.
Why building this yourself is a trap
The primary integration trap with Proof is assuming JIT provisioning provides full lifecycle coverage - it does not. JIT creates accounts on first login but leaves deprovisioning, role updates, and access auditing outside any automated flow.
There is no SCIM API to sync against, no webhook to consume for user state changes, and no documented rate limits or pagination because there are no API endpoints to call. Supported IdPs are limited to Okta and Microsoft Entra ID; Google Workspace and OneLogin are not documented as compatible.
The Command Center plan is required before any SSO or JIT capabilities are accessible, and domain verification must be completed as a prerequisite - both represent blockers that can delay integration timelines if not addressed during procurement.
Automate Proof workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
