Summary and recommendation
Tessian does not expose a public REST API, SCIM endpoint, or developer portal for user management.
No OpenAPI spec, API reference, or webhook system for user lifecycle events has been published by Tessian or Proofpoint as of this research.
User provisioning is entirely IdP-driven - Okta and Microsoft Entra ID are the documented integration paths, using IdP-side SCIM app integrations rather than any native Tessian API surface.
Any identity graph automation targeting Tessian must route through the upstream IdP rather than calling Tessian directly.
API quick reference
| Has user API | No |
| SCIM available | No |
| SCIM plan required | Enterprise |
Authentication
Auth method: Not documented
User object / data model
User object field mapping is not yet verified for this app.
Core endpoints
Endpoint coverage is not yet verified for this app.
Rate limits, pagination, and events
Rate limits: Not documented
Rate-limit headers: No
Retry-After header: No
Rate-limit notes: Not documented
Pagination method: none
Default page size: 0
Max page size: 0
Pagination pointer: Not documented
Webhooks available: No
Webhook notes: No publicly documented webhook system for user-management events found in Tessian or Proofpoint official documentation.
Alternative event strategy: User lifecycle events are managed via IdP (Okta, Microsoft Entra ID) SCIM provisioning flows rather than native webhooks.
SCIM API status
- SCIM available: No
- SCIM version: Not documented
- Plan required: Enterprise
- Endpoint: Not documented
Limitations:
- No native SCIM endpoint is publicly documented by Tessian or Proofpoint.
- User provisioning is handled through IdP connectors (Okta, Microsoft Entra ID) using IdP-side SCIM app integrations.
- Post-acquisition by Proofpoint (December 2023), the product roadmap and any future API/SCIM surface are subject to change under Proofpoint's platform.
- No public developer documentation or API reference has been published for Tessian user management.
Common scenarios
No programmable user management scenarios are currently supported via a Tessian-native API.
The only viable automation path is indirect: manage users in Okta or Microsoft Entra ID, rely on the IdP's SCIM provisioning to sync state to Tessian, and treat Tessian as a downstream consumer of IdP-managed identity data.
There are no documented endpoints for create, read, update, or deactivate operations, no pagination contract to reason about, and no rate limit headers to handle.
Webhook-based event triggers for user lifecycle changes are also absent from public documentation.
Scenario implementations are not yet verified for this app.
Why building this yourself is a trap
The core risk is assuming that because Tessian integrates with Okta or Entra ID, it exposes a manageable API surface - it does not. The integration is one-directional and IdP-owned; Tessian has no published mechanism for a caller to query or mutate user state independently.
Post-acquisition by Proofpoint in December 2023, any future API or SCIM capabilities will be governed by Proofpoint's platform roadmap, which has not been publicly communicated. Building any identity graph pipeline that assumes a Tessian API endpoint will exist or remain stable is not supportable by current public documentation;
confirm directly with Proofpoint before designing any automated provisioning dependency on Tessian.
Automate Tessian workflows without one-off scripts
Stitchflow builds and maintains end-to-end IT automation across your SaaS stack, including apps without APIs. Built for exactly how your company works, with human approvals where they matter.
