Restrictions using the SCIM API

Don't forget to come by and check out our new RESTful JSON APIs, they can help you utilize and extend Quickbase with ease.

 

This topic lists and explains restrictions on provisioning via the Quickbase SCIM API.

Allowable usernames

Usernames cannot have spaces or be longer than 255 characters. Special characters are allowed.

Preventing conflicts with email addresses as usernames

If an email address is specified as a username, Quickbase verifies updates to usernames to prevent conflicts with existing users.

For example, in this scenario, a new user can be provisioned without conflict:

UserUsernameEmail address

User 1 (existing user)

user@example.com

a@example.com

User 2 (new provisioned user)

user2

a@example.com

But a conflict is caused if an email update occurs as follows, because user@example.com already exists as a username.

UserUsernameEmail address

User 1

user@example.com

a@example.com

User 2

user2

user@example.com

Sign-in must use SSO

Sign-in to Quickbase must use SSO, because of the method by which usernames provisioned via the SCIM API are stored.

Deletions

Deletions via the SCIM API are mapped as denied users in Quickbase.

Updates to basic information limited to in-company

Updates to basic information (first name, last name, email address) are limited to those within the same company. Updates to basic information for usernames outside the company are not supported.

Link only through primary emails

Quickbase supports linking via the value set for primary emails only.

App sharing

To share Quickbase apps, users must share the app with the email address of the SCIM user, or with the Quickbase username (if the user had already existed in Quickbase before provisioning).

Provisioned existing users

If you use the SCIM API to provision existing users, and the user already has a Quickbase username set, the Quickbase username will be cleared.

Deactivated users

You cannot use the SCIM API to restore any Quickbase users that have a status of deactivated.

Rate limitation

SCIM API usage rate may be limited. If your requests are being limited, an HTTP: 429 error will be returned. Most IdM tools recognize rate limit status and automatically retry.

Restrictions on changing SCIM users from Quickbase

The following activities cannot be completed using the Quickbase Admin Console. You must use an IdM provider or the SCIM API:

  • Deny users

  • Update email, username, firstname, lastname

Group mapping management restrictions from Quickbase
  • You cannot appoint new managers, or promote users to managers.

  • You must manage the following items through your IdM application: add or remove SCIM members, and delete or rename SCIM groups.

  • You cannot link existing groups in Quickbase to SCIM groups in your IdM application. All SCIM groups are new groups.

  • You cannot rename or create a non-SCIM group using an existing SCIM's group name. Each SCIM group name is unique within a realm. For example, you cannot create a non-SCIM group using "QB_PD" because a SCIM group with the same name exists within the same realm:

    Group TypeGroup NameCreation Status
    SCIM groupQB_PDexisting group
    Non-SCIM groupQB_PDname conflict
  • With subscriptions and email notifications, if an existing user has the same username as a SCIM group in the same realm, then any subscriptions or email notifications created are sent to the user. For example, within the same realm, if there is a user with the username "sales" and a new SCIM group is created with the name "sales", then any subscription or email notification is sent to the user.

  • You cannot create nested SCIM groups.

Related Topics: