Restrictions using the SCIM API

This topic lists and explains restrictions on provisioning via the Quick Base SCIM API.

Allowable usernames

Usernames cannot have spaces or be longer than 255 characters. Special characters are allowed.

Preventing conflicts with email addresses as usernames

If an email address is specified as a username, Quick Base verifies updates to usernames to prevent conflicts with existing users.

For example, in this scenario, a new user can be provisioned without conflict:

User Username Email address

User 1 (existing user)

user@example.com

a@example.com

User 2 (new provisioned user)

user2

a@example.com

But a conflict is caused if an email update occurs as follows, because user@example.com already exists as a username.

User Username Email address

User 1

user@example.com

a@example.com

User 2

user2

user@example.com

Sign-in must use SSO

Sign-in to Quick Base must use SSO, because of the method by which usernames provisioned via the SCIM API are stored.

Deletions

Deletions via the SCIM API are mapped as denied users in Quick Base.

Updates to basic information limited to in-company

Updates to basic information (first name, last name, email address) are limited to those within the same company. Updates to basic information for usernames outside the company are not supported.

Link only through primary emails

Quick Base supports linking via the value set for primary emails only.

App sharing

To share Quick Base apps, users must share the app with the email address of the SCIM user, or with the Quick Base username (if the user had already existed in Quick Base before provisioning).

Provisioned existing users

If you use the SCIM API to provision existing users, and the user already has a Quick Base username set, the Quick Base username will be cleared.

Deactivated users

You cannot use the SCIM API to restore any Quick Base users that have a status of deactivated.

Rate limitation

SCIM API usage rate may be limited. If your requests are being limited, an HTTP: 429 error will be returned. Most IdM tools recognize rate limit status and automatically retry.

Restrictions on changing SCIM users from Quick Base

The following activities cannot be completed using the Quick Base Admin Console. You must use an IdM provider or the SCIM API:

  • Deny users

  • Update email, username, firstname, lastname

Group mapping management restrictions from Quick Base
  • You cannot appoint new managers, or promote users to managers.

  • You must manage the following items through your IdM application: add or remove SCIM members, and delete or rename SCIM groups.

  • You cannot link existing groups in Quick Base to SCIM groups in your IdM application. All SCIM groups are new groups.

  • You cannot rename or create a non-SCIM group using an existing SCIM's group name. Each SCIM group name is unique within a realm. For example, you cannot create a non-SCIM group using "QB_PD" because a SCIM group with the same name exists within the same realm:

    Group Type Group Name Creation Status
    SCIM group QB_PD existing group
    Non-SCIM group QB_PD name conflict
  • With subscriptions and email notifications, if an existing user has the same username as a SCIM group in the same realm, then any subscriptions or email notifications created are sent to the user. For example, within the same realm, if there is a user with the username "sales" and a new SCIM group is created with the name "sales", then any subscription or email notification is sent to the user.

  • You cannot create nested SCIM groups.

Related Topics:

 

Go back    |     

© 1999-2019 QuickBase, Inc. All rights reserved. Legal Notices.