About SCIM API
Learn how to use SCIM provisioning to sync users from your identity provider to your Tealium account.
How it works
System for Cross-domain Identity Management (SCIM) is a standard that automates and simplifies creating, updating, and removing user accounts across cloud apps.
Use SCIM provisioning to automatically sync users from your identity provider (IdP) to Tealium. SCIM creates users with appropriate access during onboarding and removes Tealium access when users are deprovisioned in the identity provider, ensuring consistent offboarding and preventing unauthorized access.
Use a SCIM provisioning connector in your IdP or invoke the SCIM API directly.
Authentication
The Tealium SCIM integration uses a long-lived bearer token to authenticate with applications. Use this bearer token as the SCIM token when you configure your user provisioning application.
All SCIM API calls are authenticated with this bearer token.
The API key and bearer token are linked to the user who generates them. Use a dedicated service user with the required Tealium permissions. A service user is a user account not linked to a person that is used to manage resources. This approach prevents access issues if a regular user account becomes unavailable.
To generate the bearer token:
- Log in to Tealium as a dedicated service user.
- Generate an API key.
- Call the long-lived token endpoint to generate a long-lived bearer token using the following cURL command. Replace the placeholders with your account name, profile name, dedicated username, and the API key:
curl --location 'https://developer.tealiumapis.com/v2/auth-long-lived/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'account={ACCOUNT_NAME}' \
--data-urlencode 'profile=main' \
--data-urlencode 'username={USERNAME@EXAMPLE.COM}' \
--data-urlencode 'key={API_KEY}'
The token should resemble the following example:
{
"access_token":"eyJhbG...53UHg",
"expires_in":35999,
"refresh_expires_in":0,
"token_type":"Bearer",
"not-before-policy":0,
"scope":"profile email"
}
The token expires after 90 days. Regenerate the token as needed.
If you need assistance generating a token or have questions about permissions, contact Tealium Support.
Endpoints and permissions
The Tealium implementation of SCIM supports the following HTTP methods:
| Method | Description | Tealium permissions |
|---|---|---|
POST |
Create a user. | User admin or account admin |
GET |
Retrieve user details or list users. | All account users |
GET |
Retrieve the audit log. | User admin or account admin |
PATCH |
Partially update a user. | User admin or account admin |
PUT |
Replace a user. | User admin or account admin |
DELETE |
Delete a user. | User admin or account admin |
This page was last updated: November 12, 2025