User Management Overview
The user management API allows the provisioning and management of Firstup users both in Firstup and in other cloud-based applications using SCIM.
Using our user creation API, you can create users in Firstup from accounts in external HRIS or SSO applications, such as Workday, Okta, Microsoft Entra, etc.
Users API
Manage users in your Firstup platform through the API. Add, edit, and remove users for Creator Studio and the member experience. Assign user roles and permissions, and manage user attributes, including custom fields.
Use unique identifiers for single-sign-on (SSO) provisioning, enabling seamless access to multiple applications. Users created via the API follow the same onboarding process as those added in Creator Studio.
With the API, you can:
- Automate user provisioning and lifecycle management using SCIM-compliant endpoints.
- Create and update user accounts, including role and attribute assignment.
- Integrate SSO by creating accounts with universal identifiers.
- Use PATCH operations for efficient, partial user updates.
User Management API
Browse our User Management API reference.
User Management Use Cases
Browse our use cases for examples of updating, reading and changing user records.
User Provision Use Cases
Browse our use cases for examples of user uploading, assigning user attributes, managing new users, etc.
User Roles Use Cases
Browse our user roles, access and permissions use cases for examples of how to control users access in your community and Creator Studio environment.
Refer to SCIM user attributes for the full table of SCIM-compliant user attributes.
Refer to custom user attributes for custom Firstup attributes.
API Limitations
- You cannot currently create a Studio user with advanced or customized roles and permissions. Find further information and guidance on roles here.
- You cannot currently get both user groups created in Studio and user groups created by SCIM API in the same call. Either use the API to create and manage all users, or only create and manage users in Studio.
- Does not currently integrate directly with Azure. The current workaround is a customized endpoint.
Role-Based Access Control
Only users with an administrator or program_manager role can manage users via the API.
- The
rolesfield must be provided using the SCIM object format. - You can only assign roles equal to or lower than your own.
- Roles are validated during user creation and update.
To view available roles, use:
GET /scim/v2/Roles
Role Limitations
- Advanced/Custom roles (Studio permissions) are not currently assignable via the API.
- Only one role per user is supported.
- The
/scim/v2/Users/meendpoint requires a user-scoped token (OAuth2 Authorization Code flow). It is not accessible using client credentials.
Refer to the Role Provisioning Guide for more details.
SCIM
What is SCIM?
SCIM is used by single-sign-on (SSO) services and identity providers to manage people across a variety of tools and platforms, including Firstup. This means SCIM allows the users you have created in Studio to be recognized by other integrated systems and platforms.
For example, if your member experience is integrated in a platform shell, which also allows them to access their HR timesheet app, SCIM will recognize the same user for each of these applications.
Our SCIM implementation targets protocol SCIM 2.0.
For further guidance on SCIM:
SCIM Patching Guide
Comprehensive guidance on how to edit users and user groups.
User SCIM Attributes
Comprehensive guidance on how to edit users and user groups.
User Editing Use Cases
Browse our use cases for examples of updating and editing user records.
PATCH User Endpoint
Take a look at the PATCH user endpoint.
PATCH User Group Endpoint
Take a look at the PATCH user group endpoint.