API to manage users

Hi,

I am new to the Monday.com platform and we are trying to integrate the experience into our IDP which includes provisioning users to remote platforms. For other systems this has been done by using REST API calls that would allow us to create and setup access for our users from a central service. This allows our support team to allocate access and revoke access to systems based on requests, etc.

Looking through the available documentation it looks like that the API within Monday.com only allows read access to the Users object, is this correct and if so do you have another option we could use to achieve our functionality of managing user access/permissions from our central system?

Kind regards,

Nigel

Hey Nigel,

You can use our SSO solution with Custom SAML 2.0 to do this. Do note that we support just-in-time provisioning for now. Here’s some documentation about it: Custom SAML

What do you think?

Hi,

Just to confirm is this the only option available, if so will explore this option further.

In terms of SAML2, do you have more details on the following area:
If you wish to enable full provisioning, please generate the token, and follow your IDP instructions to enable this. Monday.com supports IDP Initiated Flow or SP Initiated Flow.

We use ForgeRock AM for our IDP, if that helps form a response.

I am trying to understand what sort of control we can achieve with the users in Monday.com, this includes restricting access to only certain users, able to deactivate a user if they leave, etc.

Kind regards,

Nigel

Hey Nigel,

If you use Single Sign-on, you will be able to restrict access to monday.com to certain users based on the groups in your IDP. For example, if you only want the marketing department to access the tool, you can set up those permissions.

At the moment our SSO solution supports provisioning new users when they are added to the app in the IDP and restricting login if they don’t have permission, but does not support deactivation. That is, a provisioned user will continue to be active in monday.com until you deactivate them in the admin section.

I hope that covers the SSO solution and how it could benefit your team. Let me know what you think!