Skip to main content
  1. Contact Support – We will enable SCIM for your site.
  2. Generate Token – A SCIM bearer token will be generated for your site. We store only the encrypted token in our system.
  3. Configure in IdP – Enter the SCIM base URL https://rcm-api.athelas.com/v1/scribe/scim/v2/ and bearer token (provided by your Commure point of contact) in your IdP’s SCIM configuration page.
  4. Assign Users/Groups – Provisioning can be done by assigning users directly or by assigning the app to a group.
We implement the standard SCIM endpoints:Users
GET    /Users           - List users
GET    /Users/{id}      - Retrieve user
POST   /Users           - Create user
PATCH  /Users/{id}      - Update user
PUT    /Users/{id}      - Replace user
DELETE /Users/{id}      - Deactivate user
Groups
GET    /Groups          - List groups
GET    /Groups/{id}     - Retrieve group
POST   /Groups          - Create group
PATCH  /Groups/{id}     - Update group membership
When configuring SCIM in your IdP, use the following mappings (not all are required):
SCIM Attribute PathRequiredExample ValueNotes
userNameYes[email protected]Used as the login/username (must be unique)
name.givenNameYesJaneFirst name
name.familyNameYesDoeLast name
emails[type eq "work"].valueYes[email protected]Primary email address
activeYestrueDeactivation in IdP disables the user here
urn:ietf:params:scim:schemas:extension:custom:2.0:User:roleNoADMIN or PROVIDERDefaults to PROVIDER if not provided
urn:ietf:params:scim:schemas:extension:custom:2.0:User:npiNo1234567890Defaults to 0 if empty
urn:ietf:params:scim:schemas:extension:custom:2.0:User:facilityNoMain ClinicFacility name

Supported Operations

  • User provisioning – Add, update, deactivate users.
  • PATCH operations – Supports replace operations on attributes.
  • Group membership updates – Manage group assignments through the groups path.
  • Custom attributes – Additional attributes supported:
    • npi
    • facility
    • role (either ADMIN or PROVIDER, defaults to PROVIDER)
Note: If npi is passed as an empty value, it defaults to 0.

Groups Support

  • We support group-based user assignment.
  • We do not support dynamic group pushes.
  • Group membership updates via PATCH are supported.

Security

  • All communication with SCIM endpoints must be authenticated using the SCIM bearer token.
  • Tokens are unique per site and stored only in encrypted form.

Next Steps

  • In your IdP, configure SCIM with the Base URL: https://rcm-api.athelas.com/v1/scribe/scim/v2/ and Bearer Token we provide.
  • Assign users or groups to the application to automatically provision accounts.
  • Deactivating a user in your IdP will deactivate them in our system.

Troubleshooting

  • Microsoft Entra ID (Azure AD): Uses PATCH heavily for updates. Ensure PATCH is enabled in your configuration.
  • Okta: Supports both direct user assignment and group-based assignment.
  • Ensure that the required field emails is provided for each provisioned user and/or any optional fields you wish to configure.
If you are experiencing an issue that is not listed here, please reach out to our support team so we can help you resolve it.