To add and manage users in Postman as a team admin for a large organization, you can either send invites to the members of your organization requesting them to join your Postman team or set up SSO self-provisioning, available on our Business and Enterprise plans (see all Postman plans). However, even with SSO self-provisioning, each new team member is required to authenticate into the Postman team via SSO to create a Postman account and join the team. This can be time-consuming and tedious to manage—plus, there can be uncertainty around if and when a user will take the necessary steps to join your organization’s Postman team.
For user deprovisioning, as a team admin, you need to explicitly remove the user from your Postman team to revoke all team accesses granted to the user and to release the team license consumed by the user. Again, in addition to being monotonous, this manual process is error-prone and may result in security or data compliance issues for the organization.
SCIM (System for Cross-domain Identity Management), is an open standard designed to manage and synchronize user identity information across various applications an organization uses. Within Postman, SCIM automates the following:
Provisioning: Creates a new user on your Postman team, if one does not already exist, and activates the user to authenticate into your Postman team.
Deprovisioning: Removes a user from your Postman team and deactivates their account, blocking the account from authenticating into Postman.
Online Postman API test
With this feature, you can efficiently deploy Postman at scale across your organization and manage your team users via an identity provider (IdP) or directly via the Postman SCIM API.
While SSO enables users to add themselves to a team with self-provisioning, SCIM enables the automatic addition of users into a team, and it helps centrally control and maintain user information along with the user account state (activated or deactivated). In addition, SCIM helps enterprise customers adhere to their security and compliance policies while enabling them to use their Postman licenses wisely.
Furthermore, with SCIM support for Postman, your organization can quickly and automatically provision user access to Postman along with the other internal applications your organization uses. When a new employee joins the organization and the IT admin sets up their user account information, provisioning can be configured to add the employee to the organization’s Postman team automatically or with just a few clicks from the identity provider your organization uses (see Okta integration).
How to get started
Generating a SCIM API key in the Authentication page of Postman
The SCIM support for Postman is available on the Enterprise plan. To use SCIM in Postman, head over to the Authentication settings page. As a team admin, you can enable SCIM and generate a SCIM API key to set up the SCIM integration with your identity provider or use the Postman SCIM API directly.
Learn more about the SCIM integration for Postman here.
Postman provides a wide range of functions and features to assist with API development, testing, and collaboration. Here are some commonly used functions in Postman:
Creating and Managing Requests: Postman allows you to create API requests by specifying the request method, URL, headers, parameters, and body. You can manage and organize requests within collections, including creating folders, adding descriptions, and reordering requests.
Request and Response Visualization: Postman provides a user-friendly interface to view and analyze request and response data. It supports syntax highlighting for various data formats such as JSON, XML, and HTML, making it easier to understand and validate the data.
Environment and Variables: Postman allows you to define variables and environments. Variables enable you to store and reuse dynamic values across requests, making them flexible and easy to maintain. Environments provide sets of variables specific to different environments (e.g., development, staging, production).
Pre-request Scripts: Postman enables you to execute scripts before sending API requests using pre-request scripts. These scripts can be used to dynamically generate values, manipulate data, or set variables based on specific conditions.
Collection Runner: The Collection Runner allows you to execute a series of requests in a collection. It enables you to perform data-driven testing by iterating over multiple sets of data or environments. You can configure iterations, delays, and data sources for more comprehensive testing.
Mock Servers: Postman allows you to create mock servers for simulating API responses without a live backend. Mock servers are useful during development, allowing frontend developers to work independently by providing simulated API responses.
Documentation Generation: Postman can automatically generate documentation for your APIs based on your requests and collections. It provides a simple way to share API specifications and details with stakeholders.
Collaboration and Teamwork: Postman offers collaboration features such as sharing collections, collaborating on requests, and commenting on specific requests or collections. It also supports version control integration to manage changes and updates effectively.
Integration and Automation: Postman integrates with various tools and services, including version control systems (e.g., Git), CI/CD platforms (e.g., Jenkins), and API management solutions. It provides options for integrating with these tools to automate API testing and deployment processes.