User management API so you are able to use user provisioning for automatic user updates #2212

New Issue

OVERLORD · 2026-02-05T03:20:10+03:00

OVERLORD commented

2026-02-05 03:20:10 +03:00

Originally created by @Mynster9361 on GitHub (Apr 21, 2021).

API Endpoint or Feature

API to access edit and maintain users to be able to use user provisioning and administer it locally from example Azure or other external services that can handle authentication to bookstack through user management API with provisioning.

I am almost certain that Azure is not the only service that provides this feature i could imagine something like Okta or other SSO providers also support this.

Use-Case

To be able to integrate bookstack even further with bookstack.
Currently you can bind groups from bookstack to groups in Azure and make them sync that way and remove users from groups.
But what happens when a user leaves and you delete them from Azure.
The user will still remain in Bookstack until you delete it manually and move the ownership.
(Maybe the content ownership should/could be moved to a default group instead)

Additional Context

I have found some more information on what it does and how user provisioning works for Azure since that is what i use with my bookstack instance
https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/user-provisioning
https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/how-provisioning-works

Originally created by @Mynster9361 on GitHub (Apr 21, 2021). #### API Endpoint or Feature API to access edit and maintain users to be able to use user provisioning and administer it locally from example Azure or other external services that can handle authentication to bookstack through user management API with provisioning. I am almost certain that Azure is not the only service that provides this feature i could imagine something like Okta or other SSO providers also support this. #### Use-Case To be able to integrate bookstack even further with bookstack. Currently you can bind groups from bookstack to groups in Azure and make them sync that way and remove users from groups. But what happens when a user leaves and you delete them from Azure. The user will still remain in Bookstack until you delete it manually and move the ownership. (Maybe the content ownership should/could be moved to a default group instead) #### Additional Context I have found some more information on what it does and how user provisioning works for Azure since that is what i use with my bookstack instance https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/user-provisioning https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/how-provisioning-works

OVERLORD added the 🔩 API Request label 2026-02-05 03:20:10 +03:00

OVERLORD closed this issue

2026-02-05 03:20:13 +03:00

OVERLORD commented

2026-02-05 03:20:23 +03:00

@ssddanbrown commented on GitHub (Feb 8, 2022):

The work in #3238 has now been merged which adds a CRUD user actions to our REST API which allows many task to be automated. Therefore I will close this off.

This issue hinted as SCIM but I didn't know if SCIM was the fundamental requirement of this request. The new API endpoints should allow some level of "SCIM adapter" to be created externally if desired.

I wouldn't really want to implement SCIM directly into BookStack at this stage. I've reached the limit of authentication mechanisms I'm willing to support right now since they are difficult to fully understand and tricky to support for the user-base. I don't want to be spending any more of my own time:

Reading through multiple RFCs
Signing up to auth system trial accounts
Trying to understand where Microsoft have made things awkward and where differences may lie between cloud and on-prem functionality.
Supporting once implemented and attempting to understand what configuration is needed vs what is actually just some strange expectations due to an arcane environment.

Simply put, it's not fun work, and it provides no benefit to the vast majority of users while having a disproportionate negative affect on maintenance and my mental well-being. I'd be happy to reconsider if an enterprise account was willing to work with me while also willing to invest 💵 to make it worth my time.

To pre-emptively answer the question "Would you be willing to accept a PR for SCIM"? No, as it does not solve the above. I would still have to understand the standards & requirements while having the responsibility of stability & maintenance. A PR would only really cover the most fun part, writing the code.

@ssddanbrown commented on GitHub (Feb 8, 2022): The work in #3238 has now been merged which adds a CRUD user actions to our REST API which allows many task to be automated. Therefore I will close this off. This issue hinted as SCIM but I didn't know if SCIM was the fundamental requirement of this request. The new API endpoints should allow some level of "SCIM adapter" to be created externally if desired. I wouldn't really want to implement SCIM directly into BookStack at this stage. I've reached the limit of authentication mechanisms I'm willing to support right now since they are difficult to fully understand and tricky to support for the user-base. I don't want to be spending any more of my own time: - Reading through multiple RFCs - Signing up to auth system trial accounts - Trying to understand where Microsoft have made things awkward and where differences may lie between cloud and on-prem functionality. - Supporting once implemented and attempting to understand what configuration is needed vs what is actually just some strange expectations due to an arcane environment. Simply put, it's not fun work, and it provides no benefit to the vast majority of users while having a disproportionate negative affect on maintenance and my mental well-being. I'd be happy to reconsider if an enterprise account was willing to work with me while also willing to invest :dollar: to make it worth my time. To pre-emptively answer the question "Would you be willing to accept a PR for SCIM"? No, as it does not solve the above. I would still have to understand the standards & requirements while having the responsibility of stability & maintenance. A PR would only really cover the most fun part, writing the code.

OVERLORD commented

2026-02-05 03:20:28 +03:00

@ariel-rajmaliuk commented on GitHub (Mar 8, 2022):

Hi! When do you think the User management API will be available for production?

@ariel-rajmaliuk commented on GitHub (Mar 8, 2022): Hi! When do you think the User management API will be available for production?

OVERLORD commented

2026-02-05 03:20:32 +03:00

@ssddanbrown commented on GitHub (Mar 8, 2022):

Hi @Draidel,
This is already in release. It was part of the v22.02 release:
https://www.bookstackapp.com/blog/bookstack-release-v22-02/#user-management-api-endpoints

@ssddanbrown commented on GitHub (Mar 8, 2022): Hi @Draidel, This is already in release. It was part of the v22.02 release: https://www.bookstackapp.com/blog/bookstack-release-v22-02/#user-management-api-endpoints

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#2212