--- title: Docker Hub SCIM API Integration on Truto slug: dockerscim category: Application Development canonical: "https://truto.one/integrations/detail/dockerscim/" --- # Docker Hub SCIM API Integration on Truto **Category:** Application Development **Status:** Beta ## Unified APIs ### Unified User Directory API - **Users** — The User object represents a User. ## How it works 1. **Link your customer's Docker Hub SCIM account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach Docker Hub SCIM.** The Proxy API is a 1-to-1 mapping of the Docker Hub SCIM API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Automate developer offboarding across container registries** — Security and IT operations SaaS companies can offer instant Docker Hub access revocation when a termination event fires from an HRIS, eliminating the window where a departing engineer could exfiltrate proprietary container images. - **Run continuous access reviews for compliance** — Identity governance platforms can pull the full Docker Hub user directory to run delta-based access reviews against a central identity provider, helping customers meet SOC2 and audit requirements without manual spreadsheet reconciliation. - **Right-size Docker Business license spend** — SaaS management and FinOps platforms can cross-reference active Docker Hub users against actual development activity, identifying idle seats and automating deprovisioning to reclaim expensive Docker Business licenses before renewal. - **Enforce zero standing privileges for production access** — Privileged access management tools can offer time-boxed Docker Hub role escalation — granting temporary Admin access for production hotfixes and automatically reverting to Member once the window expires. - **Sync HR-driven team changes to Docker Hub groups** — Workforce automation platforms can detect team transfers in an HRIS and automatically update Docker Hub group and role assignments so developers always have the right pull/push access to the correct repositories. ## What you can build - **Real-time user deprovisioning on termination** — Automatically set a Docker Hub user's active status to false the moment an offboarding event is detected, instantly revoking org access and CLI tokens. - **Shadow IT user discovery dashboard** — Pull the complete Docker Hub user directory via SCIM and surface accounts that exist in Docker but are missing from the customer's central identity provider. - **Automated Docker team and role assignment** — Map HRIS department or job-role changes to Docker Hub custom attributes like Docker Team and Docker Role so RBAC stays in sync without manual intervention. - **Idle license detection and reclamation workflow** — Periodically list all active Docker Hub users, correlate with usage signals, and trigger automated deprovisioning for developers who no longer need container registry access. - **Time-bound privilege escalation with auto-revert** — Grant temporary Admin-level Docker Hub access with a reduced session timeout and automatically revert the role and session minutes after an approval window closes. - **Bulk user provisioning during org onboarding** — Create Docker Hub accounts in batch from a canonical user directory, mapping email, given name, and family name so new engineering teams are container-ready from day one. ## FAQs ### What Docker Hub subscription tier is required for SCIM? SCIM provisioning is only available on the Docker Business plan. Organizations on Docker Pro or Docker Team cannot use the SCIM API. ### What authentication method does Docker Hub SCIM use? Docker Hub SCIM endpoints are authenticated via a Bearer token (SCIM API token) generated by a Docker organization admin. Truto securely stores and manages this token so your end users only need to provide it once during the connection setup. ### Which user attributes can be managed through Docker Hub SCIM? Core SCIM attributes include userName (email), name.givenName, name.familyName, and the active boolean. Docker Hub also exposes custom attributes for Docker Team, Docker Role (Member or Admin), and Docker session minutes for session-length enforcement. ### Can I deactivate a user without deleting them? Yes. Setting the active attribute to false via a PATCH or PUT request deactivates the user, removing their organization access and revoking active CLI tokens while preserving the account record for audit purposes. ### How does Truto's Unified User Directory API map to Docker Hub SCIM? Truto normalizes Docker Hub's SCIM user schema into its Unified User Directory model, handling Docker-specific pagination, token management, and attribute translation so you read and write users through a single, consistent API regardless of the downstream provider. ### Are Docker Hub SCIM tools available out of the box on Truto? Docker Hub SCIM integration is built on request. Once activated, it plugs into the Unified User Directory API, giving you standardized user list, create, update, and deactivate operations without building directly against Docker's SCIM endpoints.