--- title: Pendo SCIM API Integration on Truto slug: pendoscim category: Analytics canonical: "https://truto.one/integrations/detail/pendoscim/" --- # Pendo SCIM API Integration on Truto **Category:** Analytics **Status:** Beta ## Unified APIs ### Unified User Directory API - **Groups** — Groups are a collection of users in the source application. In some applications, they might also be called Teams. - **Users** — The User object represents a User. ## How it works 1. **Link your customer's Pendo SCIM account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach Pendo SCIM.** The Proxy API is a 1-to-1 mapping of the Pendo SCIM API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Automate Pendo seat provisioning from your identity platform** — Identity governance and access management platforms can offer automated Pendo user provisioning and deprovisioning as part of their JML (Joiner/Mover/Leaver) lifecycle workflows, eliminating manual IT tickets and ensuring zero-touch onboarding and instant offboarding. - **Reclaim unused Pendo licenses from your SaaS management dashboard** — SaaS management platforms can pull the full Pendo user directory, cross-reference it with login activity, and automatically deactivate dormant users to help customers optimize expensive Pendo Premium seat spend. - **Power quarterly access reviews with live Pendo permission data** — Compliance and IGA platforms can ingest Pendo Groups and their membership to run automated SOC2/ISO27001 access reviews, letting managers approve or revoke Pendo permissions directly from your product without touching the Pendo admin console. - **Enable self-service Pendo access requests via IT helpdesk bots** — IT automation and service desk products can offer end-to-end Pendo provisioning — from a Slack or Teams request through manager approval to account creation and group assignment — in seconds instead of days. - **Enforce least-privilege access to Pendo analytics and guides** — Security platforms can continuously reconcile Pendo group memberships against an authoritative directory, flagging and remediating shadow access where users hold elevated Pendo roles they no longer need. ## What you can build - **Automated Pendo user lifecycle management** — Provision new Pendo users on hire, update their group memberships on role change, and instantly deactivate accounts on termination — all driven by events from your HRIS or directory source. - **Pendo license utilization dashboard** — Pull all active Pendo users via the Unified User Directory API and surface a real-time seat count so customers can track consumption against their contract and identify optimization opportunities. - **Time-boxed privileged Pendo access grants** — Let customers grant temporary elevated Pendo roles by adding a user to a privileged SCIM group for a defined window, then automatically removing them when the window expires. - **One-click Pendo access revocation in access reviews** — During periodic access certification campaigns, present Pendo group memberships to reviewers and execute instant SCIM group patches when a reviewer clicks revoke. - **Pendo permission drift detection** — Periodically reconcile Pendo groups and users against your customers' authoritative directory and surface discrepancies as actionable alerts or policy violations. - **Bulk Pendo onboarding for new teams** — Allow customers to select a cohort of employees from their directory and batch-create Pendo accounts with the correct group assignments in a single workflow. ## FAQs ### What authentication method does Pendo SCIM use? Pendo SCIM uses a bearer token (SCIM API token) generated from the Pendo admin console. Truto handles storing and injecting this token so your end users only need to paste it once during the connection setup. ### What resources are available through the Pendo SCIM integration? The integration exposes Users and Groups via Truto's Unified User Directory API. Users carry identity attributes (name, email, department) and an active status. Groups carry a name, ID, and an array of member user IDs — and in Pendo, groups directly map to subscription-level roles like Admin or Read Only. ### Can I deactivate a Pendo user without deleting their account? Yes. You issue a PATCH operation on the User resource setting active to false. This suspends login access while preserving the user's historical data and configuration inside Pendo. ### How are Pendo roles managed through SCIM? Pendo maps subscription-level roles (e.g., Admin, Viewer, Guide Creator) to SCIM Groups rather than individual user attributes. To change a user's permissions, you add or remove their ID from the appropriate Group via a PATCH operation on the Group resource. ### Does enabling SCIM lock out manual user management in Pendo? Yes. Once SCIM provisioning is enabled for a Pendo subscription, all user creation, role assignment, and deactivation must flow through the SCIM API. Manual user management in the Pendo UI is disabled to maintain the directory as the single source of truth. ### Are Pendo SCIM tools available in Truto today? Pendo SCIM integration is built on request. Truto supports the Unified User Directory API model (Users and Groups) for this integration. Contact the Truto team to have it activated for your workspace.