FireHydrant

The FireHydrant connector syncs identities and access from FireHydrant and provisions accounts and team membership through the FireHydrant SCIM 2.0 endpoints.

Synced resources

Resource	Capabilities
User	Sync, account provisioning, account deletion
Team	Sync, team membership provisioning
On-call schedule	Sync (membership and current on-call surface as grants)

Team resources expose a member grant for each membership and a dynamic incident-role:<role-id> entitlement plus matching grant for every member who has a default incident role on that team. On-call schedule resources expose a member grant for everyone on the schedule and an on-call-now grant for the user with an active shift.

Configuration

Field	Required	Description
`api-token`	yes	FireHydrant bot user API token. Generate one in Settings > Bot users. Owner permissions are required for SCIM provisioning.
`base-url`	no	Override the FireHydrant API base URL. Defaults to `https://api.firehydrant.io`.

Required permissions

The bot user backing the API token must have Owner permissions on the FireHydrant organization so it can call the SCIM 2.0 endpoints used for account and team membership provisioning. A lower-privileged token can still drive read-only sync but provisioning calls will fail.

​FireHydrant

​Synced resources

​Configuration

​Required permissions

FireHydrant

Synced resources

Configuration

Required permissions