1. Dualog Support
  2. GETTING STARTED
  3. Dualog Identity

Dualog Identity - API Integration (Developer Guide)

Avatar
Andrea
Follow

INTRODUCTION

This guide is for developers who want to programmatically manage users in Dualog Identity or integrate applications with Dualog's authentication services.

Dualog provides:

  • SCIM API - For user provisioning and management
  • OIDC - For application authentication (cloud and ship-side)
  • SAML - For application authentication (cloud only)

SCIM API FOR USER MANAGEMENT

The Dualog User API allows you to create, read, update, and delete user accounts programmatically using the SCIM 2.0 standard.

API Base URL

https://apps.dualog.com/api/cd-customer-scim-public-api/api/v2

Authentication

The API uses OAuth 2.0 client credentials for authentication.

Step 1: Create an API Client

  1. Log in to https://apps.dualog.com
  2. Go to the Organization page
  3. Create an API Client with the crew_import scope

Client Types:

  • User-level client: Access to all organizations your user has access to
  • Organization-level client: Restricted to that specific organization

Step 2: Obtain an Access Token

Request a token using client credentials:

POST https://apps.dualog.com/auth/connect/token
Content-Type: application/x-www-form-urlencoded
Authorization: Basic <Base64(ClientId:ClientSecret)>

grant_type=client_credentials&scope=crew_import

Response:

{
  "access_token": "<access_token>",
  "expires_in": 86400,
  "token_type": "Bearer",
  "scope": "crew_import"
}

The token is valid for 24 hours.

Step 3: Use the Access Token

Include the token in the Authorization header for all API requests:

Authorization: Bearer <access_token>

User Schema

The API uses the SCIM 2.0 schema with maritime-specific extensions.

Core Fields

Field Type Required Description
userName string Yes User's email address (becomes login)
name.givenName string Yes First name
name.familyName string Yes Surname
displayName string No Display name
active boolean No Account active status
password string No Initial password (must meet policy)
emails array No Additional email addresses

Maritime Extension Fields

Schema: urn:ietf:params:scim:schemas:extension:seafarer:2.0:User:crew

Field Type Required Description
rank string No User's rank
department string No User's department
shipName string No Assigned ship name
shipImo string No Ship IMO number
contractStartDate string Conditional Start date (yyyy-MM-dd), required if shipImo provided
contractEndDate string No End date (yyyy-MM-dd)

API Endpoints

List Users

GET /api/v2/Users

Pagination:

GET /api/v2/Users?startIndex=1&count=10

Get Single User

GET /api/v2/Users/{userId}

Create User

POST /api/v2/Users
Content-Type: application/json

Update User

PUT /api/v2/Users/{userId}
Content-Type: application/json

Delete User

DELETE /api/v2/Users/{userId}

Response: 204 No Content

Error Handling

Code Meaning
200 Success (update)
201 Created (new user)
204 No Content (delete)
400 Bad Request (invalid data)
401 Unauthorized (invalid/missing token)
403 Forbidden (insufficient permissions)
404 Not Found (user doesn't exist)
500 Internal Server Error

Swagger Documentation

Interactive API documentation is available at:
https://apps.dualog.com/api/cd-customer-scim-public-api/index.html

OIDC INTEGRATION

For integrating applications with Dualog Identity for Single Sign-On.

Cloud OIDC Configuration

Discovery Document:

https://crew.dualog.com/auth/.well-known/openid-configuration

Key Endpoints

Endpoint URL
Issuer https://crew.dualog.com/auth
Authorization https://crew.dualog.com/auth/connect/authorize
Token https://crew.dualog.com/auth/connect/token
User Info https://crew.dualog.com/auth/connect/userinfo
JWKS https://crew.dualog.com/auth/.well-known/openid-configuration/jwks
End Session https://crew.dualog.com/auth/connect/endsession

Supported Grant Types

  • authorization_code - Recommended for web applications
  • client_credentials - For machine-to-machine communication
  • refresh_token - For refreshing access tokens
  • password - Resource owner password (legacy)
  • implicit - For SPAs (use PKCE instead when possible)

Supported Scopes

Scope Description
openid Required for OIDC
profile User profile information
email User email address
offline_access Obtain refresh tokens
crew.public Maritime-specific claims

Claims

Standard OIDC claims plus:

  • rank - User's rank (always included)

Ship-Side OIDC

For ship-side applications, the endpoints follow the same structure as cloud OIDC but use the local identity server address on the vessel. The specific address varies by vessel configuration (may be hostname or IP-based). Contact your IT administrator for the ship-side server address.

SAML INTEGRATION

For cloud applications that require SAML 2.0.

SAML Metadata

Metadata URL:

https://crew.dualog.com/auth/saml/metadata

Entity ID:

https://crew.dualog.com/auth

Endpoints

Binding SSO URL
HTTP-Redirect https://crew.dualog.com/auth/saml/sso
HTTP-POST https://crew.dualog.com/auth/saml/sso

Supported Name ID Formats

  • Unspecified
  • Transient
  • Persistent
  • Email Address

REGISTERING YOUR APPLICATION

To integrate your application with Dualog Identity:

  1. Log in to https://apps.dualog.com
  2. Navigate to Integrations
  3. Click New Integration
  4. Choose Cloud or On-premises
  5. Choose OIDC or SAML
  6. Configure the required fields
  7. Save to receive your Client ID and Secret

See Setting Up Cloud Integrations or Setting Up Ship Integrations for detailed steps.

SUPPORT

For API support or questions:

  • Check the Swagger documentation
  • Contact Dualog support with correlation IDs for specific errors

RELATED ARTICLES

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

See more