This Acceptable Use Policy (the “AUP”) describes activities that are not permitted when using the LabsNinja SCIM Connector service (the “Service”). It supplements our Terms of Service and applies to anyone accessing the Service.
1. Lawful use
You agree to use the Service only for lawful purposes and in compliance with all applicable laws and regulations.
2. Authorisation to connect an identity provider
You must not connect an identity provider (Okta, Entra ID, Google Workspace, JumpCloud, OneLogin, or any other IdP) for which you do not have explicit authorisation from the owning organisation. As part of self-service connector creation, the Service requires you to confirm: “I confirm that I am authorized to connect this identity provider and process provisioning data for this organization.” Submitting that confirmation when you are not authorised is a breach of this AUP.
3. Credentials and authentication abuse
You must not engage in credential stuffing, brute-force login attempts, account enumeration, or any other automated attack against authentication endpoints. You must protect your SCIM bearer tokens and operator credentials; if a credential is suspected to be compromised, rotate it immediately and notify security@labsninja.com.
4. Scanning, probing, and reverse engineering
You must not perform unauthorised security scanning, vulnerability probing, fuzzing, or reverse engineering of the Service. Coordinated security research is welcome — please reach out to security@labsninja.com before testing so we can authorise it.
5. Malicious or malformed SCIM payloads
You must not deliberately send malformed, oversized, malicious, or otherwise harmful SCIM payloads with the intent of crashing, destabilising, or otherwise interfering with the Service.
6. Cross-tenant and isolation violations
You must not attempt to access, modify, infer, or correlate data belonging to another tenant. You must not attempt to bypass the Service’s tenant isolation controls.
7. Excessive load and denial-of-service behaviour
You must not generate excessive request volume designed or likely to degrade the Service for other customers. Where you legitimately need higher rate limits, contact us so we can discuss your plan. Distributed-denial-of-service activity targeting the Service is strictly prohibited.
8. Prohibited content
You must not use the Service to store, transmit, or process content that is illegal where the data is created or accessed, or content for which you do not have the necessary rights.
9. Enforcement
Violation of this AUP may result in suspension or termination of access to the Service, in addition to any other remedies available under the Terms or applicable law. We will use reasonable judgement to give notice and an opportunity to cure where practical and where the breach is not severe.
10. Reporting abuse
To report abuse of the Service or a violation of this AUP: security@labsninja.com. For general legal questions: legal@labsninja.com.