Using the SCIM 2.0 REST APIs¶
This REST API implements the SCIM 2.0 Protocol according to the SCIM 2.0 specification. The following endpoints are supported with WSO2 Identity Server.
Note
Prior to WSO2 Identity Server 5.4.0 version, SCIM 2.0 was supported as an external connector that could be plugged in to WSO2 Identity Server.
WSO2 Identity Server 5.9.0 supports SCIM 2.0 out-of-the-box.
Users endpoint¶
This endpoint is used to create and manage users and their profile attributes.
POST/ Create User¶
POST https://localhost:9443/t/{tenant-domain}/scim2/Users
This API creates a user and returns the user details along with the
user's unique ID. It returns HTTP 201
if the user
is successfully created.
Parameters
Type | Name | Description | Schema | Default Value |
---|---|---|---|---|
Query | attributes (optional) |
Attribute names of attributes that are to be included in the response. All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification . |
String | - |
Query | excludedAttributes (optional) |
Attribute names of attributes that are to be exclused from the response. |
String | - |
Body | body (optional) |
A JSON object that contains relevant values for creating a user.
|
String | - |
Responses
- HTTP 201 - Valid user is created
- HTTP 401 - Unauthorized
- HTTP 404 - Invalid user
Tip
To create a user in a particular user store, add the {domainName}/ prefix in front of the user name.
curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"WSO2/kim","password":"kimwso2","emails":[{"primary":true,"value":"[email protected]","type":"home"},{"value":"[email protected]","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users
GET/ Get User by ID¶
This API is used to retrieve users by their user ID. It returns an HTTP 200
response if the user is found.
GET https://localhost:9443/t/{tenant-domain}/scim2/Users/{id}
Parameters
Type | Name | Description | Schema | Default Value |
---|---|---|---|---|
Path | id (required) |
Unique ID of the resource type. |
String | - |
Query | attributes (optional) |
Attribute names of attributes that are to be included in the response.
All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification . |
String | - |
Query | excludedAttributes (optional) |
Attribute names of attributes that are to be exclused from the response. |
String | - |
Responses
- HTTP 200 - Valid user is found
- HTTP 401 - Unauthorized
- HTTP 404 - Valid user is not found
DELETE/ Delete User by ID¶
DELETE https://localhost:9443/t/{tenant-domain}/scim2/Users/{id }
This API deletes a user using the user's unique ID. It returns
HTTP 204
if the user is successfully deleted.
Response
|
Parameters
Type | Name | Description | Schema | Default Value |
---|---|---|---|---|
Path | id (required) |
Unique ID of the resource type. |
String | - |
Responses
- HTTP 204 - User has been succesfully deleted
- HTTP 401 - Unauthorized
- HTTP 404 - Valid user is not found
GET/ Get Users (User Listing/Filtering)¶
GET https://localhost:9443/t/{tenant-domain}/scim2/Users
This API returns users according to the filter, sort and pagination
parameters. It returns an HTTP 404
response if
the users are not found. Pagination is not supported across user stores
and LDAP multi-attribute group filtering. However, filtering is
supported across multiple user stores.
Parameters
Type | Name | Description | Schema | Default Value |
---|---|---|---|---|
Query | attributes (optional) |
Attribute names of attributes that are to be included in the response. All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification . |
String | - |
Query | excludedAttributes (optional) |
Attribute names of attributes that are to be exclused from the response. |
String | - |
Query | filter (optional) |
A filter expression used to filter users. Supported filter operators are ‘ Tip Operators are case-insensitive. |
String | - |
Query | startIndex (optional) |
The 1-based index of the first query result. | Integer | - |
Query | count (optional) |
Specifies the desired maximum number of query results per page. Tip This parameter is optional but it is recommended to include it in the request. When this parameter is not included in the request, the response returns all users from a given domain or across all user stores. When this parameter is set to 0 (zero) or is a negative value, no users are retrieved. |
Integer | - |
Query | sortBy (optional) |
Specifies the attribute whose value can be used to order the returned responses. Warning This parameter is not supported for this version. |
String | - |
Query | sortOrder (optional) |
The order in which the "sortBy" parameter is applied. (e.g., ascending order) Warning This parameter is not supported for this version. |
String | - |
Query | domain (optional) |
The name of the user store to which filtering needs to be applied. | String | - |
Responses
- HTTP 200 - Valid users are found
- HTTP 401 - Unauthorized
- HTTP 404 - Valid users are not found
Tip
There are two ways to retrieve users from a particular user store:
-
Using the
domain
query parameter
Filter or list users from a particular domain by setting the domain query parameter as shown in the example below.curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users?startIndex=1&count=10&domain=WSO2
-
Adding the “
{domain}/
” prefix in front of the filter value
Filter or list users from a particular domain by specifying the domain in front of the filter value as shown in the example below.
Note that this feature can only be used with “userName” and “groups” attributes.
If the domain name is specified in both the query parameter and the filter value, an ERROR is thrown if the two values are not equal.curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users?startIndex=1&count=10&filter=userName+sw+WSO2/ki'
POST/ Search Users¶
POST https://localhost:9443/t/{tenant-domain}/scim2/Users/.search
This API returns users according to the filter, sort and pagination
parameters. It returns an HTTP 404
response if
the users are not found.
Parameters
Type | Name | Description | Schema | Default Value |
---|---|---|---|---|
Body | body (optional) |
This is a JSON object that contains relevant values used to search for a user. |
String | - |
Responses
- HTTP 200 - Valid users are found
- HTTP 401 - Unauthorized
- HTTP 404 - Valid users are not found
PATCH/ Update User¶
PATCH https://localhost:9443/t/{tenant-domain}/scim2/Users/{id }
This API updates user details and returns the updated user details using
a PATCH operation. It returns an HTTP 404
response if the user is not found.
Parameters
Type | Name | Description | Schema | Default Value |
---|---|---|---|---|
Path | id (required) |
Unique ID of the resource type.
|
String | - |
Query | attributes (optional) |
Attribute names of attributes that are to be included in the response. All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification . |
String | - |
Query | excludedAttributes (optional) |
Attribute names of attributes that are to be exclused from the response. |
String | - |
Body | body (optional) |
This is a JSON object that contains relevant values used to search for a user. |
Responses
- HTTP 200 - User has been successfully updated
- HTTP 401 - Unauthorized
- HTTP 404 - Valid user is not found
PUT/ Update User¶
PUT https://localhost:9443/t/{tenant-domain}/scim2/Users/{id
}
This API updates user details and returns the updated user details using
a PUT operation. It returns an HTTP 404
response if the user is not found.
Parameters
Type | Name | Description | Schema | Default Value |
---|---|---|---|---|
Path | id (required) |
Unique ID of the resource type.
|
String | - |
Query | attributes (optional) |
Attribute names of attributes that are to be included in the response. All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification . |
String | - |
Query | excludedAttributes (optional) |
Attribute names of attributes that are to be exclused from the response. |
String | - |
Body | body (optional) |
This is a JSON object that contains relevant values used to search for a user. | String | - |
Responses
- HTTP 200 - User has been successfully updated
- HTTP 401 - Unauthorized
- HTTP 404 - Valid users are not found
Groups endpoint¶
This endpoint is used to create and manage groups and group members.
Note
From WSO2 Identity Server 5.8.0 onwards, new configurations have been added to support filtering users and groups only from the PRIMARY domain.
If these properties are enabled, the responses recieved for the users endpoint and groups endpoint will change.
POST/ Create Group¶
POST https://localhost:9443/t/{tenant-domain}/scim2/Groups
This API creates a group and returns the details of the created group
including its unique ID. It returns an HTTP 201
response if the group is successfully created.
Parameters
Type | Name | Description | Schema | Default Value |
---|---|---|---|---|
Query | attributes (optional) |
Attribute names of attributes that are to be included in the response. All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification . |
String | - |
Query | excludedAttributes (optional) |
Attribute names of attributes that are to be exclused from the response. |
String | - |
Body | body (optional) |
This is a JSON object that contains relevant values used to create a group. |
String | - |
Responses
- HTTP 201 - Valid group is created
- HTTP 401 - Unauthorized
- HTTP 404 - Invalid group
Tip
To create a user in a particular user store, add the {domainName}/ prefix in front of the user name as shown in the example below.
curl -v -k --user admin:admin --data '{"displayName":"WSO2DOMAIN/manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups
GET/ Group by ID¶
GET https://localhost:9443/t/{tenant-domain}/scim2/Groups/{id}
This API returns the group details of a particular group using its
unique ID. It returns an HTTP 200
response if the
group is found.
Parameters
Type | Name | Description | Schema | Default Value |
---|---|---|---|---|
Path | id (required) |
Unique ID of the resource type.
|
String | - |
Query | attributes (optional) |
Attribute names of attributes that are to be included in the response. All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification . |
String | - |
Query | excludedAttributes (optional) |
Attribute names of attributes that are to be exclused from the response. |
String | - |
Responses
- HTTP 200 - Valid group is found
- HTTP 401 - Unauthorized
- HTTP 404 - Valid group is not found
DELETE/ Delete Group By ID¶
DELETE https://localhost:9443/t/{tenant-domain}/scim2/Groups/{id }
This API deletes a particular group using its unique ID. It returns an
HTTP 204
reponse if the group is successfully
deleted.
Response
|
Parameters
Type | Name | Description | Schema | Default Value |
---|---|---|---|---|
Path | id (required) |
Unique ID of the resource type. |
String | - |
Responses
- HTTP 204 - Valid group has been successfully deleted.
- HTTP 401 - Unauthorized
- HTTP 404 - Invalid group
GET/ Filter Groups¶
GET https://localhost:9443/t/{tenant-domain}/scim2/Groups
This API filters groups using a given query. It returns an
HTTP 200
reponse if filtered group list is successfully retrieved.
Parameters
Type | Name | Description | Schema | Default Value |
---|---|---|---|---|
Query | attributes (optional) |
Attribute names of attributes that are to be included in the response. All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification . |
String | - |
Query | excludedAttributes (optional) |
Attribute names of attributes that are to be exclused from the response. |
String | - |
Query | filter (optional) |
A filter expression used to filter groups. Supported filter operators are ‘ Note Operators are case-insensitive. |
String | - |
Query | startIndex (optional) |
The 1-based index of the first query result. Warning Pagination is not supported. |
Integer | - |
Query | count (optional) |
Specifies the desired maximum number of query results per page. Warning Pagination is not supported. Note When this parameter is not included in the request, the response returns all groups from the given domain or across all user stores. When the count is zero or any value less than zero, no groups are returned. |
Integer | - |
Query | sortBy (optional) |
Specifies the attribute whose value can be used to order the returned responses. Warning This parameter is not supported for this version. |
String | - |
Query | sortOrder (optional) |
The order in which the "sortBy" parameter is applied. (e.g., ascending order) Warning This parameter is not supported for this version. |
String | - |
Query | domain (optional) |
The name of the user store to which filtering needs to be applied. | String | - |
Responses
- HTTP 200 - Filtered group list successfully returned.
- HTTP 403 - Unauthorized
- HTTP 500 - Invalid group
Tip
There are two ways to retrieve users from a particular user store:
-
Using the
domain
query parameter
Setting the domain parameter enables both filtering and listing groups in a specified user store.Sample Request
curl -v -k --user admin:admin 'https://localhost:9443/scim2/Groups?domain=WSO2’
-
Adding the “
{domain}/
” prefix in front of the filter value
Filter or list users from a particular domain by specifying the domain in front of the filter value as shown in the example below.
Note that this feature can only be used with "displayName", "members.display" and "members.value" attributes.
If the domain name is specified in both the query parameter and the filter value, an ERROR is thrown if the two values are not equal.curl -v -k --user admin:admin 'https://localhost:9443/scim2/Groups?filter=displayName+eq+WSO2/manager'
POST/ Search Groups¶
POST https://localhost:9443/t/{tenant-domain}/scim2/Groups/.search
This API returns groups according to the specified filter, sort and
pagination parameters. It returns an HTTP 404
response if the groups are not found.
Parameters
Type | Name | Description | Schema | Default Value |
---|---|---|---|---|
Body | body (optional) |
This is a JSON object that contains relevant values used to search for a group. |
String | - |
Responses
- HTTP 200 - Valid groups are found
- HTTP 401 - Unauthorized
- HTTP 404 - Groups are not found
PATCH/ Update Group¶
PATCH https://localhost:9443/t/{tenant-domain}/scim2/Groups/{id}
This API updates the group details and returns the updated group details using a PATCH operation. It returns an HTTP 404
response if the group is not found.
Parameters
Type | Name | Description | Schema | Default Value |
---|---|---|---|---|
Path | id (required) |
Unique ID of the resource type.
|
String | - |
Query | attributes (optional) |
Attribute names of attributes that are to be included in the response. All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification . |
String | - |
Query | excludedAttributes (optional) |
Attribute names of attributes that are to be exclused from the response. |
String | - |
Body | body (optional) |
This is a JSON object that contains relevant values used to search for a user. | String | - |
Responses
- HTTP 200 - Group has been successfully updated
- HTTP 401 - Unauthorized
- HTTP 404 - Valid group is not found
PATCH/ Remove Group Member¶
This API removes group member and returns the updated group details using a PATCH operation. It returns an HTTP 404
response if the group is not found.
PATCH https://localhost:9443/t/{tenant-domain}/scim2/Groups/{id}
Parameters
Type | Name | Description | Schema |
---|---|---|---|
Path | id (required) |
Unique ID of the resource type.
|
String |
Query | attributes (optional) |
Attribute names of attributes that are to be included in the response. All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification . |
String |
Query | excludedAttributes (optional) |
Attribute names of attributes that are to be exclused from the response. |
String |
Body | body (optional) |
This is a JSON object that contains relevant values used to search for a user. | String |
Request
curl -v -k --user [user name]:[password] -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"[operation]","path":"members[display eq [user's user name],value eq [user Id]]"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/[group Id]
Response
- HTTP 200 - Group has been successfully updated
- HTTP 401 - Unauthorized
- HTTP 404 - Valid group is not found
Example
curl -v -k --user admin:admin -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"remove","path":"members[display eq kim,value eq 81ffe274-19a9-46aa-acfe-469a09cdd25a]"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/1b91c4ef-9834-4278-82e3-ed810a94403b
{"displayName":"PRIMARY/testGroup","meta":{"created":"2019-12-06T09:34:52.250Z","location":"https://localhost:9443/scim2/Groups/1b91c4ef-9834-4278-82e3-ed810a94403b","lastModified":"2019-12-06T09:34:52.250Z"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"members":[{"display":"orange","value":"81ffe274-19a9-46aa-acfe-469a09cdd25a","$ref":"https://localhost:9443/scim2/Users/81ffe274-19a9-46aa-acfe-469a09cdd25a"}],"id":"1b91c4ef-9834-4278-82e3-ed810a94403b"}
PUT/ Update Group¶
PUT https://localhost:9443/t/{tenant-domain}/scim2/Groups/{id }
This API updates the group details and returns the updated group details
using a PUT operation. It returns an HTTP 404
reponse if the group is not found.
Parameters
Type | Name | Description | Schema | Default Value |
---|---|---|---|---|
Path | id (required) |
Unique ID of the resource type.
|
String | - |
Query | attributes (optional) |
Attribute names of attributes that are to be included in the response. All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification . |
String | - |
Query | excludedAttributes (optional) |
Attribute names of attributes that are to be exclused from the response. |
String | - |
Body | body (optional) |
This is a JSON object that contains relevant values used to search for a user. | String | - |
Responses
- HTTP 200 - Group has been successfully updated
- HTTP 401 - Unauthorized
- HTTP 404 - Valid group is not found
Me Endpoint¶
This endpoint is used to create and manage the currently authenticated user.
POST/ Create Me¶
POST https://localhost:9443/t/{tenant-domain}/scim2/Me
This API is used to register a user anonymously. It returns an HTTP 201 response if the user is successfully created. These endpoints are secured by default. Therefore, to invoke this API anonymously, set the secured property for the SCIM2 resource in the identity.xml file to false. For more information, see Authenticating and Authorizing REST APIs.
curl -v -k --data '{"schemas":[],"name:{"familyName":[last name],"givenName":[name]},"userName":[username],"password":[password],"emails":[{"primary":[true/false],"value":[email address],"type":[home/work]},{"value":[email address 2],"type":[home/work]}],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"employeeNumber":[employee ID],"manager":{"value":[manager's name]}}}' --header "Content-Type:application/json" https://localhost:9443/scim2/Me
curl -v -k --data '{"schemas":[],"name":{"familyName":"Johnson","givenName":"Alex"},"userName":"alex","password":"alexwso2","emails":[{"primary":true,"value":"[email protected]","type":"home"},{"value":"[email protected]","type":"work"}],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"employeeNumber":"123A","manager":{"value":"Taylor"}}}' --header "Content-Type:application/json" https://localhost:9443/scim2/Me
{"emails":[{"type":"home","value":"[email protected]","primary":true},{"type":"work","value":"[email protected]"}],"meta":{"created":"2018-08-17T10:34:29Z","location":"https://localhost:9443/scim2/Users/008bba85-451d-414b-87de-c03b5a1f4217","lastModified":"2018-08-17T10:34:29Z","resourceType":"User"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"manager":{"value":"Taylor"},"employeeNumber":"123A"},"name":{"familyName":"Johnson","givenName":"Alex"},"id":"008bba85-451d-414b-87de-c03b5a1f4217","userName":"alex"}
Parameters
Type | Name | Description | Schema | Default |
---|---|---|---|---|
Query | attributes (optional) |
Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. Click to see the Sample Request
|
String | - |
Query | excludedAttributes (optional) |
Attribute names of attributes that are to be excluded from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification. Click to see the Sample Request
|
String | - |
Body | body (optional) | A JSON object that contains relevant values for creating a user. | String | - |
Responses
- HTTP 201 - Valid user is created
- HTTP 401 - Unauthorized
- HTTP 404 - Invalid user
GET/ Get Me¶
GET https://localhost:9443/t/{tenant-domain}/scim2/Me
This API returns the user details of the currently authenticated user. These endpoints are secured by default. Therefore, to invoke this API anonymously, set the secured property for the SCIM2 resource in the identity.xml file to false. For more information, see Authenticating and Authorizing REST APIs.
curl -v -k --user [username]:[password] https://localhost:9443/scim2/Me
curl -v -k --user kim:kimwso2 https://localhost:9443/scim2/Me
{"schemas":["urn:ietf:params:scim:schemas:core:2.0:ResourceType"],"resourceType":[{"schema":"urn:ietf:params:scim:schemas:core:2.0:User","endpoint":"/Users","meta":{"location":"https://localhost:9443/scim2/ResourceType/User","resourceType":"ResourceType"},"name":"User","description":"User Account","schemaExtensions":{"schema":"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User","required":false},"id":"User"},{"schema":"urn:ietf:params:scim:schemas:core:2.0:Group","endpoint":"/Groups","meta":{"location":"https://localhost:9443/scim2/ResourceType/Group","resourceType":"ResourceType"},"name":"Group","description":"Group","id":"Group"}]}
Parameters None
Responses
- HTTP 200 - Schema is found
- HTTP 401 - Unauthorized
- HTTP 404 - Schema is not found
DELETE/ Delete Me¶
DELETE https://localhost:9443/t/{tenant-domain}/scim2/Me
This API is used to delete the currently authenticated user. It returns HTTP 204
if the user is successfully deleted.
curl -v -k --user [username]:[password] -X DELETE https://localhost:9443/scim2/Me
curl -v -k --user alex:alexwso2 -X DELETE https://localhost:9443/scim2/Me
HTTP/1.1 204 NOT IMPLEMENTED
Type | Name | Description | Schema | Default Value |
---|---|---|---|---|
Path | id (required) | Unique ID of the resource type. | String | - |
Response - HTTP 204 - User has been succesfully deleted - HTTP 401 - Unauthorized - HTTP 404 - Valid user is not found
PATCH/ Update Me¶
PATCH https://localhost:9443/t/{tenant-domain}/scim2/Me
This API uses a PATCH operation to update user details Returns HTTP 404
if the user is not found.
curl -v -k --user [username]:[password] -X PATCH -d '{"schemas":[],"Operations":[{"op":[operation],"value":{[attributeName]:[attribute value]}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Me
curl -v -k --user kim:kimwso2 -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"nickName":"shaggy"}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Me
{"emails":[{"type":"work","value":"[email protected]"},{"type":"home","value":"[email protected]"}],"meta":{"created":"2018-08-16T17:19:43Z","location":"https://localhost:9443/scim2/Users/f60e6ddd-8d04-411f-92b9-c7ba95fb0fa9","lastModified":"2018-08-17T11:43:34Z","resourceType":"User"},"nickName":"shaggy","schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"manager":{"value":"Taylor"},"employeeNumber":"123A"},"roles":[{"type":"default","value":"manager,Internal/everyone,admin"}],"name":{"givenName":"Kim","familyName":"JacksonJohn"},"groups":[{"display":"manager","value":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"}],"id":"f60e6ddd-8d04-411f-92b9-c7ba95fb0fa9","userName":"kim"}
Parameters
Type | Name | Description | Schema | Default Value | |
---|---|---|---|---|---|
Query | attributes (optional) |
Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.
|
String | - | |
Query | excludedAttributes (optional) |
Attribute names of attributes that are to be excluded from the response. When this parameter is included in the request, the response returns all attributes except the excludedattributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.
|
String | - | |
Body | body (optional) | This is a JSON object that contains relevant values used to search for a user. |
Response
- HTTP 200 - User has been successfully updated
- HTTP 401 - Unauthorized
- HTTP 404 - Valid user is not found
PUT/ Update User¶
PUT https://localhost:9443/t/{tenant-domain}/scim2/Me
This API uses a PUT operation to update user details. It returns HTTP 404
if the user is not found.
curl -v -k --user [username]:[password] -X PUT -d '{"schemas":[],"name":{"familyName":[last name],"givenName":[name]},"emails":[{"primary":[true/false],"value":[email address],"type":[home/work]},{"value":[email address 2],"type":[home/work]}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Me
curl -v -k --user kim:kimwso2 -X PUT -d '{"schemas":[],"name":{"familyName":"JacksonJohn","givenName":"Kim"},"userName":"kim","emails":[{"primary":true,"value":"[email protected]","type":"home"},{"value":"[email protected]","type":"work"}],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"employeeNumber":"123A","manager":{"value":"Taylor"}}}' --header "Content-Type:application/json" https://localhost:9443/scim2/Me
{"emails":[{"type":"work","value":"[email protected]"},{"type":"home","value":"[email protected]"}],"meta":{"created":"2018-08-16T17:19:43Z","location":"https://localhost:9443/scim2/Users/f60e6ddd-8d04-411f-92b9-c7ba95fb0fa9","lastModified":"2018-08-16T17:43:17Z","resourceType":"User"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"manager":{"value":"Taylor"},"employeeNumber":"123A"},"roles":[{"type":"default","value":"manager,Internal/everyone,admin"}],"name":{"givenName":"Kim","familyName":"JacksonJohn"},"groups":[{"display":"manager","value":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"}],"id":"f60e6ddd-8d04-411f-92b9-c7ba95fb0fa9","userName":"kim"}
Parameters
Type | Name | Description | Schema | Default Value |
---|---|---|---|---|
Query | attributes (optional) |
Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.
|
String | - |
Query | excludedAttributes (optional) |
Attribute names of attributes that are to be excluded from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.
|
String | - |
Body | body (optional) | This is a JSON object that contains relevant values used to search for a user. | String | - |
Responses
- HTTP 200 - User has been successfully updated
- HTTP 401 - Unauthorized
- HTTP 404 - Valid users are not found
Bulk Endpoint¶
POST/ Create Users in Bulk¶
POST https://localhost:9443/t/{tenant-domain}/scim2/Bulk
This API is used to create multiple users at once. It returns an
HTTP 201
response if the users are successfully
created.
Parameters
Type | Name | Description | Schema | Default Value |
---|---|---|---|---|
Body | body (optional) |
This is a JSON object that contains relevant values used to create the users. | String | - |
Responses
- HTTP 200 - Valid users are created
- HTTP 401 - Unauthorized
- HTTP 404 - Invalid users
ResourceType Endpoint¶
GET/ Get Resource Types¶
GET https://localhost:9443/t/{tenant-domain}/scim2/ResourceType
This API lists and returns metadata about resource types. It returns an
HTTP 200
response if the schema is found.
Parameters
None
Responses
- HTTP 200 - Schema is found
- HTTP 401 - Unauthorized
- HTTP 404 - Schema is not found
ServiceProviderConfig Endpoint¶
GET/ Get Service Provider Config¶
GET https://localhost:9443/t/{tenant-domain}/scim2/ServiceProviderConfig
This API is used to create multiple users at once. It returns an
HTTP 201
response if the users are successfully
created.
Parameters
None
Responses
- HTTP 200 - Schema is found
- HTTP 401 - Unauthorized
- HTTP 404 - Schema is not found
Permissions¶
Following are the default permissions that are required to access each resource in SCIM 2.0.
Endpoint | HTTP Method | Permission |
---|---|---|
/scim2/Users |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
PUT |
|
|
PATCH |
|
|
DELETE |
|
|
|
|
|
PUT |
|
|
PATCH |
|
|
DELETE |
|
|
GET |
|
|
DELETE |
|
|
PUT |
|
|
PATCH |
|
|
POST |
|
|
all | - |
|
all | - |
|
all |
|
Info
More information about how to secure the REST APIs and configure authorization level, see Authenticating and Authorizing REST APIs.