API notes for SCIM
SSO SCIM implementation is based on SCIM RFCs 7642 (https://tools.ietf.org/html/rfc7642), 7643 (https://tools.ietf.org/html/rfc7643), and 7644 (https://tools.ietf.org/html/rfc7644).
We only support a part of APIs & properties, please see the document below for details.
Some properties aren’t supported, we will ignore them if they are sent to us
Some APIs aren’t supported:
For GET method: we will return HTTP 200 and an empty body
For POST/PUT/PATCH/DELETE methods: we will return HTTP 400
We only support SCIM version 2.0, we don't support other versions
Users Endpoint
GET: Users
Notes: The supported comparison operators are “Equals, NotEquals, Includes”, and the only filtered Creative Force property is Username.
GET {base_url}/Users?filter=userName%20eq%20test%40example.com Authorization: Bearer <bearer_token> |
Response:
{ "schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ], "totalResults": 1, "itemsPerPage": 10, "startIndex": 1, "resources": [ { "active": true, "meta": { "resourceType": "User" }, "userName": "test@example.com", "id": "7269b1ca-e71e-4f96-8b95-b0e53e0d5b5a", "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ] } ] } |
GET: Users/{userId}
GET {base_url}/Users/9067729b3d-ee533c18-538a-4cd3-a572-63fb863ed734 Authorization: Bearer <bearer_token> |
Response:
{ "active": true, "meta": { "resourceType": "User" }, "userName": "test@example.com", "id": "80ac64da-09d4-43a3-a794-0d6c9236e71c", "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ] } |
POST: Users
Notes: The supported properties are “userName, name.givenName, name.familyName”, and the user after creating will be activated automatically.
POST {base_url}/Users Authorization: Bearer <bearer_token> { "userName": "test@example.com", "name": { "givenName": "Test", "familyName": "Test" } } |
Response:
{ "active": true, "meta": { "resourceType": "User" }, "userName": "test@example.com", "id": "15926bc5-3219-4ccd-88bc-df96880eb7ba", "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ] } |
PUT: Users/{userId}
Notes: The only supported property is “active”. Need userName to validate the user.
PUT {base_url}/Users/15926bc5-3219-4ccd-88bc-df96880eb7ba Authorization: Bearer <bearer_token> { "userName": "test@example.com", "active": false } |
Response:
{ "active": true, "meta": { "resourceType": "User" }, "userName": "test@example.com", "id": "15926bc5-3219-4ccd-88bc-df96880eb7ba", "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ] } |
PATCH: Users/{userId}
Notes: The only supported property is “active”, the available Operations.op (s) are “add, replace”.
PATCH {base_url}/Users/15926bc5-3219-4ccd-88bc-df96880eb7ba Authorization: Bearer <bearer_token> { "Operations": [ { "op": "add", "path": "active", "value": { "active": false } } ] } |
Response:
{ "active": false, "meta": { "resourceType": "User" }, "userName": "test@example.com", "id": "e3f68eec-e714-4d8f-a47f-36f31e610d95", "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ] } |
DELETE: Users/{userId}
Notes: Only lock user.
DELETE {base_url}/Users/15926bc5-3219-4ccd-88bc-df96880eb7ba Authorization: Bearer <bearer_token> |
Response:
Status code: 204 |
Group Endpoint
Not supported.
Bulk Endpoint
Not supported.
ResourceType Endpoint
Not supported.
ServiceProviderConfig Endpoint
Not supported.
Schemas Endpoint
Not supported.