Skip to main content
API notes for SCIM
Ian Mitchell avatar
Written by Ian Mitchell
Updated over a week ago

API notes for SCIM

SSO SCIM implementation is based on SCIM RFCs 7642 (https://tools.ietf.org/html/rfc7642), 7643 (https://tools.ietf.org/html/rfc7643), and 7644 (https://tools.ietf.org/html/rfc7644).

We only support a part of APIs & properties, please see the document below for details.

  • Some properties aren’t supported, we will ignore them if they are sent to us

  • Some APIs aren’t supported:

    • For GET method: we will return HTTP 200 and an empty body

    • For POST/PUT/PATCH/DELETE methods: we will return HTTP 400

  • We only support SCIM version 2.0, we don't support other versions

Users Endpoint

GET: Users

Notes: The supported comparison operators are “Equals, NotEquals, Includes”, and the only filtered Creative Force property is Username.

GET {base_url}/Users?filter=userName%20eq%20test%40example.com

Authorization: Bearer <bearer_token>

Response:

{

"schemas": [

"urn:ietf:params:scim:api:messages:2.0:ListResponse"

],

"totalResults": 1,

"itemsPerPage": 10,

"startIndex": 1,

"resources": [

{

"active": true,

"meta": {

"resourceType": "User"

},

"userName": "test@example.com",

"id": "7269b1ca-e71e-4f96-8b95-b0e53e0d5b5a",

"schemas": [

"urn:ietf:params:scim:schemas:core:2.0:User"

]

}

]

}

GET: Users/{userId}

GET {base_url}/Users/9067729b3d-ee533c18-538a-4cd3-a572-63fb863ed734

Authorization: Bearer <bearer_token>

Response:

{

"active": true,

"meta": {

"resourceType": "User"

},

"userName": "test@example.com",

"id": "80ac64da-09d4-43a3-a794-0d6c9236e71c",

"schemas": [

"urn:ietf:params:scim:schemas:core:2.0:User"

]

}

POST: Users

Notes: The supported properties are userName, name.givenName, name.familyName, and the user after creating will be activated automatically.

POST {base_url}/Users

Authorization: Bearer <bearer_token>

{

"userName": "test@example.com",

"name": {

"givenName": "Test",

"familyName": "Test"

}

}

Response:

{

"active": true,

"meta": {

"resourceType": "User"

},

"userName": "test@example.com",

"id": "15926bc5-3219-4ccd-88bc-df96880eb7ba",

"schemas": [

"urn:ietf:params:scim:schemas:core:2.0:User"

]

}

PUT: Users/{userId}

Notes: The only supported property is active”. Need userName to validate the user.

PUT {base_url}/Users/15926bc5-3219-4ccd-88bc-df96880eb7ba

Authorization: Bearer <bearer_token>

{

"userName": "test@example.com",

"active": false

}

Response:

{

"active": true,

"meta": {

"resourceType": "User"

},

"userName": "test@example.com",

"id": "15926bc5-3219-4ccd-88bc-df96880eb7ba",

"schemas": [

"urn:ietf:params:scim:schemas:core:2.0:User"

]

}

PATCH: Users/{userId}

Notes: The only supported property is active, the available Operations.op (s) are “add, replace”.

PATCH {base_url}/Users/15926bc5-3219-4ccd-88bc-df96880eb7ba

Authorization: Bearer <bearer_token>

{

"Operations": [

{

"op": "add",

"path": "active",

"value": {

"active": false

}

}

]

}

Response:

{

"active": false,

"meta": {

"resourceType": "User"

},

"userName": "test@example.com",

"id": "e3f68eec-e714-4d8f-a47f-36f31e610d95",

"schemas": [

"urn:ietf:params:scim:schemas:core:2.0:User"

]

}

DELETE: Users/{userId}

Notes: Only lock user.

DELETE {base_url}/Users/15926bc5-3219-4ccd-88bc-df96880eb7ba

Authorization: Bearer <bearer_token>

Response:

Status code: 204

Group Endpoint

Not supported.

Bulk Endpoint

Not supported.

ResourceType Endpoint

Not supported.

ServiceProviderConfig Endpoint

Not supported.

Schemas Endpoint

Not supported.

Did this answer your question?