Skip to main content
API notes for SCIM
Ian Mitchell avatar
Written by Ian Mitchell
Updated over 10 months ago

API notes for SCIM

SSO SCIM implementation is based on SCIM RFCs 7642 (https://tools.ietf.org/html/rfc7642), 7643 (https://tools.ietf.org/html/rfc7643), and 7644 (https://tools.ietf.org/html/rfc7644).

We only support a part of APIs & properties, please see the document below for details.

  • Some properties aren’t supported, we will ignore them if they are sent to us

  • Some APIs aren’t supported:

    • For GET method: we will return HTTP 200 and an empty body

    • For POST/PUT/PATCH/DELETE methods: we will return HTTP 400

  • We only support SCIM version 2.0, we don't support other versions

Users Endpoint

GET: Users

Notes: The supported comparison operators are “Equals, NotEquals, Includes”, and the only filtered Creative Force property is Username.

GET {base_url}/Users?filter=userName%20eq%20test%40example.com

Authorization: Bearer <bearer_token>

Response:

{

"schemas": [

"urn:ietf:params:scim:api:messages:2.0:ListResponse"

],

"totalResults": 1,

"itemsPerPage": 10,

"startIndex": 1,

"resources": [

{

"active": true,

"meta": {

"resourceType": "User"

},

"userName": "test@example.com",

"id": "7269b1ca-e71e-4f96-8b95-b0e53e0d5b5a",

"schemas": [

"urn:ietf:params:scim:schemas:core:2.0:User"

]

}

]

}

GET: Users/{userId}

GET {base_url}/Users/9067729b3d-ee533c18-538a-4cd3-a572-63fb863ed734

Authorization: Bearer <bearer_token>

Response:

{

"active": true,

"meta": {

"resourceType": "User"

},

"userName": "test@example.com",

"id": "80ac64da-09d4-43a3-a794-0d6c9236e71c",

"schemas": [

"urn:ietf:params:scim:schemas:core:2.0:User"

]

}

POST: Users

Notes: The supported properties are userName, name.givenName, name.familyName, and the user after creating will be activated automatically.

POST {base_url}/Users

Authorization: Bearer <bearer_token>

{

"userName": "test@example.com",

"name": {

"givenName": "Test",

"familyName": "Test"

}

}

Response:

{

"active": true,

"meta": {

"resourceType": "User"

},

"userName": "test@example.com",

"id": "15926bc5-3219-4ccd-88bc-df96880eb7ba",

"schemas": [

"urn:ietf:params:scim:schemas:core:2.0:User"

]

}

PUT: Users/{userId}

Notes: The only supported property is active”. Need userName to validate the user.

PUT {base_url}/Users/15926bc5-3219-4ccd-88bc-df96880eb7ba

Authorization: Bearer <bearer_token>

{

"userName": "test@example.com",

"active": false

}

Response:

{

"active": true,

"meta": {

"resourceType": "User"

},

"userName": "test@example.com",

"id": "15926bc5-3219-4ccd-88bc-df96880eb7ba",

"schemas": [

"urn:ietf:params:scim:schemas:core:2.0:User"

]

}

PATCH: Users/{userId}

Notes: The only supported property is active, the available Operations.op (s) are “add, replace”.

PATCH {base_url}/Users/15926bc5-3219-4ccd-88bc-df96880eb7ba

Authorization: Bearer <bearer_token>

{

"Operations": [

{

"op": "add",

"path": "active",

"value": {

"active": false

}

}

]

}

Response:

{

"active": false,

"meta": {

"resourceType": "User"

},

"userName": "test@example.com",

"id": "e3f68eec-e714-4d8f-a47f-36f31e610d95",

"schemas": [

"urn:ietf:params:scim:schemas:core:2.0:User"

]

}

DELETE: Users/{userId}

Notes: Only lock user.

DELETE {base_url}/Users/15926bc5-3219-4ccd-88bc-df96880eb7ba

Authorization: Bearer <bearer_token>

Response:

Status code: 204

Group Endpoint

Not supported.

Bulk Endpoint

Not supported.

ResourceType Endpoint

Not supported.

ServiceProviderConfig Endpoint

Not supported.

Schemas Endpoint

Not supported.

Did this answer your question?