SCIM 2.0

SCIM 2.0 Specifications

You can see the detailed SCIM 2.0 specification documents here:

System for Cross-domain Identity Management: Core Schema

System for Cross-domain Identity Management: Protocol

SCIM 2.0 Endpoints

SCIM 2.0 Definitions


User Endpoint

URL

<domain root>/identity/seam/resource/restv1/scim/v2/Users

GET

Search Users - searches users based on filter criteria

Security

  • UMA (default)
  • OAuth2 Access Token (Test Mode)

Request

Content-Type: application/scim+json, application/json

Parameters
Name Located in Required Description Default Schema
Authorization header yes (default) - string
access_token query yes (if "Test Mode" is enabled) - string
filter query no - string
startIndex query no - string
count query no - string
sortBy query no - string
sortOrder query no - string
attributes query no - string array

Response

Content-Type: application/scim+json, application/json

Status Code Reason Response Model
200 successful operation ListResponse

POST

Create User - creates a user

Security

  • UMA (default)
  • OAuth2 Access Token (Test Mode)

Request

Content-Type: application/scim+json, application/json

Parameters
Name Located in Required Description Default Schema
Authorization header yes (default) - string
access_token query yes (if "Test Mode" is enabled) - string
body body yes User - User
attributes query no - string array

Response

Content-Type: application/scim+json, application/json

Status Code Reason Response Model
201 successful operation User

URL

<domain root>/identity/seam/resource/restv1/scim/v2/Users/{id}

GET

Find User By ID - returns a user by id as path parameter

Security

  • UMA (default)
  • OAuth2 Access Token (Test Mode)

Request

Content-Type: application/scim+json, application/json

Parameters
Name Located in Required Description Default Schema
Authorization header yes (default) - string
access_token query yes (if "Test Mode" is enabled) - string
id path yes LDAP 'inum' of user - string
attributes query no - string array

Response

Content-Type: application/scim+json, application/scim

Status Code Reason Response Model
200 successful operation User

PUT

Update User - updates a user

Security

  • UMA (default)
  • OAuth2 Access Token (Test Mode)

Request

Content-Type: application/scim+json, application/json

Parameters
Name Located in Required Description Default Schema
Authorization header yes (default) - string
access_token query yes (if "Test Mode" is enabled) - string
id path yes LDAP 'inum' of user - string
body body yes User - User
attributes query no - string array

Response

Content-Type: application/scim+json, application/json

Status Code Reason Response Model
200 successful operation User

DELETE

Delete User - deletes a user

Security

  • UMA (default)
  • OAuth2 Access Token (Test Mode)

Request

Parameters
Name Located in Required Description Default Schema
Authorization header yes (default) - string
access_token query yes (if "Test Mode" is enabled) - string
id path yes LDAP 'inum' of user - string

Response

Content-Type: application/scim+json, application/json

Status Code Reason Response Model
default successful operation -

URL

<domain root>/identity/seam/resource/restv1/scim/v2/Users/Search

POST

Search Users (Deprecated) - searches users by HTTP POST

Security

  • UMA (default)
  • OAuth2 Access Token (Test Mode)

Request

Content-Type: application/scim+json, application/json

Parameters
Name Located in Required Description Default Schema
Authorization header yes (default) - string
access_token query yes (if "Test Mode" is enabled) - string
body body yes - ScimPersonSearch

Response

Content-Type: application/scim+json, application/json

Status Code Reason Response Model
200 successful operation ListResponse

Group Endpoint

URL

<domain root>/identity/seam/resource/restv1/scim/v2/Groups

GET

Search Groups - searches groups based on filter criteria

Security

  • UMA (default)
  • OAuth2 Access Token (Test Mode)

Request

Content-Type: application/scim+json, application/json

Parameters
Name Located in Required Description Default Schema
Authorization header yes (default) - string
access_token query yes (if "Test Mode" is enabled) - string
filter query no - string
startIndex query no - string
count query no - string
sortBy query no - string
sortOrder query no - string
attributes query no - string array

Response

Content-Type: application/scim+json, application/json

Status Code Reason Response Model
200 successful operation ListResponse

POST

Create Group - creates a group

Security

  • UMA (default)
  • OAuth2 Access Token (Test Mode)

Request

Content-Type: application/scim+json, application/json

Parameters
Name Located in Required Description Default Schema
Authorization header yes (default) - string
access_token query yes (if "Test Mode" is enabled) - string
body body yes Group - Group
attributes query no - string array

Response

Content-Type: application/scim+json, application/json

Status Code Reason Response Model
201 successful operation Group

URL

<domain root>/identity/seam/resource/restv1/scim/v2/Groups/{id}

GET

Find Group By ID - returns a group by id as path parameter

Security

  • UMA (default)
  • OAuth2 Access Token (Test Mode)

Request

Content-Type: application/scim+json, application/json

Parameters
Name Located in Required Description Default Schema
Authorization header yes (default) - string
access_token query yes (if "Test Mode" is enabled) - string
id path yes LDAP 'inum' of group - string
attributes query no - string array

Response

Content-Type: application/scim+json, application/json

Status Code Reason Response Model
200 successful operation Group

PUT

Update Group - updates a group

Security

  • UMA (default)
  • OAuth2 Access Token (Test Mode)

Request

Content-Type: application/scim+json, application/json

Parameters
Name Located in Required Description Default Schema
Authorization header yes (default) - string
access_token query yes (if "Test Mode" is enabled) - string
id path yes LDAP 'inum' of group - string
body body yes Group - Group
attributes query no - string array

Response

Content-Type: application/scim+json, application/json

Status Code Reason Response Model
200 successful operation Group

DELETE

Delete Group - deletes a group

Security

  • UMA (default)
  • OAuth2 Access Token (Test Mode)

Request

Parameters
Name Located in Required Description Default Schema
Authorization header yes (default) - string
access_token query yes (if "Test Mode" is enabled) - string
id path yes LDAP 'inum' of the group - string

Response

Content-Type: application/scim+json, application/json

Status Code Reason Response Model
default successful operation -

Bulk Operation Endpoint

URL

<domain root>/identity/seam/resource/restv1/scim/v2/Bulk

POST

Bulk Operations - bulk operations

Security

  • UMA (default)
  • OAuth2 Access Token (Test Mode)

Request

Content-Type: application/scim+json, application/json

Parameters
Name Located in Required Description Default Schema
Authorization header yes (default) - string
access_token query yes (if "Test Mode" is enabled) - string
body body yes BulkRequest - BulkRequest

Response

Content-Type: application/scim+json, application/json

Status Code Reason Response Model
200 successful operation BulkResponse

Definitions

Address

name type required description example
operation string optional -
primary boolean optional -
formatted string optional -
streetAddress string optional -
locality string optional -
region string optional -
postalCode string optional -
country string optional -
type Type optional -
$ref string optional -

BulkOperation

name type required description example
bulkId string optional -
version string optional -
method string optional -
path string optional -
location string optional -
data object optional -
status string optional -
response object optional -

BulkRequest

name type required description example
schemas array[string] optional -
failOnErrors integer (int32) optional -
operations array[BulkOperation] optional -

BulkResponse

name type required description example
schemas array[string] optional -
operations array[BulkOperation] optional -

Email

name type required description example
operation string optional -
value string optional -
display string optional -
primary boolean optional -
type Type optional -
$ref string optional -

Entitlement

name type required description example
operation string optional -
value string optional -
display string optional -
primary boolean optional -
type Type optional -
$ref string optional -

Group

name type required description example
id string optional -
externalId string optional -
meta Meta optional -
schemas array[string] required -
displayName string optional -
members array[MemberRef] optional -

GroupRef

name type required description example
value string optional -
display string optional -
type Type optional -
$ref string optional -

Im

name type required description example
operation string optional -
value string optional -
display string optional -
primary boolean optional -
type Type optional -
$ref string optional -

ListResponse

name type required description example
totalResults integer (int32) optional -
startIndex integer (int32) optional -
itemsPerPage integer (int32) optional -
schemas array[string] optional -
resources array[Resource] optional -

MemberRef

name type required description example
operation string optional -
value string optional -
display string optional -
type Type optional -
$ref string optional -

Meta

name type required description example
created string (date-time) optional -
lastModified string (date-time) optional -
location string optional -
version string optional -
attributes array[string] optional -
resourceType string optional -

Name

name type required description example
formatted string optional -
familyName string optional -
givenName string optional -
middleName string optional -
honorificPrefix string optional -
honorificSuffix string optional -

PhoneNumber

name type required description example
operation string optional -
value string optional -
display string optional -
primary boolean optional -
type Type optional -
$ref string optional -

Photo

name type required description example
operation string optional -
value string optional -
display string optional -
primary boolean optional -
type Type optional -
$ref string optional -

Resource

name type required description example
id string optional -
externalId string optional -
meta Meta optional -
schemas array[string] required -

Role

name type required description example
operation string optional -
value string optional -
display string optional -
primary boolean optional -
type Type optional -
$ref string optional -

Type

name type required description example

User

name type required description example
id string optional -
externalId string optional -
meta Meta optional -
schemas array[string] required -
userName string optional -
name Name optional -
displayName string optional -
nickName string optional -
profileUrl string optional -
title string optional -
userType string optional -
preferredLanguage string optional -
locale string optional -
timezone string optional -
active boolean optional -
password string optional -
emails array[Email] optional -
phoneNumbers array[PhoneNumber] optional -
ims array[Im] optional -
photos array[Photo] optional -
addresses array[Address] optional -
groups array[GroupRef] optional -
entitlements array[Entitlement] optional -
roles array[Role] optional -
x509Certificates array[X509Certificate] optional -

X509Certificate

name type required description example
operation string optional -
value string optional -
display string optional -
primary boolean optional -
type Type optional -
$ref string optional -

ScimPersonSearch

name type required description example
attribute string required User Attribute Name Username
value string required User Attribute Value Mike