SCIM 2.0 Users
SCIM 2.0 Users API (1.0.0)
Download OpenAPI specification:Download
This document specifies SCIM 2.0 User Management RESTful API for WSO2 Identity Server.
Filter users
This API returns users according to the filter, sort and pagination parameters. Pagination is not supported across user stores and LDAP multi-attribute group filtering. However, filtering is supported across multiple user stores.
By default, duplicate user entries in the SCIM2 users response are persisted. To remove the duplicate user entries, add the following configuration to the deployment.toml file.
** Note
According to the SCIM specification, the totalResutls attribute should return total number of results returned by the list or query operation. But due to the limitation of the LDAP user store, when we use the pagination paramters, we cannot get total number of users in the database. So, we are returning the total number of users per page as the totalResults. This is only applicable for the LDAP user store. The JDBC user store is working according to the specification.
[scim2] remove_duplicate_users_in_users_response = true
Scope(Permission) required:internal_user_mgt_list
Authorizations:
query Parameters
| attributes | string SCIM defined attributes parameter. |
| excludedAttributes | string SCIM defined excludedAttribute parameter. |
| filter | string Filter expression for filtering. Supported filters are ‘Ew’, ‘Eq’, ‘Co’, ‘Sw’, ‘and’. |
| startIndex | integer <int32> The 1-based index of the first query result |
| count | integer <int32> Specifies the desired maximum number of query results per page. |
| domain | string The name of the user store where filtering needs to be applied. |
Responses
Request samples
- Curl
curl -X 'GET' \ 'https://localhost:9443/scim2/Users' \ -H 'accept: application/scim+json'
Response samples
- 200
- 401
- 403
{- "totalResults": 1,
- "startIndex": 1,
- "itemsPerPage": 1,
- "schemas": [
- "urn:ietf:params:scim:api:messages:2.0:ListResponse"
], - "Resources": [
- {
- "meta": {
- "created": "2018-08-17T10:34:29Z",
- "lastModified": "2018-08-17T10:34:29Z",
- "resourceType": "User"
}, - "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:User",
- "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
], - "username": "PRIMARY/kim",
- "id": "008bba85-451d-414b-87de-c03b5a1f4217",
- "name": {
- "givenName": "Kim",
- "familyName": "Berry"
}, - "emails": [
- {
- "type": "home",
- "value": "kim@gmail.com",
- "primary": true
}, - {
- "type": "work",
- "value": "kim@wso2.com"
}
], - "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
- "employeeNumber": "1234A",
- "manager": {
- "value": "Taylor"
}
}, - "roles": [
- {
- "type": "default",
- "value": "Internal/everyone"
}
]
}
]
}Create user
This API creates a user and returns the user details along with the user's unique ID.
Scope(Permission) required:internal_user_mgt_create
Authorizations:
query Parameters
| attributes | string SCIM defined attributes parameter. |
| excludedAttributes | string SCIM defined excludedAttribute parameter. |
Request Body schema: application/scim+jsonoptional
| schemas | object |
object | |
| userName | string |
| password required | string |
| emails | Array of objects |
object |
Responses
Request samples
- Payload
- Curl
{- "schemas": [ ],
- "name": {
- "givenName": "Kim",
- "familyName": "Berry"
}, - "userName": "kim",
- "password": "abc123",
- "emails": [
- {
- "type": "home",
- "value": "kim@gmail.com",
- "primary": true
}, - {
- "type": "work",
- "value": "kim@wso2.com"
}
], - "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
- "employeeNumber": "1234A",
- "manager": {
- "value": "Taylor"
}
}
}Response samples
- 201
- 400
- 401
- 403
- 500
{- "meta": {
- "created": "2018-08-17T10:34:29Z",
- "lastModified": "2018-08-17T10:34:29Z",
- "resourceType": "User"
}, - "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:User",
- "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
], - "username": "PRIMARY/kim",
- "id": "008bba85-451d-414b-87de-c03b5a1f4217",
- "name": {
- "givenName": "Kim",
- "familyName": "Berry"
}, - "emails": [
- {
- "type": "home",
- "value": "kim@gmail.com",
- "primary": true
}, - {
- "type": "work",
- "value": "kim@wso2.com"
}
], - "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
- "employeeNumber": "1234A",
- "manager": {
- "value": "Taylor"
}
}, - "roles": [
- {
- "type": "default",
- "value": "Internal/everyone"
}
]
}Search users
This API returns users according to the filter, sort and pagination parameters.
Scope(Permission) required:internal_user_mgt_list
Authorizations:
Request Body schema: application/scim+jsonoptional
Responses
Request samples
- Payload
- Curl
{- "schemas": [
- "urn:ietf:params:scim:api:messages:2.0:SearchRequest"
], - "attributes": [
- "name.familyName",
- "userName"
], - "filter": "userName sw ki and name.familyName co err",
- "domain": "PRIMARY",
- "startIndex": 1,
- "count": 10
}Response samples
- 200
- 401
- 403
{- "totalResults": 1,
- "startIndex": 1,
- "itemsPerPage": 1,
- "schemas": [
- "urn:ietf:params:scim:api:messages:2.0:ListResponse"
], - "Resources": [
- {
- "meta": {
- "created": "2018-08-17T10:34:29Z",
- "lastModified": "2018-08-17T10:34:29Z",
- "resourceType": "User"
}, - "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:User",
- "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
], - "username": "PRIMARY/kim",
- "id": "008bba85-451d-414b-87de-c03b5a1f4217",
- "name": {
- "givenName": "Kim",
- "familyName": "Berry"
}, - "emails": [
- {
- "type": "home",
- "value": "kim@gmail.com",
- "primary": true
}, - {
- "type": "work",
- "value": "kim@wso2.com"
}
], - "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
- "employeeNumber": "1234A",
- "manager": {
- "value": "Taylor"
}
}, - "roles": [
- {
- "type": "default",
- "value": "Internal/everyone"
}
]
}
]
}Get user by ID
Return user details if a user found.
Scope(Permission) required:internal_user_mgt_view
Authorizations:
path Parameters
| id required | string Unique ID of the resource type. |
query Parameters
| attributes | string SCIM defined attributes parameter. |
| excludedAttributes | string SCIM defined excludedAttribute parameter. |
Responses
Request samples
- Curl
curl -X 'GET' \ 'https://localhost:9443/scim2/Users/{user-id}' \ -H 'accept: application/scim+json'
Response samples
- 200
- 401
- 403
{- "meta": {
- "created": "2018-08-17T10:34:29Z",
- "lastModified": "2018-08-17T10:34:29Z",
- "resourceType": "User"
}, - "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:User",
- "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
], - "username": "PRIMARY/kim",
- "id": "008bba85-451d-414b-87de-c03b5a1f4217",
- "name": {
- "givenName": "Kim",
- "familyName": "Berry"
}, - "emails": [
- {
- "type": "home",
- "value": "kim@gmail.com",
- "primary": true
}, - {
- "type": "work",
- "value": "kim@wso2.com"
}
], - "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
- "employeeNumber": "1234A",
- "manager": {
- "value": "Taylor"
}
}, - "roles": [
- {
- "type": "default",
- "value": "Internal/everyone"
}
]
}Update user - PUT
This API updates user details and returns the updated user details using a PUT operation.
Scope(Permission) required:internal_user_mgt_update
Authorizations:
path Parameters
| id required | string Unique ID of the resource type. |
query Parameters
| attributes | string SCIM defined attributes parameter. |
| excludedAttributes | string SCIM defined excludedAttribute parameter. |
Request Body schema: application/scim+jsonoptional
| schemas | object |
object | |
| userName | string |
| emails | Array of objects |
object |
Responses
Request samples
- Payload
- Curl
{- "schemas": [ ],
- "name": {
- "givenName": "Kim",
- "familyName": "Berry"
}, - "userName": "kim",
- "emails": [
- {
- "type": "home",
- "value": "kim@gmail.com",
- "primary": true
}, - {
- "type": "work",
- "value": "kim@wso2.com"
}
], - "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
- "employeeNumber": "1234A",
- "manager": {
- "value": "Taylor"
}
}
}Response samples
- 200
- 401
- 403
{- "meta": {
- "created": "2018-08-17T10:34:29Z",
- "lastModified": "2018-08-17T10:34:29Z",
- "resourceType": "User"
}, - "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:User",
- "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
], - "username": "PRIMARY/kim",
- "id": "008bba85-451d-414b-87de-c03b5a1f4217",
- "name": {
- "givenName": "Kim",
- "familyName": "Berry"
}, - "emails": [
- {
- "type": "home",
- "value": "kim@gmail.com",
- "primary": true
}, - {
- "type": "work",
- "value": "kim@wso2.com"
}
], - "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
- "employeeNumber": "1234A",
- "manager": {
- "value": "Taylor"
}
}, - "roles": [
- {
- "type": "default",
- "value": "Internal/everyone"
}
]
}Delete user by ID
This API deletes a user using the user's unique ID.
Scope(Permission) required:internal_user_mgt_delete
Authorizations:
path Parameters
| id required | string Unique ID of the resource type. |
Responses
Request samples
- Curl
curl -X 'DELETE' \ 'https://localhost:9443/scim2/Users/{user-id}' \ -H 'accept: */*'
Response samples
- 401
- 403
{- "status": "401",
- "schemas": "urn:ietf:params:scim:api:messages:2.0:Error",
- "scimType": "Unauthorized"
}Update user - PATCH
This API updates user details and returns the updated user details using a PATCH operation.
Scope(Permission) required:internal_user_mgt_update
Supported Operations: add, replace, remove
Authorizations:
path Parameters
| id required | string Unique id of the resource type. |
query Parameters
| attributes | string SCIM defined attributes parameter. |
| excludedAttributes | string SCIM defined excludedAttribute parameter. |
Request Body schema: application/scim+jsonoptional
| schemas | Array of objects |
Array of objects (OperationMeItem) |
Responses
Request samples
- Payload
- Curl
{- "schemas": [
- "urn:ietf:params:scim:api:messages:2.0:PatchOp"
], - "Operations": [
- {
- "op": "add",
- "value": {
- "nickName": "shaggy"
}
}
]
}Response samples
- 200
- 401
- 403
{- "meta": {
- "created": "2018-08-17T10:34:29Z",
- "lastModified": "2018-08-17T10:34:29Z",
- "resourceType": "User"
}, - "schemas": [
- "urn:ietf:params:scim:schemas:core:2.0:User",
- "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
], - "username": "PRIMARY/kim",
- "id": "008bba85-451d-414b-87de-c03b5a1f4217",
- "name": {
- "givenName": "Kim",
- "familyName": "Berry"
}, - "emails": [
- {
- "type": "home",
- "value": "kim@gmail.com",
- "primary": true
}, - {
- "type": "work",
- "value": "kim@wso2.com"
}
], - "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
- "employeeNumber": "1234A",
- "manager": {
- "value": "Taylor"
}
}, - "roles": [
- {
- "type": "default",
- "value": "Internal/everyone"
}
]
}