Versions Compared

Version Old Version 2 New Version 3
Changes made by

Jenni Wallin

Jenni Wallin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

It is possible to use SCIM via the REST HTTP interface to POST, GET, DELETE, PUT and PATCH user and group configurations. This section will cover the schemas used to create, update and remove users and groups, as well as the limitations when using SCIM for .

...

These are the limitations for using SCIM instead of the desktop.

  • Only users with write access for application Access Controller should be able to Add, update and delete users or groups.
  • A user can only be created once using the HTTP method POST
  • The password attribute is not mandatory when you create a user with POST , however the user will not be able to login to  without a password.
  • All user details can be modified except the username.
  • The users assigned group can only be updated using the HTTP method PUT
  • When using PUT to assign a user's group, no default group will be selected.
  • You can only POST an access group with same name one time, the group name can not be changed.

  • It is not possible to set or change the applications connected to the access group using the HTTP methods available via SCIM, this is only possible using the desktop.

Custom Schema

has an additional schema for the "User" resource. The Schema URI for it is:

...

    • to: The "DateTime" the user should be valid to.

      Info
      titleExample

      2021-03-23T22:59:59Z


      Note
      titleNote

      The to field should always be greater or equal to from field.


User related APIs

This section will cover all the REST HTTP APIs that are used for user related operations.

Retrieving Users

You can use this to retrieve all users:

...

Code Block
URL: http://<host>:9000/scim/api/v1/Users/14c257bd-e486-4ec6-b73e-47bb1e9b491b
Method: GET
Header: 
Accept: application/scim+json
Content-Type: application/scim+json

Creating Users

You can use this to create a user:

...

Code Block
URL: http://<host>:9000/scim/api/v1/Users
Method: POST
Header: 
Accept: application/scim+json
Content-Type: application/scim+json
Request Body: 
{
	"schemas":["urn:ietf:params:scim:schemas:core:2.0:User",
    "urn:sap:cloud:scim:schemas:extension:custom:2.0:mzuser"],
	"userName":"bjensen",
	"displayName": "mz80u3",
	"password": "mz80u3",
	"active": "true",
	"emails": [
	{ 
		"value": "b@b.com",
		"display": "bbb",
		"primary": true
	}

	],
	"externalId":"bjensen",
	"name":
	{
		"formatted":"Ms. Barbara J Jensen III",
		"familyName":"Jensen",
		"givenName":"Barbara"
	},
	"groups": [
	{
		"value": "ed309a27-3f34-45d3-ade5-b2f8f798deb5"
	},
	{
		"value": "86138dad-9742-44a2-a9cb-70347fb884a8"
	}
	],
	"urn:sap:cloud:scim:schemas:extension:custom:2.0:mzuser": {
        "successor": {
            "value": "71a36bb7-816f-460d-b580-3bd9352b0953"
        },
        "validityPeriod": {
                    "from": "2021-03-19T23:00:00Z",
                    "to": "2021-03-23T22:59:59Z"
                }
    }
}

Updating Users

You can use this to update all the values for a user:

...

Code Block
URL: http://<host>:9000/scim/api/v1/Users/c9706a50-6fd3-44cf-8f8d-7ea00fb05f1c
Method: PATCH
Header: 
Accept: application/scim+json
Content-Type: application/scim+json
Request Body: 
{
		"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp",
        "urn:sap:cloud:scim:schemas:extension:custom:2.0:mzuser"],
		"Operations":[
		{
			"op":"add",
			"value":
			{
				"emails":[
				{ 
					"value":"babs@jensen.org",
					"type":"home"
				}
				]
			}
		},
		{
            "op": "add",
            "path": "urn:sap:cloud:scim:schemas:extension:custom:2.0:mzuser:validityPeriod",
            "value": {
                "from": "2021-03-19T23:00:00Z",
                "to": "2021-03-23T22:59:59Z"
            }
        }
		
		]
}

Removing Users

You can use this to remove a user:

Code Block
URL: http://<host>:9000/scim/api/v1/Users/c9706a50-6fd3-44cf-8f8d-7ea00fb05f1c
Method: DELETE
Header: 
Accept: application/scim+json
Content-Type: application/scim+json

Group related APIs

This section will cover all the REST HTTP APIs that are used for group related operations.

Retrieving Groups

You can use this to retrieve all groups:

...

Code Block
URL: http://<host>:9000/scim/api/v1/Groups/119fe1b7-4b8b-4970-8ea6-b62bdaa11f05
Method: GET
Accept: */*
Content-Type: */*

Creating groups

You can use this to create a group:

...

Code Block
URL: http://<host>:9000/scim/api/v1/Groups
Method: POST
Accept: */*
Content-Type: */*
Request body:
{
	"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],
	"displayName":"group2",
	"members":[
	{
		"value":"a12822ad-a5c0-4f83-9a4e-96733a0d2e1b"
	},
	{
		"value":"8792b456-860a-499d-aa38-5caf4fe487c3"
	}
	]
}

Updating Groups

You can use this to update a group:

...

Code Block
URL: http://<host>:9000/scim/api/v1/Groups/a85d8e8c-0b6d-4653-b7c6-33c1fd6c1921
Method: PUT
Accept: */*
Content-Type: */*
Request body:
{
	"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],
	"displayName":"group2",
	"members":[
	{
		"value":"a12822ad-a5c0-4f83-9a4e-96733a0d2e1b"
	},
	{
		"value":"8792b456-860a-499d-aa38-5caf4fe487c3"
	}
	]
}

Deleting Groups

You can use this to delete a group:

...