It is possible to use SCIM via the REST HTTP interface to POST, GET, DELETE, PUT and PATCH user and group configurations. This section will cover the schemas used to create, update and remove users and groups, as well as the limitations when using SCIM for for .
For more information regarding the specifications for SCIM, please see RFC: https://tools.ietf.org/html/rfc7643
...
Note | ||
---|---|---|
| ||
When importing the user configurations into or into or when upgrading , the users will be disabled after the import operation or the upgrade. In order to enable the users, you can use PATCH or PUT, a user with attribute active : true. You can also enable the user by ticking the checkbox for the users you want to enable from the User tab in Access Controller on the the desktop. When creating a new user from SCIM, the user will be enabled by default. |
These are the limitations for using SCIM instead of the desktopthe desktop.
- Only users with write access for application Access Controller should be able to Add, update and delete users or groups.
- A user can only be created once using the HTTP method POST
- The password attribute is not mandatory when you create a user with POST , however the user will not be able to login to to without a password.
- All user details can be modified except the username.
- The users assigned group can only be updated using the HTTP method PUT
- When using PUT to assign a user's group, no default group will be selected.
- You can only POST an access group with same name one time, the group name can not be changed.
It is not possible to set or change the applications connected to the access group using the HTTP methods available via SCIM, this is only possible using the desktop.
Custom Schema
has has an additional schema for the "User" resource. The Schema URI for it is:
...