| Tip |
|---|
Prior to IS 5.4.0, SCIM 2.0 was supported as an external connector that could be plugged in to WSO2 Identity Server. From 5.4.0 onwards, SCIM 2.0 is supported OOTB with WSO2 IS. For information on user and tenant management using SCIM 2.0 REST APIs, see the REST API swagger docs for SCIM APIs. |
The default permissions required to access each resource in SCIM 2.0 are given below.
| Endpoint | HTTP Method | Permission |
|---|---|---|
| /scim2/Users | POST | /permission/admin/manage/identity/usermgt/create |
/scim2/Users | GET | /permission/admin/manage/identity/usermgt/list |
/scim2/Groups | POST | /permission/admin/manage/identity/rolemgt/create |
/scim2/Groups | GET | /permission/admin/manage/identity/rolemgt/view |
/scim2/Users/(.*) | GET | /permission/admin/manage/identity/usermgt/view |
/scim2/Users/(.*) | PUT | /permission/admin/manage/identity/usermgt/update |
/scim2/Users/(.*) | PATCH | /permission/admin/manage/identity/usermgt/update |
/scim2/Users/(.*) | DELETE | /permission/admin/manage/identity/usermgt/delete |
/scim2/Groups/(.*) | GET | /permission/admin/manage/identity/rolemgt/view |
/scim2/Groups/(.*) | PUT | /permission/admin/manage/identity/rolemgt/update |
/scim2/Groups/(.*) | PATCH | /permission/admin/manage/identity/rolemgt/update |
/scim2/Groups/(.*) | DELETE | /permission/admin/manage/identity/rolemgt/delete |
/scim2/Me | GET | /permission/admin/login |
/scim2/Me | DELETE | /permission/admin/login |
/scim2/Me | PUT | /permission/admin/login |
/scim2/Me | PATCH | /permission/admin/login |
/scim2/Me | POST | /permission/admin/manage/identity/usermgt/create |
/scim2/ServiceProviderConfig | all | - |
/scim2/ResourceType | all | - |
/scim2/Bulk | all | /permission/admin/manage/identity/usermgt |
| Info |
|---|
More information about how to secure the REST APIs and configure authorization level can be found from Authenticating and Authorizing REST APIs |