Page Comparison

Warning
This documentation is work in progress!

Prior to IS 5.4.0, SCIM 2.0 was supported as an external connector that could be plugged in to WSO2 Identity Server. From 5.4.0 onwards, SCIM 2.0 is supported OOTB with WSO2 IS.

For information on user and tenant management using SCIM 2.0 REST APIs, see the REST API swagger docs for SCIM APIs.

Tip
Warning
This documentation is work in progress!

Tip
Tip: Prior to IS 5.4.0, SCIM 2.0 was supported as an external connector that could be plugged in to WSO2 Identity Server. From 5.4.0 onwards, SCIM 2.0 is supported OOTB with WSO2 IS.

This REST API implements the SCIM 2.0 Protocol according to the SCIM 2.0 specification.The following endpoints are supported with WSO2 Identity Server.

Table of Contents

Users endpoint

Panel

borderColor	Black
bgColor	White

GET/ Get User by ID

GET https://localhost/t/{tenant-domain}/scim2/Users/{id}

This API is used to retrieve users by their user ID. It returns an HTTP 200 response if the user is not found.

Code Block

title	Request

curl -v -k --user [username]:[password] https://localhost:9443/scim2/Users/[user ID]

Code Block

title	Sample cURL

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd'

Code Block

title	Response

{"emails":[{"type":"work","value":"kim_j@wso2.com"},{"type":"home","value":"kim.jackson@gmail.com"}],"meta":{"created":"2018-08-15T14:55:23Z","location":"https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd","lastModified":"2018-08-15T14:55:23Z","resourceType":"User"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"roles":[{"type":"default","value":"Internal/everyone"}],"name":{"givenName":"kim","familyName":"jackson"},"id":"c8c821ba-1200-495e-a775-79b260e717bd","userName":"kim"}

Parameters

Type

Name

Description

Schema

Default Value

Path

id

(required)

Unique ID of the resource type.

Code Block

title	Sample Request

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd'

String

-

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response.

All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd?attributes=userName,name.familyName’

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be exclused from the response.
All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd?excludedAttributes=userName,name.familyName’

String

-

Responses

HTTP 200 - Valid user is found
HTTP 401 - Unauthorized
HTTP 404 - Valid user is not found

Panel

borderColor	#000080
bgColor	White

POST/ Create User

POST https://localhost/t/{tenant-domain}/scim2/Users

This API creates a user and returns the user details along with the user's unique ID. It returns HTTP 201 if the user is successfully created.

Code Block

title	Request

curl -v -k --user [username]:[password] --data '{"schemas":[],"name":{"familyName":[last name],"givenName":[name]},"userName":[username],"password":[password],"emails":[{"primary":[true/false],"value":[email address],"type":[home/work]},{"value":[email address 2],"type":[home/work]}]}--header "Content-Type:application/json" https://localhost:9443/scim2/Users

Code Block

title	Sample cURL

curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"kim","password":"kimwso2","emails":[{"primary":true,"value":"kim.jackson@gmail.com","type":"home"},{"value":"kim_j@wso2.com","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users

Code Block

title	Response

{"emails":[{"type":"home","value":"kim.jackson@gmail.com","primary":true},{"type":"work","value":"kim_j@wso2.com"}],"meta":{"created":"2018-08-15T14:55:23Z","location":"https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd","lastModified":"2018-08-15T14:55:23Z","resourceType":"User"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"name":{"familyName":"jackson","givenName":"kim"},"id":"c8c821ba-1200-495e-a775-79b260e717bd","userName":"kim"}

Parameters

Type

Name

Description

Schema

Default Value

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response.

All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"kim","password":"kimwso2","emails":[{"primary":true,"value":"kim.jackson@gmail.com","type":"home"},{"value":"kim_j@wso2.com","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users?attributes=userName,name.familyName

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be exclused from the response.
All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"kim","password":"kimwso2","emails":[{"primary":true,"value":"kim.jackson@gmail.com","type":"home"},{"value":"kim_j@wso2.com","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users?excludedAttributes=userName,name.familyName

String

-

Body

body

(optional)

A JSON object that contains relevant values for creating a user.

Code Block

title	Sample Request

curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"kim","password":"kimwso2","emails":[{"primary":true,"value":"kim.jackson@gmail.com","type":"home"},{"value":"kim_j@wso2.com","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users

String

-

Responses

HTTP 201 - Valid user is created
HTTP 401 - Unauthorized
HTTP 404 - Invalid user

Tip

Tip: To create a user in a particular user store, add the {domainName}/ prefix in front of the user name.

Code Block

title	Sample Request

curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"WSO2/kim","password":"kimwso2","emails":[{"primary":true,"value":"kim.jackson@gmail.com","type":"home"},{"value":"kim_j@wso2.com","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users

Panel

borderColor	Black
bgColor	White

DELETE/ Delete User by ID

DELETE https://localhost/t/{tenant-domain}/scim2/Users/{id}

This API deletes a user using the user's unique ID. It returns HTTP 204 if the user is successfully deleted.

Code Block

title	Request

curl -v -k --user [username]:[password] -X DELETE https://localhost:9443/scim2/Users/[user ID] -H "Accept: application/scim+json"

Code Block

title	Sample cURL

curl -v -k --user admin:admin -X DELETE https://localhost:9443/scim2/Users/b228b59d-db19-4064-b637-d33c31209fae -H "Accept: application/scim+json"

Code Block

title	Response

HTTP/1.1 204 No Content

Parameters

Type

Name

Description

Schema

Default Value

Path

id

(required)

Unique ID of the resource type.

String

-

Responses

HTTP 204 - User has been succesfully deleted
HTTP 401 - Unauthorized
HTTP 404 - Valid user is not found

Panel

borderColor	Black
bgColor	White

GET/ Get Users (User Listing/Filtering)

GET https://localhost/t/{tenant-domain}/scim2/Users

This API returns users according to the filter, sort and pagination parameters. It returns an HTTP 404 response if the users are not found. Pagination is not supported across user stores and LDAP multi-attribute group filtering. However, filtering is supported across multiple user stores.

Code Block

title	Request

curl -v -k --user [username]:[password]  'https://localhost:9443/scim2/Users?startIndex=[value]&count=[value]&domain=[value]&filter=[query]&attributes=[attribute names]'

Code Block

title	Sample cURL

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users?startIndex=1&count=10&domain=PRIMARY&filter=userName+sw+ki+and+name.familyName+co+ack&attributes=userName,name.familyName'

Code Block

title	Response

{"totalResults":1,"startIndex":1,"itemsPerPage":1,"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],"Resources":[{"emails":[{"type":"work","value":"kim_j@wso2.com"},{"type":"home","value":"kim.jackson@gmail.com"}],"meta":{"created":"2018-08-15T14:55:23Z","location":"https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd","lastModified":"2018-08-15T14:55:23Z","resourceType":"User"},"roles":[{"type":"default","value":"Internal/everyone"}],"name":{"givenName":"kim","familyName":"jackson"},"id":"c8c821ba-1200-495e-a775-79b260e717bd","userName":"kim"}]}

Parameters

Type Name Description Schema Default Value

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response.

All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users?startIndex=1&count=10&domain=PRIMARY&attributes=userName,name.familyName'

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be exclused from the response.
All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users?startIndex=1&count=10&domain=PRIMARY&filter=userName+sw+ki+and+name.familyName+co+ack&attributes=userName,name.familyName'

String

-

Query

filter

(optional)

A filter expression used to filter users.

Supported filter operators are ‘EQ’, 'EW', ‘CO’, ‘SW’, and ‘AND’.

Tip
Note that operators are case-insensitive.

String

-

Query

startIndex

(optional)

The 1-based index of the first query result.

Integer

-

Query

count

(optional)

Specifies the desired maximum number of query results per page.

Tip

This parameter is optional but it is recommended to include it in the request.

When this parameter is not included in the request, the response returns all users from a given domain or across all user stores.

When this parameter is set to 0 (zero) or is a negative value, no users are retrieved.

Integer

-

Query

sortBy

(optional)

Specifies the attribute whose value can be used to order the returned responses.

Warning
This parameter is not supported for this version.

String

-

Query

sortOrder

(optional)

The order in which the "sortBy" parameter is applied. (e.g., ascending order)

Warning
This parameter is not supported for this version.

String

-

Query

domain

(optional)

The name of the user store to which filtering needs to be applied.

String

-

Responses

HTTP 200 - Valid users are found
HTTP 401 - Unauthorized
HTTP 404 - Valid users are not found

Tip

There are two ways to retrieve users from a particular user store:

Using the domain query parameter
Filter or list users from a particular domain by setting the domain query parameter as shown in the example below.
Code Block
title Sample Request
curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users?startIndex=1&count=10&domain=WSO2
Adding the “{domain}/” prefix in front of the filter value
Filter or list users from a particular domain by specifying the domain in front of the filter value as shown in the example below.
Note that this feature can only be used with “userName” and “groups” attributes.
If the domain name is specified in both the query parameter and the filter value, an ERROR is thrown if the two values are not equal.
Code Block
curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users?startIndex=1&count=10&filter=userName+sw+WSO2/ki'

Panel

borderColor	Black
bgColor	White

POST/ Search Users

POST https://localhost/t/{tenant-domain}/scim2/Users/.search

This API returns users according to the filter, sort and pagination parameters. It returns an HTTP 404 response if the users are not found.

Code Block

title	Request

curl -v -k --user [username]:[password] --data '{"schemas": ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],"attributes": [attribute names],"filter": [filter query],"domain": [domain name],"startIndex": [value],"count": [value]}' --header "Content-Type:application/scim+json"  'https://localhost:9443/scim2/Users/.search'

Code Block

title	Sample cURL

curl -v -k --user admin:admin --data '{"schemas": ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],"attributes": ["name.familyName", "userName"],"filter":"userName sw ki and name.familyName co ack","domain":"PRIMARY","startIndex": 1,"count": 10}' --header "Content-Type:application/scim+json"  'https://localhost:9443/scim2/Users/.search'

Code Block

title	Response

{"totalResults":1,"startIndex":1,"itemsPerPage":1,"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],"Resources":[{"name":{"familyName":"jackson"},"id":"c8c821ba-1200-495e-a775-79b260e717bd","userName":"kim"}]}

Parameters

Type

Name

Description

Schema

Default Value

Body

body

(optional)

This is a JSON object that contains relevant values used to search for a user.

String

-

Responses

HTTP 200 - Valid users are found
HTTP 401 - Unauthorized
HTTP 404 - Valid users are not found

Panel

borderColor	Black
bgColor	White

PATCH/ Update User

PATCH https://localhost/t/{tenant-domain}/scim2/Users/{id}

This API updates user details and returns the updated user details using a PATCH operation. It returns an HTTP 404 response if the user is not found.

Code Block

title	Request

curl -v -k --user [username]:[password] -X PATCH -d '{"schemas":[],"Operations":[{"op":[operation],"value":{[attributeName]:[attribute value]}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users/[user ID]

Code Block

title	Sample cURL

curl -v -k --user admin:admin -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"nickName":"shaggy"}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd

Code Block

title	Response

{"emails":[{"type":"work","value":"kim_j@wso2.com"},{"type":"home","value":"kim.jack@gmail.com"}],"meta":{"created":"2018-08-15T14:55:23Z","location":"https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd","lastModified":"2018-08-16T14:46:07Z","resourceType":"User"},"nickName":"shaggy","schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"roles":[{"type":"default","value":"Internal/everyone"}],"name":{"givenName":"kim","familyName":"jackson"},"id":"c8c821ba-1200-495e-a775-79b260e717bd","userName":"kim"}

Parameters

Type

Name

Description

Schema

Default Value

Path

id

(required)

Unique ID of the resource type.

String

-

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response.

All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"nickName":"shaggy"}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd?attributes=userName,name.familyName

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be exclused from the response.
All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"nickName":"shaggy"}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd?excludedAttributes=userName,name.familyName

String

-

Body

body

(optional)

This is a JSON object that contains relevant values used to search for a user.

Responses

HTTP 200 - User has been successfully updated
HTTP 401 - Unauthorized
HTTP 404 - Valid user is not found

Panel

borderColor	Black
bgColor	White

PUT/ Update User

PUT https://localhost/t/{tenant-domain}/scim2/Users/{id}

This API updates user details and returns the updated user details using a PUT operation. It returns an HTTP 404 response if the user is not found.

Code Block

title	Request

curl -v -k --user [username]:[password] -X PUT -d '{"schemas":[],"name":{"familyName":[last name],"givenName":[name]},"userName":[username],"emails":[{"value":[email address],"type":[home/work]},{"value":[email address 2],"type":[home/work]}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users/[user ID]

Code Block

title	Sample cURL

curl -v -k --user admin:admin -X PUT -d '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"kim","emails":[{"value":"kim_j@wso2.com","type":"work"},{"value":"kim.jack@gmail.com","type":"home"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd

Code Block

title	Response

{"emails":[{"type":"work","value":"kim_j@wso2.com"},{"type":"home","value":"kim.jack@gmail.com"}],"meta":{"created":"2018-08-15T14:55:23Z","location":"https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd","lastModified":"2018-08-16T14:24:00Z","resourceType":"User"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"roles":[{"type":"default","value":"Internal/everyone"}],"name":{"givenName":"kim","familyName":"jackson"},"id":"c8c821ba-1200-495e-a775-79b260e717bd","userName":"kim"}

Parameters

Type

Name

Description

Schema

Default Value

Path

id

(required)

Unique ID of the resource type.

String

-

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response.

All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"nickName":"shaggy"}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd?attributes=userName,name.familyName

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be exclused from the response.
All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"nickName":"shaggy"}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd?excludedAttributes=userName,name.familyName

String

-

Body

body

(optional)

This is a JSON object that contains relevant values used to search for a user.

String

-

Responses

HTTP 200 - User has been successfully updated
HTTP 401 - Unauthorized
HTTP 404 - Valid users are not found

Groups endpoint

Panel

borderColor	Black
bgColor	White

GET/ Group by ID

GET https://localhost/t/{tenant-domain}/scim2/Groups/{id}

This API returns the group details of a particular group using its unique ID. It returns an HTTP 200 response if the group is found.

Code Block

title	Request

curl -v -k --user [username]:[password]  https://localhost:9443/scim2/Groups/[group ID]

Code Block

title	Sample cURL

curl -v -k --user admin:admin https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36

Code Block

title	Response

{"displayName":"manager","meta":{"created":"2018-08-16T15:27:42Z","location":"https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36","lastModified":"2018-08-16T15:27:42Z"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"id":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"}

Parameters

Type

Name

Description

Schema

Default Value

Path

id

(required)

Unique ID of the resource type.

String

-

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response.

All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36?attributes=displayName’

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be exclused from the response.
All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36?excludedAttributes=displayName’

String

-

Responses

HTTP 200 - Valid group is found
HTTP 401 - Unauthorized
HTTP 404 - Valid group is not found

Panel

borderColor	Black
bgColor	White

POST/ Create Group

POST https://localhost/t/{tenant-domain}/scim2/Groups

This API creates a group and returns the details of the created group including its unique ID. It returns an HTTP 201 response if the group is successfully created.

Code Block

title	Request

curl -v -k --user [username]:[password] --data '{"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"displayName": [group name], "members": [{"value": [user ID],"$ref":[ref url],"display": [user name] }]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups

Code Block

title	Sample cURL

curl -v -k --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups

Code Block

title	Response

{"displayName":"PRIMARY/manager","meta":{"created":"2018-08-16T15:27:42Z","location":"https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36","lastModified":"2018-08-16T15:27:42Z","resourceType":"Group"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"id":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"}

Parameters

Type

Name

Description

Schema

Default Value

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response.

All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups?attributes=displayName

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be exclused from the response.
All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups?excludedAttributes=displayName

String

-

Body

body

(optional)

This is a JSON object that contains relevant values used to create a group.

Code Block

title	Sample Request

curl -v -k --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups

String

-

Responses

HTTP 201 - Valid group is created
HTTP 401 - Unauthorized
HTTP 404 - Group is not found

Panel

borderColor	Black
bgColor	White

POST/ Create Group

POST https://localhost/t/{tenant-domain}/scim2/Groups

This API creates a group and returns the details of the created group including its unique ID. It returns an HTTP 201 response if the group is successfully created.

Code Block

title	Request

curl -v -k --user [username]:[password] --data '{"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"displayName": [group name], "members": [{"value": [user ID],"$ref":[ref url],"display": [user name] }]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups

Code Block

title	Sample cURL

curl -v -k --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups

Code Block

title	Response

{"displayName":"PRIMARY/manager","meta":{"created":"2018-08-16T15:27:42Z","location":"https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36","lastModified":"2018-08-16T15:27:42Z","resourceType":"Group"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"id":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"}

Parameters

Type

Name

Description

Schema

Default Value

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response.

All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups?attributes=displayName

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be exclused from the response.
All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups?excludedAttributes=displayName

String

-

Body

body

(optional)

This is a JSON object that contains relevant values used to create a group.

Code Block

title	Sample Request

curl -v -k --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups

String

-

Responses

HTTP 201 - Valid group is created
HTTP 401 - Unauthorized
HTTP 404 - Invalid group

Tip

Tip: To create a user in a particular user store, add the {domainName}/ prefix in front of the user name as shown in the example below.

Code Block

title	Sample Request

curl -v -k --user admin:admin --data '{"displayName":"WSO2DOMAIN/manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups

Panel

borderColor	Black
bgColor	White

DELETE/ Delete Group By ID

DELETE https://localhost/t/{tenant-domain}/scim2/Groups/{id}

This API deletes a particular group using its unique ID. It returns an HTTP 204 reponse if the group is successfully deleted.

Code Block

title	Request

curl -v -k --user [username]:[password] -X DELETE https://localhost:9443/scim2/Groups/[group ID] -H "Accept: application/json"

Code Block

title	Sample cURL

curl -v -k --user admin:admin -X DELETE https://localhost:9443/scim2/Groups/0d32c19e-7a74-4c22-b1ad-1d21317d5b04 -H "Accept:application/json"

Code Block

title	Response

HTTP/1.1 204 No Content

Parameters

Type

Name

Description

Schema

Default Value

Path

id

(required)

Unique ID of the resource type.

String

-

Responses

HTTP 204 - Valid group has been successfully deleted.
HTTP 401 - Unauthorized
HTTP 404 - Invalid group

Panel

borderColor	Black
bgColor	White

GET/ Filter Groups

GET https://localhost/t/{tenant-domain}/scim2/Groups

This API deletes a particular group using its unique ID. It returns an HTTP 204 reponse if the group is successfully deleted.

Code Block

title	Request

curl -v -k --user [username]:[password] 'https://localhost:9443/scim2/Groups?startIndex=[value]&count=[value]&filter=[query]&attributes=[attribute names]'

Code Block

title	Sample cURL

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Groups?filter=displayName+eq+manager'

Code Block

title	Response

{"totalResults":1,"startIndex":1,"itemsPerPage":1,"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],"Resources":[{"displayName":"PRIMARY/manager","meta":{"created":"2018-08-16T15:27:42Z","location":"https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36","lastModified":"2018-08-16T15:27:42Z"},"members":[{"display":"kim","value":"b3c07363-f0ed-4798-97f9-0cb26d9d79c0"},{"display":"Kris","value":"81cbba1b-c259-485d-8ba4-79afb03e5bd1"}],"id":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"}]}

Parameters

Type Name Description Schema Default Value

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response.

All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Groups?filter=displayName+eq+manager&attributes=displayName'

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be exclused from the response.
All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Groups?filter=displayName+eq+manager&excludedAttributes=displayName'

String

-

Query

filter

(optional)

A filter expression used to filter users.

Supported filter operators are ‘EQ’, 'EW', ‘CO’, ‘SW’, and ‘AND’.

Tip
Note that operators are case-insensitive.

String

-

Query

startIndex

(optional)

The 1-based index of the first query result.

Warning
Pagination is not supported.

Integer

-

Query

count

(optional)

Specifies the desired maximum number of query results per page.

Warning
Pagination is not supported.

Tip
Note: When this parameter is not included in the request, the response returns all groups from the given domain or across all user stores. When the count is zero or any value less than zero, no groups are returned.

Integer

-

Query

sortBy

(optional)

Specifies the attribute whose value can be used to order the returned responses.

Warning
This parameter is not supported for this version.

String

-

Query

sortOrder

(optional)

The order in which the "sortBy" parameter is applied. (e.g., ascending order)

Warning
This parameter is not supported for this version.

String

-

Query

domain

(optional)

The name of the user store to which filtering needs to be applied.

String

-

Responses

HTTP 204 - Valid group has been successfully deleted.
HTTP 401 - Unauthorized
HTTP 404 - Invalid group

Tip

There are two ways to retrieve users from a particular user store:

Using the domain query parameter
Setting the domain parameter enables both filtering and listing groups in a specified user store.
Code Block
title Sample Request
curl -v -k --user admin:admin 'https://localhost:9443/scim2/Groups?startIndex=3&count=20&domain=WSO2’
Adding the “{domain}/” prefix in front of the filter value
Filter or list users from a particular domain by specifying the domain in front of the filter value as shown in the example below.
Note that this feature can only be used with "displayName", "members.display" and "members.value" attributes.
If the domain name is specified in both the query parameter and the filter value, an ERROR is thrown if the two values are not equal.
Code Block
curl -v -k --user admin:admin 'https://localhost:9443/scim2/Groups?startIndex=2&count=20&filter=displayName+eq+WSO2/manager'

Panel

borderColor	Black
bgColor	White

POST/ Search Groups

POST https://localhost/t/{tenant-domain}/scim2/Groups/.search

This API returns groups according to the specified filter, sort and pagination parameters. It returns an HTTP 404 response if the groups are not found.

Code Block

title	Request

curl -v -k --user [username]:[password] --data '{"schemas": [],"startIndex": [value], "filter": [query]}' --header "Content-Type:application/scim+json" https://localhost:9443/scim2/Groups/.search

Code Block

title	Sample cURL

curl -v -k --user admin:admin --data '{"schemas": ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],"startIndex": 1, "filter": "displayName eq manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/.search

Code Block

title	Response

{"totalResults":1,"startIndex":1,"itemsPerPage":1,"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],"Resources":[{"displayName":"PRIMARY/manager","meta":{"created":"2018-08-16T15:27:42Z","location":"https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36","lastModified":"2018-08-16T15:27:42Z"},"members":[{"display":"kim","value":"b3c07363-f0ed-4798-97f9-0cb26d9d79c0"},{"display":"Kris","value":"81cbba1b-c259-485d-8ba4-79afb03e5bd1"}],"id":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"}]}

Parameters

Type

Name

Description

Schema

Default Value

Body

body

(optional)

This is a JSON object that contains relevant values used to search for a group.

String

-

Responses

HTTP 200 - Valid groups are found
HTTP 401 - Unauthorized
HTTP 404 - Groups are not found

Panel

borderColor	Black
bgColor	White

PATCH/ Update User

PATCH https://localhost/t/{tenant-domain}/scim2/Groups/{id}

This API updates the group details and returns the updated group details using a PATCH operation. It returns an HTTP 404 response if the group is not found.

Code Block

title	Request

curl -v -k --user [username]:[password] -X PATCH -d '{"schemas":[],"Operations":[{"op": [operation],"value":{"members":[{"display": [name],"$ref": [ref],"value": [member user ID] }] } }]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/[group ID]

Code Block

title	Sample cURL

curl -v -k --user admin:admin -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"members":[{"display": "Kris","$ref":"https://localhost:9443/scim2/Users/81cbba1b-c259-485d-8ba4-79afb03e5bd1","value": "81cbba1b-c259-485d-8ba4-79afb03e5bd1"}]}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36

Code Block

title	Response

{"displayName":"PRIMARY/manager","meta":{"created":"2018-08-16T15:27:42Z","location":"https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36","lastModified":"2018-08-16T15:51:45Z"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"members":[{"display":"kim","value":"b3c07363-f0ed-4798-97f9-0cb26d9d79c0"},{"display":"Kris","value":"81cbba1b-c259-485d-8ba4-79afb03e5bd1","$ref":"https://localhost:9443/scim2/Users/81cbba1b-c259-485d-8ba4-79afb03e5bd1"}],"id":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"}

Parameters

Type

Name

Description

Schema

Default Value

Path

id

(required)

Unique ID of the resource type.

String

-

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response.

All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"members":[{"display": "Kris","$ref":"https://localhost:9443/scim2/Users/81cbba1b-c259-485d-8ba4-79afb03e5bd1","value": "81cbba1b-c259-485d-8ba4-79afb03e5bd1"}]}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36?attributes=displayName

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be exclused from the response.
All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"members":[{"display": "Kris","$ref":"https://localhost:9443/scim2/Users/81cbba1b-c259-485d-8ba4-79afb03e5bd1","value": "81cbba1b-c259-485d-8ba4-79afb03e5bd1"}]}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36?excludedAttributes=displayName

String

-

Body

body

(optional)

This is a JSON object that contains relevant values used to search for a user.

String

-

Responses

HTTP 200 - Group has been successfully updated
HTTP 401 - Unauthorized
HTTP 404 - Valid group is not found

Panel

borderColor	Black
bgColor	White

PUT/ Update User

PUT https://localhost/t/{tenant-domain}/scim2/Groups/{id}

This API updates the group details and returns the updated group details using a PUT operation. It returns an HTTP 404 reponse if the group is not found.

Code Block

title	Request

curl -v -k --user[username]:[password] -X PUT -d '{"displayName":[group name],"members":[{"value":[user ID],"display":[user's name]}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/[group ID]

Code Block

title	Sample cURL

curl -v -k --user admin:admin -X PUT -d '{"displayName":"manager","members":[{"value":"b3c07363-f0ed-4798-97f9-0cb26d9d79c0","display":"kim"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36

Code Block

title	Response

{"displayName":"PRIMARY/manager","meta":{"created":"2018-08-16T15:27:42Z","location":"https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36","lastModified":"2018-08-16T15:42:56Z"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"members":[{"display":"kim","value":"b3c07363-f0ed-4798-97f9-0cb26d9d79c0"}],"id":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"}

Parameters

Type

Name

Description

Schema

Default Value

Path

id

(required)

Unique ID of the resource type.

String

-

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response.

All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin -X PUT -d '{"displayName":"manager","members":[{"value":"b3c07363-f0ed-4798-97f9-0cb26d9d79c0","display":"kim"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36?attributes=displayName

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be exclused from the response.
All the of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin -X PUT -d '{"displayName":"manager","members":[{"value":"b3c07363-f0ed-4798-97f9-0cb26d9d79c0","display":"kim"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36?excludedAttributes=displayName

String

-

Body

body

(optional)

This is a JSON object that contains relevant values used to search for a user.

String

-

Responses

HTTP 200 - Group has been successfully updated
HTTP 401 - Unauthorized
HTTP 404 - Valid group is not found

Bulk Endpoint

Panel

borderColor	Black
bgColor	White

POST/ Create Users in Bulk

POST https://localhost/t/{tenant-domain}/scim2/Bulk

This API is used to create multiple users at once. It returns an HTTP 201 response if the users are successfully created.

Code Block

title	Request

curl -v -k --user [username]:[password] --data '{"failOnErrors": [value],"schemas":[],"Operations":[{"method": [request type],"path": [end point],"bulkId": [bulk id] ,"data": [input user details] }] }' --header "Content-Type:application/scim+json" https://localhost:9443/scim2/Bulk

Code Block

title	Sample cURL

curl -v -k --user admin:admin --data '{"failOnErrors":1,"schemas":["urn:ietf:params:scim:api:messages:2.0:BulkRequest"],"Operations":[{"method": "POST","path": "/Users","bulkId": "qwerty","data":{"schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],"userName": "Kris","password":"krispass"}},{"method": "POST","path": "/Users","bulkId":"ytrewq","data":{"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"userName":"Jesse","password":"jessepass","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"employeeNumber": "11250","manager": {"value": "bulkId:qwerty"}}}}]}' --header "Content-Type:application/scim+json" https://localhost:9443/scim2/Bulk

Code Block

title	Response

{"schemas":["urn:ietf:params:scim:api:messages:2.0:BulkResponse"],"Operations":[{"bulkId":"qwerty","method":"POST","location":"https://localhost:9443/scim2/Users/81cbba1b-c259-485d-8ba4-79afb03e5bd1","status":{"code":201}},{"bulkId":"ytrewq","method":"POST","location":"https://localhost:9443/scim2/Users/b489dacc-fc89-449c-89f6-7acc37422031","status":{"code":201}}]}

Parameters

Type

Name

Description

Schema

Default Value

Body

body

(optional)

This is a JSON object that contains relevant values used to create the users.

String

-

Responses

HTTP 200 - Valid users are created
HTTP 401 - Unauthorized
HTTP 404 - Invalid users

ResourceType Endpoint

Panel

borderColor	Black
bgColor	White

GET/ Get Resource Types

GET https://localhost/t/{tenant-domain}/scim2/ResourceType

This API lists and returns metadata about resource types. It returns an HTTP 200 response if the schema is found.

Code Block

title	Request

curl -v -k --user [username]:[password] https://localhost:9443/scim2/ResourceType

Code Block

title	Sample cURL

curl -v -k --user admin:admin https://localhost:9443/scim2/ResourceType

Code Block

title	Response

{"schemas":["urn:ietf:params:scim:schemas:core:2.0:ResourceType"],"resourceType":[{"schema":"urn:ietf:params:scim:schemas:core:2.0:User","endpoint":"/Users","meta":{"location":"https://localhost:9443/scim2/ResourceType/User","resourceType":"ResourceType"},"name":"User","description":"User Account","schemaExtensions":{"schema":"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User","required":false},"id":"User"},{"schema":"urn:ietf:params:scim:schemas:core:2.0:Group","endpoint":"/Groups","meta":{"location":"https://localhost:9443/scim2/ResourceType/Group","resourceType":"ResourceType"},"name":"Group","description":"Group","id":"Group"}]}

Parameters

None

Responses

HTTP 200 - Schema is found
HTTP 401 - Unauthorized
HTTP 404 - Schema is not found

ServiceProviderConfig Endpoint

Panel

borderColor	Black
bgColor	White

GET/ Get Service Provider Config

GET https://localhost/t/{tenant-domain}/scim2/ServiceProviderConfig

This API is used to create multiple users at once. It returns an HTTP 201 response if the users are successfully created.

Code Block

title	Request

curl -v -k --user [username]:[password]  https://localhost:9443/scim2/ServiceProviderConfig

Code Block

title	Sample cURL

curl -v -k --user admin:admin  https://localhost:9443/scim2/ServiceProviderConfig

Code Block

title	Response

{"patch":{"supported":true},"filter":{"maxResults":200,"supported":true},"documentationUri":"http://example.com/help/scim.html","authenticationSchemes":[{"name":"OAuth Bearer Token","description":"Authentication scheme using the OAuth Bearer Token Standard","specUri":"http://www.rfc-editor.org/info/rfc6750","type":"oauthbearertoken","primary":true},{"name":"HTTP Basic","description":"Authentication scheme using the HTTP Basic Standard","specUri":"http://www.rfc-editor.org/info/rfc2617","type":"httpbasic","primary":false}],"schemas":["urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"],"etag":{"supported":false},"sort":{"supported":false},"bulk":{"maxPayloadSize":1048576,"maxOperations":1000,"supported":true},"changePassword":{"supported":false}}

Parameters

None

Responses

HTTP 200 - Schema is found
HTTP 401 - Unauthorized
HTTP 404 - Schema is not found

Required permissions for SCIM 2.0 APIs

The default permissions required to access each resource in SCIM 2.0 are given below.

Endpoint	HTTP Method	Permission
/scim2/Users	POST	/permission/admin/manage/identity/usermgt/create
/scim2/Users	GET	/permission/admin/manage/identity/usermgt/list
/scim2/Groups	POST	/permission/admin/manage/identity/rolemgt/create
/scim2/Groups	GET	/permission/admin/manage/identity/rolemgt/view
/scim2/Users/(.*)	GET	/permission/admin/manage/identity/usermgt/view
/scim2/Users/(.*)	PUT	/permission/admin/manage/identity/usermgt/update
/scim2/Users/(.*)	PATCH	/permission/admin/manage/identity/usermgt/update
/scim2/Users/(.*)	DELETE	/permission/admin/manage/identity/usermgt/delete
/scim2/Groups/(.*)	GET	/permission/admin/manage/identity/rolemgt/view
/scim2/Groups/(.*)	PUT	/permission/admin/manage/identity/rolemgt/update
/scim2/Groups/(.*)	PATCH	/permission/admin/manage/identity/rolemgt/update
/scim2/Groups/(.*)	DELETE	/permission/admin/manage/identity/rolemgt/delete
/scim2/Me	GET	/permission/admin/login
/scim2/Me	DELETE	/permission/admin/login
/scim2/Me	PUT	/permission/admin/login
/scim2/Me	PATCH	/permission/admin/login
/scim2/Me	POST	/permission/admin/manage/identity/usermgt/create/login
/scim2/ServiceProviderConfigMe	allPATCH	-	/permission/scim2admin/ResourceTypelogin	all	-
/scim2/BulkMe	allPOST	/permission/admin/manage/identity/usermgt/create

...

The EnableFilteringEnhancements property is introduced to identity.xml in <IS_HOME>/repository/conf/identity in order to apply filtering enhancements for SCIM2 filter results. This property makes sure that Eq checks for the String match (in this case cross user store search will not be performed). It also enforces consistency in the filtered attribute formats in the response when filtering is done via different endpoints. For example, when this property is enabled, the two endpoints, Users and Groups will have the same format of response.

/scim2/ServiceProviderConfig	all	-
/scim2/ResourceType	all	-
/scim2/Bulk	all	/permission/admin/manage/identity/usermgt

Note

If the OverrideUsernameClaimFromInternalUsername property in user-mgt.xml in <IS_HOME>/repository/conf/identity is enabled, the Username claim is populated even when SCIM is not enabled.

Code Block
<OverrideUsernameClaimFromInternalUsername>true</OverrideUsernameClaimFromInternalUsername>

...

Versions Compared

Old Version 15

New Version 16

Key

Users endpoint

GET/ Get User by ID

POST/ Create User

DELETE/ Delete User by ID

GET/ Get Users (User Listing/Filtering)

POST/ Search Users

PATCH/ Update User

PUT/ Update User

Groups endpoint

GET/ Group by ID

POST/ Create Group

POST/ Create Group

DELETE/ Delete Group By ID

GET/ Filter Groups

POST/ Search Groups

PATCH/ Update User

PUT/ Update User

Bulk Endpoint

POST/ Create Users in Bulk

ResourceType Endpoint

GET/ Get Resource Types

ServiceProviderConfig Endpoint

GET/ Get Service Provider Config

Required permissions for SCIM 2.0 APIs