Page Comparison

Prior to IS 5.4.0, SCIM 2.0 was supported as an external connector that could be plugged in to WSO2 Identity Server. From 5.4.0 onwards, SCIM 2.0 is supported OOTB with WSO2 IS.

For information on user and tenant management using SCIM 2.0 REST APIs, see the REST API swagger docs for SCIM APIs.

Tip
Tip
Tip: Prior to IS 5.4.0, SCIM 2.0 was supported as an external connector that could be plugged in to WSO2 Identity Server. From 5.4.0 onwards, SCIM 2.0 is supported OOTB with WSO2 IS.

This REST API implements the SCIM 2.0 Protocol according to the SCIM 2.0 specification.The following endpoints are supported with WSO2 Identity Server.

Table of Contents

Users endpoint

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

This endpoint is used to create and manage users and their profile attributes.

Info
From WSO2 5.8.0 onwards, new configurations have been added to support filtering users and groups only from the PRIMARY domain. If these properties are enabled, the responses recieved for the users endpoint and groups endpoint will change. For more information, see /wiki/spaces/IS580/pages/41127141 topic.

Panel

borderColor	Black
bgColor	White

GET/ Get User by ID

GET https://localhost/t/{tenant-domain}/scim2/Users/{id}

This API is used to retrieve users by their user ID. It returns an HTTP 200 response if the user is not found.

Code Block

title	Request

curl -v -k --user [username]:[password] https://localhost:9443/scim2/Users/[user ID]

Code Block

title	Sample cURL

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd'

Code Block

title	Response

{"emails":[{"type":"work","value":"kim_j@wso2.com"},{"type":"home","value":"kim.jackson@gmail.com"}],"meta":{"created":"2018-08-15T14:55:23Z","location":"https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd","lastModified":"2018-08-15T14:55:23Z","resourceType":"User"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"roles":[{"type":"default","value":"Internal/everyone"}],"name":{"givenName":"kim","familyName":"jackson"},"id":"c8c821ba-1200-495e-a775-79b260e717bd","userName":"kim"}

Parameters

Type

Name

Description

Schema

Default Value

Path

id

(required)

Unique ID of the resource type.

Code Block

title	Sample Request

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd'

String

-

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd?attributes=userName,name.familyName’

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be excluded from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd?excludedAttributes=userName,name.familyName’

String

-

Responses

HTTP 200 - Valid user is found
HTTP 401 - Unauthorized
HTTP 404 - Valid user is not found

Panel

borderColor	#000080
bgColor	White

POST/ Create User

POST https://localhost/t/{tenant-domain}/scim2/Users

This API creates a user and returns the user details along with the user's unique ID. It returns HTTP 201 if the user is successfully created.

Code Block

title	Request

curl -v -k --user [username]:[password] --data '{"schemas":[],"name":{"familyName":[last name],"givenName":[name]},"userName":[username],"password":[password],"emails":[{"primary":[true/false],"value":[email address],"type":[home/work]},{"value":[email address 2],"type":[home/work]}]}--header "Content-Type:application/json" https://localhost:9443/scim2/Users

Code Block

title	Sample cURL

curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"kim","password":"kimwso2","emails":[{"primary":true,"value":"kim.jackson@gmail.com","type":"home"},{"value":"kim_j@wso2.com","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users

Code Block

title	Response

{"emails":[{"type":"home","value":"kim.jackson@gmail.com","primary":true},{"type":"work","value":"kim_j@wso2.com"}],"meta":{"created":"2018-08-15T14:55:23Z","location":"https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd","lastModified":"2018-08-15T14:55:23Z","resourceType":"User"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"name":{"familyName":"jackson","givenName":"kim"},"id":"c8c821ba-1200-495e-a775-79b260e717bd","userName":"kim"}

Parameters

Type

Name

Description

Schema

Default Value

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"kim","password":"kimwso2","emails":[{"primary":true,"value":"kim.jackson@gmail.com","type":"home"},{"value":"kim_j@wso2.com","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users?attributes=userName,name.familyName

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be excluded from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"kim","password":"kimwso2","emails":[{"primary":true,"value":"kim.jackson@gmail.com","type":"home"},{"value":"kim_j@wso2.com","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users?excludedAttributes=userName,name.familyName

String

-

Body

body

(optional)

A JSON object that contains relevant values for creating a user.

Code Block

title	Sample Request

curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"kim","password":"kimwso2","emails":[{"primary":true,"value":"kim.jackson@gmail.com","type":"home"},{"value":"kim_j@wso2.com","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users

String

-

Responses

HTTP 201 - Valid user is created
HTTP 401 - Unauthorized
HTTP 404 - Invalid user

Tip

Tip: To create a user in a particular user store, add the {domainName}/ prefix in front of the user name.

Code Block

title	Sample Request

curl -v -k --user admin:admin --data '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"WSO2/kim","password":"kimwso2","emails":[{"primary":true,"value":"kim.jackson@gmail.com","type":"home"},{"value":"kim_j@wso2.com","type":"work"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users

Panel

borderColor	Black
bgColor	White

DELETE/ Delete User by ID

DELETE https://localhost/t/{tenant-domain}/scim2/Users/{id}

This API deletes a user using the user's unique ID. It returns HTTP 204 if the user is successfully deleted.

Code Block

title	Request

curl -v -k --user [username]:[password] -X DELETE https://localhost:9443/scim2/Users/[user ID] -H "Accept: application/scim+json"

Code Block

title	Sample cURL

curl -v -k --user admin:admin -X DELETE https://localhost:9443/scim2/Users/b228b59d-db19-4064-b637-d33c31209fae -H "Accept: application/scim+json"

Code Block

title	Response

HTTP/1.1 204 No Content

Parameters

Type

Name

Description

Schema

Default Value

Path

id

(required)

Unique ID of the resource type.

String

-

Responses

HTTP 204 - User has been succesfully deleted
HTTP 401 - Unauthorized
HTTP 404 - Valid user is not found

Panel

borderColor	Black
bgColor	White

GET/ Get Users (User Listing/Filtering)

GET https://localhost/t/{tenant-domain}/scim2/Users

This API returns users according to the filter, sort and pagination parameters. It returns an HTTP 404 response if the users are not found. Pagination is not supported across user stores and LDAP multi-attribute group filtering. However, filtering is supported across multiple user stores.

Code Block

title	Request

curl -v -k --user [username]:[password]  'https://localhost:9443/scim2/Users?startIndex=[value]&count=[value]&domain=[value]&filter=[query]&attributes=[attribute names]'

Code Block

title	Sample cURL

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users?startIndex=1&count=10&domain=PRIMARY&filter=userName+sw+ki+and+name.familyName+co+ack&attributes=userName,name.familyName'

Code Block

title	Response

{"totalResults":1,"startIndex":1,"itemsPerPage":1,"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],"Resources":[{"emails":[{"type":"work","value":"kim_j@wso2.com"},{"type":"home","value":"kim.jackson@gmail.com"}],"meta":{"created":"2018-08-15T14:55:23Z","location":"https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd","lastModified":"2018-08-15T14:55:23Z","resourceType":"User"},"roles":[{"type":"default","value":"Internal/everyone"}],"name":{"givenName":"kim","familyName":"jackson"},"id":"c8c821ba-1200-495e-a775-79b260e717bd","userName":"kim"}]}

Parameters

Type Name Description Schema Default Value

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users?startIndex=1&count=10&domain=PRIMARY&attributes=userName,name.familyName'

Code Block
curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users?startIndex=1&count=10&domain=PRIMARY&filter=userName+sw+ki+and+name.familyName+co+ack&attributes=userName,name.familyName'

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be excluded from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request.
All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users?startIndex=1&count=10&domain=PRIMARY&excludedAttributes=userName,name.familyName'

Code Block
curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users?startIndex=1&count=10&domain=PRIMARY&filter=userName+sw+ki+and+name.familyName+co+ack&excludedAttributes=userName,name.familyName'

String

-

Query

filter

(optional)

A filter expression used to filter users.

Supported filter operators are ‘EQ’, 'EW', ‘CO’, ‘SW’, and ‘AND’.

Tip
Note that operators are case-insensitive.

String

-

Query

startIndex

(optional)

The query results are listed from the position specified by the number given as the startIndex parameter value. For example, if there are 10 query results and the startIndex value is 5, the query results will be listed starting from the 5th query result onwards.

Integer

1

Query

count

(optional)

Specifies the desired maximum number of query results per page.

Tip

This parameter is optional but it is recommended to include it in the request.

When this parameter is not included in the request, the response returns all users from a given domain or across all user stores.

When this parameter is set to 0 (zero) or is a negative value, no users are retrieved.

Integer

-

Query

sortBy

(optional)

Specifies the attribute whose value can be used to order the returned responses.

Warning
This parameter is not supported for this version.

String

-

Query

sortOrder

(optional)

The order in which the "sortBy" parameter is applied. (e.g., ascending order)

Warning
This parameter is not supported for this version.

String

-

Query

domain

(optional)

The name of the user store to which filtering needs to be applied.

String

-

Responses

HTTP 200 - Valid users are found
HTTP 401 - Unauthorized
HTTP 404 - Valid users are not found

Tip

There are two ways to retrieve users from a particular user store:

Using the domain query parameter
Filter or list users from a particular domain by setting the domain query parameter as shown in the example below.
Code Block
title Sample Request
curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users?startIndex=1&count=10&domain=WSO2
Adding the “{domain}/” prefix in front of the filter value
Filter or list users from a particular domain by specifying the domain in front of the filter value as shown in the example below.
Note that this feature can only be used with “userName” and “groups” attributes.
If the domain name is specified in both the query parameter and the filter value, an ERROR is thrown if the two values are not equal.
Code Block
curl -v -k --user admin:admin 'https://localhost:9443/scim2/Users?startIndex=1&count=10&filter=userName+sw+WSO2/ki'

Panel

borderColor	Black
bgColor	White

POST/ Search Users

POST https://localhost/t/{tenant-domain}/scim2/Users/.search

This API returns users according to the filter, sort and pagination parameters. It returns an HTTP 404 response if the users are not found.

Code Block

title	Request

curl -v -k --user [username]:[password] --data '{"schemas": ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],"attributes": [attribute names],"filter": [filter query],"domain": [domain name],"startIndex": [value],"count": [value]}' --header "Content-Type:application/scim+json"  'https://localhost:9443/scim2/Users/.search'

Code Block

title	Sample cURL

curl -v -k --user admin:admin --data '{"schemas": ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],"attributes": ["name.familyName", "userName"],"filter":"userName sw ki and name.familyName co ack","domain":"PRIMARY","startIndex": 1,"count": 10}' --header "Content-Type:application/scim+json"  'https://localhost:9443/scim2/Users/.search'

Code Block

title	Response

{"totalResults":1,"startIndex":1,"itemsPerPage":1,"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],"Resources":[{"name":{"familyName":"jackson"},"id":"c8c821ba-1200-495e-a775-79b260e717bd","userName":"kim"}]}

Parameters

Type

Name

Description

Schema

Default Value

Body

body

(optional)

This is a JSON object that contains relevant values used to search for a user.

String

-

Responses

HTTP 200 - Valid users are found
HTTP 401 - Unauthorized
HTTP 404 - Valid users are not found

Panel

borderColor	Black
bgColor	White

PATCH/ Update User

PATCH https://localhost/t/{tenant-domain}/scim2/Users/{id}

This API updates user details and returns the updated user details using a PATCH operation. It returns an HTTP 404 response if the user is not found.

Code Block

title	Request

curl -v -k --user [username]:[password] -X PATCH -d '{"schemas":[],"Operations":[{"op":[operation],"value":{[attributeName]:[attribute value]}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users/[user ID]

Code Block

title	Sample cURL

curl -v -k --user admin:admin -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"nickName":"shaggy"}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd

Code Block

title	Response

{"emails":[{"type":"work","value":"kim_j@wso2.com"},{"type":"home","value":"kim.jack@gmail.com"}],"meta":{"created":"2018-08-15T14:55:23Z","location":"https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd","lastModified":"2018-08-16T14:46:07Z","resourceType":"User"},"nickName":"shaggy","schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"roles":[{"type":"default","value":"Internal/everyone"}],"name":{"givenName":"kim","familyName":"jackson"},"id":"c8c821ba-1200-495e-a775-79b260e717bd","userName":"kim"}

Parameters

Type

Name

Description

Schema

Default Value

Path

id

(required)

Unique ID of the resource type.

String

-

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"nickName":"shaggy"}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd?attributes=userName,name.familyName

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be excluded from the response. When this parameter is included in the request, the response returns all attributes except the excludedattributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"nickName":"shaggy"}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd?excludedAttributes=userName,name.familyName

String

-

Body

body

(optional)

This is a JSON object that contains relevant values used to search for a user.

Responses

HTTP 200 - User has been successfully updated
HTTP 401 - Unauthorized
HTTP 404 - Valid user is not found

Panel

borderColor	Black
bgColor	White

PUT/ Update User

PUT https://localhost/t/{tenant-domain}/scim2/Users/{id}

This API updates user details and returns the updated user details using a PUT operation. It returns an HTTP 404 response if the user is not found.

Code Block

title	Request

curl -v -k --user [username]:[password] -X PUT -d '{"schemas":[],"name":{"familyName":[last name],"givenName":[name]},"userName":[username],"emails":[{"value":[email address],"type":[home/work]},{"value":[email address 2],"type":[home/work]}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users/[user ID]

Code Block

title	Sample cURL

curl -v -k --user admin:admin -X PUT -d '{"schemas":[],"name":{"familyName":"jackson","givenName":"kim"},"userName":"kim","emails":[{"value":"kim_j@wso2.com","type":"work"},{"value":"kim.jack@gmail.com","type":"home"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd

Code Block

title	Response

{"emails":[{"type":"work","value":"kim_j@wso2.com"},{"type":"home","value":"kim.jack@gmail.com"}],"meta":{"created":"2018-08-15T14:55:23Z","location":"https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd","lastModified":"2018-08-16T14:24:00Z","resourceType":"User"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"roles":[{"type":"default","value":"Internal/everyone"}],"name":{"givenName":"kim","familyName":"jackson"},"id":"c8c821ba-1200-495e-a775-79b260e717bd","userName":"kim"}

Parameters

Type

Name

Description

Schema

Default Value

Path

id

(required)

Unique ID of the resource type.

String

-

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"nickName":"shaggy"}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd?attributes=userName,name.familyName

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be excluded from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"nickName":"shaggy"}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Users/c8c821ba-1200-495e-a775-79b260e717bd?excludedAttributes=userName,name.familyName

String

-

Body

body

(optional)

This is a JSON object that contains relevant values used to search for a user.

String

-

Responses

HTTP 200 - User has been successfully updated
HTTP 401 - Unauthorized
HTTP 404 - Valid users are not found

Groups endpoint

This endpoint is used to create and manage groups and group members.

Info
From WSO2 5.8.0 onwards, new configurations have been added to support filtering users and groups only from the PRIMARY domain. If these properties are enabled, the responses recieved for the users endpoint and groups endpoint will change. For more information, see /wiki/spaces/IS580/pages/41127141 topic.

Panel

borderColor	Black
bgColor	White

GET/ Group by ID

GET https://localhost/t/{tenant-domain}/scim2/Groups/{id}

This API returns the group details of a particular group using its unique ID. It returns an HTTP 200 response if the group is found.

Code Block

title	Request

curl -v -k --user [username]:[password]  https://localhost:9443/scim2/Groups/[group ID]

Code Block

title	Sample cURL

curl -v -k --user admin:admin https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36

Code Block

title	Response

{"displayName":"manager","meta":{"created":"2018-08-16T15:27:42Z","location":"https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36","lastModified":"2018-08-16T15:27:42Z"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"id":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"}

Parameters

Type

Name

Description

Schema

Default Value

Path

id

(required)

Unique ID of the resource type.

String

-

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36?attributes=displayName’

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be exclused from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36?excludedAttributes=displayName’

String

-

Responses

HTTP 200 - Valid group is found
HTTP 401 - Unauthorized
HTTP 404 - Valid group is not found

Panel

borderColor	Black
bgColor	White

POST/ Create Group

POST https://localhost/t/{tenant-domain}/scim2/Groups

This API creates a group and returns the details of the created group including its unique ID. It returns an HTTP 201 response if the group is successfully created.

Code Block

title	Request

curl -v -k --user [username]:[password] --data '{"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"displayName": [group name], "members": [{"value": [user ID],"$ref":[ref url],"display": [user name] }]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups

Code Block

title	Sample cURL

curl -v -k --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups

Code Block

title	Response

{"displayName":"PRIMARY/manager","meta":{"created":"2018-08-16T15:27:42Z","location":"https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36","lastModified":"2018-08-16T15:27:42Z","resourceType":"Group"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"id":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"}

Parameters

Type

Name

Description

Schema

Default Value

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups?attributes=displayName

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be exclused from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups?excludedAttributes=displayName

String

-

Body

body

(optional)

This is a JSON object that contains relevant values used to create a group.

Code Block

title	Sample Request

curl -v -k --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups

String

-

Responses

HTTP 201 - Valid group is created
HTTP 401 - Unauthorized
HTTP 404 - Group is not found

Panel

borderColor	Black
bgColor	White

POST/ Create Group

POST https://localhost/t/{tenant-domain}/scim2/Groups

This API creates a group and returns the details of the created group including its unique ID. It returns an HTTP 201 response if the group is successfully created.

Code Block

title	Request

curl -v -k --user [username]:[password] --data '{"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"displayName": [group name], "members": [{"value": [user ID],"$ref":[ref url],"display": [user name] }]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups

Code Block

title	Sample cURL

curl -v -k --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups

Code Block

title	Response

{"displayName":"PRIMARY/manager","meta":{"created":"2018-08-16T15:27:42Z","location":"https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36","lastModified":"2018-08-16T15:27:42Z","resourceType":"Group"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"id":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"}

Parameters

Type

Name

Description

Schema

Default Value

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response.When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups?attributes=displayName

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be excluded from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups?excludedAttributes=displayName

String

-

Body

body

(optional)

This is a JSON object that contains relevant values used to create a group.

Code Block

title	Sample Request

curl -v -k --user admin:admin --data '{"displayName":"manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups

String

-

Responses

HTTP 201 - Valid group is created
HTTP 401 - Unauthorized
HTTP 404 - Invalid group

Tip

Tip: To create a user in a particular user store, add the {domainName}/ prefix in front of the user name as shown in the example below.

Code Block

title	Sample Request

curl -v -k --user admin:admin --data '{"displayName":"WSO2DOMAIN/manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups

Panel

borderColor	Black
bgColor	White

DELETE/ Delete Group By ID

DELETE https://localhost/t/{tenant-domain}/scim2/Groups/{id}

This API deletes a particular group using its unique ID. It returns an HTTP 204 reponse if the group is successfully deleted.

Code Block

title	Request

curl -v -k --user [username]:[password] -X DELETE https://localhost:9443/scim2/Groups/[group ID] -H "Accept: application/json"

Code Block

title	Sample cURL

curl -v -k --user admin:admin -X DELETE https://localhost:9443/scim2/Groups/0d32c19e-7a74-4c22-b1ad-1d21317d5b04 -H "Accept:application/json"

Code Block

title	Response

HTTP/1.1 204 No Content

Parameters

Type

Name

Description

Schema

Default Value

Path

id

(required)

Unique ID of the resource type.

String

-

Responses

HTTP 204 - Valid group has been successfully deleted.
HTTP 401 - Unauthorized
HTTP 404 - Invalid group

Panel

borderColor	Black
bgColor	White

GET/ Filter Groups

GET https://localhost/t/{tenant-domain}/scim2/Groups

This API returns groups according to the specified filter, sort and pagination parameters. It returns HTTP 404 if the groups are not found.

Code Block

title	Request

curl -v -k --user [username]:[password] 'https://localhost:9443/scim2/Groups?startIndex=[value]&count=[value]&filter=[query]&attributes=[attribute names]'

Code Block

title	Sample cURL

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Groups?filter=displayName+eq+manager'

Code Block

title	Response

{"totalResults":1,"startIndex":1,"itemsPerPage":1,"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],"Resources":[{"displayName":"PRIMARY/manager","meta":{"created":"2018-08-16T15:27:42Z","location":"https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36","lastModified":"2018-08-16T15:27:42Z"},"members":[{"display":"kim","value":"b3c07363-f0ed-4798-97f9-0cb26d9d79c0"},{"display":"Kris","value":"81cbba1b-c259-485d-8ba4-79afb03e5bd1"}],"id":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"}]}

Parameters

Type Name Description Schema Default Value

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Groups?filter=displayName+eq+manager&attributes=displayName'

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be exclused from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Groups?filter=displayName+eq+manager&excludedAttributes=displayName'

String

-

Query

filter

(optional)

A filter expression used to filter users.

Supported filter operators are ‘EQ’, 'EW', ‘CO’, ‘SW’, and ‘AND’.

Tip
Note that operators are case-insensitive.

String

-

Query

startIndex

(optional)

The query results are listed from the position specified by the number given as the startIndex parameter value. For example, if there are 10 query results and the startIndex value is 5, the query results will be listed starting from the 5th query result onwards.

Warning
Pagination is not supported.

Integer

1

Query

count

(optional)

Specifies the desired maximum number of query results per page.

Warning
Pagination is not supported.

Tip
Note: When this parameter is not included in the request, the response returns all groups from the given domain or across all user stores. When the count is zero or any value less than zero, no groups are returned.

Integer

-

Query

sortBy

(optional)

Specifies the attribute whose value can be used to order the returned responses.

Warning
This parameter is not supported for this version.

String

-

Query

sortOrder

(optional)

The order in which the "sortBy" parameter is applied. (e.g., ascending order)

Warning
This parameter is not supported for this version.

String

-

Query

domain

(optional)

The name of the user store to which filtering needs to be applied.

String

-

Responses

HTTP 200 - Valid groups have been successfully returned.
HTTP 401 - Unauthorized
HTTP 404 - Invalid group

Tip

There are two ways to retrieve users from a particular user store:

Using the domain query parameter
Setting the domain parameter enables both filtering and listing groups in a specified user store.
Code Block
title Sample Request
curl -v -k --user admin:admin 'https://localhost:9443/scim2/Groups?startIndex=3&count=20&domain=WSO2’
Adding the “{domain}/” prefix in front of the filter value
Filter or list users from a particular domain by specifying the domain in front of the filter value as shown in the example below.
Note that this feature can only be used with "displayName", "members.display" and "members.value" attributes.
If the domain name is specified in both the query parameter and the filter value, an ERROR is thrown if the two values are not equal.
Code Block
curl -v -k --user admin:admin 'https://localhost:9443/scim2/Groups?startIndex=2&count=20&filter=displayName+eq+WSO2/manager'

Optionally, you can also retrieve Internal/Application domain roles with the "Groups" endpoint using the "list" and "filter" operations.
Note that this is only applicable for the Groups endpoint.

Tip

Note that this feature is available from WSO2 IS 5.8.0 5062 WUM update. You can apply the WUM update using the WSO2 Update Manager (WUM). To deploy a WUM update into production, you need to have a paid subscription. If you do not have a paid subscription, you can use this feature with the next version of WSO2 Identity Server when it is released. For more information on updating WSO2 Identity Server using WUM, see Getting Started with WUM in the WSO2 Administration Guide.

Code Block

title	Sample 'list' request

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Groups?domain=Application'

Code Block

title	Sample 'filter' request with domain parameter

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Groups?filter=displayName+eq+myapp&domain=Application'

Code Block

title	Sample 'filter' request with domain prefix

curl -v -k --user admin:admin 'https://localhost:9443/scim2/Groups?filter=displayName+sw+Application/my'

Panel

borderColor	Black
bgColor	White

POST/ Search Groups

POST https://localhost/t/{tenant-domain}/scim2/Groups/.search

This API returns groups according to the specified filter, sort and pagination parameters. It returns an HTTP 404 response if the groups are not found.

Code Block

title	Request

curl -v -k --user [username]:[password] --data '{"schemas": [],"startIndex": [value], "filter": [query]}' --header "Content-Type:application/scim+json" https://localhost:9443/scim2/Groups/.search

Code Block

title	Sample cURL

curl -v -k --user admin:admin --data '{"schemas": ["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],"startIndex": 1, "filter": "displayName eq manager"}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/.search

Code Block

title	Response

{"totalResults":1,"startIndex":1,"itemsPerPage":1,"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],"Resources":[{"displayName":"PRIMARY/manager","meta":{"created":"2018-08-16T15:27:42Z","location":"https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36","lastModified":"2018-08-16T15:27:42Z"},"members":[{"display":"kim","value":"b3c07363-f0ed-4798-97f9-0cb26d9d79c0"},{"display":"Kris","value":"81cbba1b-c259-485d-8ba4-79afb03e5bd1"}],"id":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"}]}

Parameters

Type

Name

Description

Schema

Default Value

Body

body

(optional)

This is a JSON object that contains relevant values used to search for a group.

String

-

Responses

HTTP 200 - Valid groups are found
HTTP 401 - Unauthorized
HTTP 404 - Groups are not found

Panel

borderColor	Black
bgColor	White

PATCH/ Update User

PATCH https://localhost/t/{tenant-domain}/scim2/Groups/{id}

This API updates the group details and returns the updated group details using a PATCH operation. It returns an HTTP 404 response if the group is not found.

Code Block

title	Request

curl -v -k --user [username]:[password] -X PATCH -d '{"schemas":[],"Operations":[{"op": [operation],"value":{"members":[{"display": [name],"$ref": [ref],"value": [member user ID] }] } }]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/[group ID]

Code Block

title	Sample cURL

curl -v -k --user admin:admin -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"members":[{"display": "Kris","$ref":"https://localhost:9443/scim2/Users/81cbba1b-c259-485d-8ba4-79afb03e5bd1","value": "81cbba1b-c259-485d-8ba4-79afb03e5bd1"}]}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36

Code Block

title	Response

{"displayName":"PRIMARY/manager","meta":{"created":"2018-08-16T15:27:42Z","location":"https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36","lastModified":"2018-08-16T15:51:45Z"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"members":[{"display":"kim","value":"b3c07363-f0ed-4798-97f9-0cb26d9d79c0"},{"display":"Kris","value":"81cbba1b-c259-485d-8ba4-79afb03e5bd1","$ref":"https://localhost:9443/scim2/Users/81cbba1b-c259-485d-8ba4-79afb03e5bd1"}],"id":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"}

Parameters

Type

Name

Description

Schema

Default Value

Path

id

(required)

Unique ID of the resource type.

String

-

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"members":[{"display": "Kris","$ref":"https://localhost:9443/scim2/Users/81cbba1b-c259-485d-8ba4-79afb03e5bd1","value": "81cbba1b-c259-485d-8ba4-79afb03e5bd1"}]}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36?attributes=displayName

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be exclused from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"members":[{"display": "Kris","$ref":"https://localhost:9443/scim2/Users/81cbba1b-c259-485d-8ba4-79afb03e5bd1","value": "81cbba1b-c259-485d-8ba4-79afb03e5bd1"}]}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36?excludedAttributes=displayName

String

-

Body

body

(optional)

This is a JSON object that contains relevant values used to search for a user.

String

-

Responses

HTTP 200 - Group has been successfully updated
HTTP 401 - Unauthorized
HTTP 404 - Valid group is not found

Panel

borderColor	Black
bgColor	White

PUT/ Update User

PUT https://localhost/t/{tenant-domain}/scim2/Groups/{id}

This API updates the group details and returns the updated group details using a PUT operation. It returns an HTTP 404 reponse if the group is not found.

Code Block

title	Request

curl -v -k --user[username]:[password] -X PUT -d '{"displayName":[group name],"members":[{"value":[user ID],"display":[user's name]}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/[group ID]

Code Block

title	Sample cURL

curl -v -k --user admin:admin -X PUT -d '{"displayName":"manager","members":[{"value":"b3c07363-f0ed-4798-97f9-0cb26d9d79c0","display":"kim"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36

Code Block

title	Response

{"displayName":"PRIMARY/manager","meta":{"created":"2018-08-16T15:27:42Z","location":"https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36","lastModified":"2018-08-16T15:42:56Z"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:Group"],"members":[{"display":"kim","value":"b3c07363-f0ed-4798-97f9-0cb26d9d79c0"}],"id":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"}

Parameters

Type

Name

Description

Schema

Default Value

Path

id

(required)

Unique ID of the resource type.

String

-

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin -X PUT -d '{"displayName":"manager","members":[{"value":"b3c07363-f0ed-4798-97f9-0cb26d9d79c0","display":"kim"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36?attributes=displayName

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be exclused from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user admin:admin -X PUT -d '{"displayName":"manager","members":[{"value":"b3c07363-f0ed-4798-97f9-0cb26d9d79c0","display":"kim"}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Groups/a43fe003-d90d-43ca-ae38-d2332ecc0f36?excludedAttributes=displayName

String

-

Body

body

(optional)

This is a JSON object that contains relevant values used to search for a user.

String

-

Responses

HTTP 200 - Group has been successfully updated
HTTP 401 - Unauthorized
HTTP 404 - Valid group is not found

Me Endpoint

This endpoint is used to create and manage the currently authenticated user.

Panel

borderColor	#000080
bgColor	White

POST/ Create Me

POST https://localhost/t/{tenant-domain}/scim2/Me

This API is used to register a user anonymously. It returns an HTTP 201 response if the user is successfully created. These endpoints are secured by default. Therefore, to invoke this API anonymously, set the secured property for the SCIM2 resource in the identity.xml file to false. For more information, see Authenticating and Authorizing REST APIs.

Code Block

title	Request

curl -v -k  --data '{"schemas":[],"name:{"familyName":[last name],"givenName":[name]},"userName":[username],"password":[password],"emails":[{"primary":[true/false],"value":[email address],"type":[home/work]},{"value":[email address 2],"type":[home/work]}],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"employeeNumber":[employee ID],"manager":{"value":[manager's name]}}}' --header "Content-Type:application/json" https://localhost:9443/scim2/Me

Code Block

title	Sample cURL

curl -v -k --data '{"schemas":[],"name":{"familyName":"Johnson","givenName":"Alex"},"userName":"alex","password":"alexwso2","emails":[{"primary":true,"value":"alex.j@gmail.com","type":"home"},{"value":"alex_j@wso2.com","type":"work"}],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"employeeNumber":"123A","manager":{"value":"Taylor"}}}' --header "Content-Type:application/json" https://localhost:9443/scim2/Me

Code Block

title	Response

{"emails":[{"type":"home","value":"alex.j@gmail.com","primary":true},{"type":"work","value":"alex_j@wso2.com"}],"meta":{"created":"2018-08-17T10:34:29Z","location":"https://localhost:9443/scim2/Users/008bba85-451d-414b-87de-c03b5a1f4217","lastModified":"2018-08-17T10:34:29Z","resourceType":"User"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"manager":{"value":"Taylor"},"employeeNumber":"123A"},"name":{"familyName":"Johnson","givenName":"Alex"},"id":"008bba85-451d-414b-87de-c03b5a1f4217","userName":"alex"}

Parameters

Type

Name

Description

Schema

Default Value

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --data '{"schemas":[],"name":{"familyName":"Johnson","givenName":"Alex"},"userName":"alex","password":"alexwso2","emails":[{"primary":true,"value":"alex.j@gmail.com","type":"home"},{"value":"alex_j@wso2.com","type":"work"}],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"employeeNumber":"123A","manager":{"value":"Taylor"}}}' --header "Content-Type:application/json" https://localhost:9443/scim2/Me?attributes=userName,name.familyName

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be excluded from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --data '{"schemas":[],"name":{"familyName":"Johnson","givenName":"Alex"},"userName":"alex","password":"alexwso2","emails":[{"primary":true,"value":"alex.j@gmail.com","type":"home"},{"value":"alex_j@wso2.com","type":"work"}],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"employeeNumber":"123A","manager":{"value":"Taylor"}}}' --header "Content-Type:application/json" https://localhost:9443/scim2/Me?excludedAttributes=userName,name.familyName

String

-

Body

body

(optional)

A JSON object that contains relevant values for creating a user.

String

-

Responses

HTTP 201 - Valid user is created
HTTP 401 - Unauthorized
HTTP 404 - Invalid user

Panel

borderColor	Black
bgColor	White

DELETE/ Delete Me

DELETE https://localhost/t/{tenant-domain}/scim2/Me

This API is used to delete the currently authenticated user. It returns HTTP 204 if the user is successfully deleted.

Code Block

title	Request

curl -v -k --user  [username]:[password] -X DELETE https://localhost:9443/scim2/Me

Code Block

title	Sample cURL

curl -v -k --user alex:alexwso2 -X DELETE https://localhost:9443/scim2/Me

Code Block

title	Response

HTTP/1.1 204 NOT IMPLEMENTED

Parameters

Type

Name

Description

Schema

Default Value

Path

id

(required)

Unique ID of the resource type.

String

-

Responses

HTTP 204 - User has been succesfully deleted
HTTP 401 - Unauthorized
HTTP 404 - Valid user is not found

Panel

borderColor	Black
bgColor	White

GET/ Get Me

GET https://localhost/t/{tenant-domain}/scim2/Me

This API returns the user details of the currently authenticated user. These endpoints are secured by default. Therefore, to invoke this API anonymously, set the secured property for the SCIM2 resource in the identity.xml file to false. For more information, see Authenticating and Authorizing REST APIs.

Code Block

title	Request

curl -v -k --user [username]:[password] https://localhost:9443/scim2/Me

Code Block

title	Sample cURL

curl -v -k --user kim:kimwso2 https://localhost:9443/scim2/Me

Code Block

title	Response

{"emails":[{"type":"work","value":"kim_j@wso2.com"},{"type":"home","value":"kim.jackson@gmail.com"}],"meta":{"created":"2018-08-16T17:19:43Z","location":"https://localhost:9443/scim2/Users/f60e6ddd-8d04-411f-92b9-c7ba95fb0fa9","lastModified":"2018-08-16T17:19:43Z","resourceType":"User"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"roles":[{"type":"default","value":"manager,Internal/everyone,admin"}],"name":{"givenName":"kim","familyName":"jackson"},"groups":[{"display":"manager","value":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"}],"id":"f60e6ddd-8d04-411f-92b9-c7ba95fb0fa9","userName":"kim"}

Parameters

Type

Name

Description

Schema

Default Value

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user alex:alexwso2 https://localhost:9443/scim2/Me?attributes=userName,name.familyName’

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be excluded from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user alex:alexwso2 https://localhost:9443/scim2/Me?excludedAttributes=userName,name.familyName’

String

-

Responses

HTTP 200 - Valid user is found
HTTP 401 - Unauthorized
HTTP 404 - Valid user is not found

Panel

borderColor	Black
bgColor	White

PATCH/ Update Me

PATCH https://localhost/t/{tenant-domain}/scim2/Me

This API uses a PATCH operation to update user details Returns HTTP 404 if the user is not found.

Code Block

title	Request

curl -v -k --user [username]:[password] -X PATCH -d '{"schemas":[],"Operations":[{"op":[operation],"value":{[attributeName]:[attribute value]}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Me

Code Block

title	Sample cURL

curl -v -k --user kim:kimwso2 -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"nickName":"shaggy"}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Me

Code Block

title	Response

{"emails":[{"type":"work","value":"jackson_k@wso2.com"},{"type":"home","value":"jacksonk@gmail.com"}],"meta":{"created":"2018-08-16T17:19:43Z","location":"https://localhost:9443/scim2/Users/f60e6ddd-8d04-411f-92b9-c7ba95fb0fa9","lastModified":"2018-08-17T11:43:34Z","resourceType":"User"},"nickName":"shaggy","schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"manager":{"value":"Taylor"},"employeeNumber":"123A"},"roles":[{"type":"default","value":"manager,Internal/everyone,admin"}],"name":{"givenName":"Kim","familyName":"JacksonJohn"},"groups":[{"display":"manager","value":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"}],"id":"f60e6ddd-8d04-411f-92b9-c7ba95fb0fa9","userName":"kim"}

Parameters

Type

Name

Description

Schema

Default Value

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user kim:kimwso2 -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"nickName":"shaggy"}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Me?attributes=userName,name.familyName

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be excluded from the response. When this parameter is included in the request, the response returns all attributes except the excludedattributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user kim:kimwso2 -X PATCH -d '{"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations":[{"op":"add","value":{"nickName":"shaggy"}}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Me?excludedAttributes=userName,name.familyName

String

-

Body

body

(optional)

This is a JSON object that contains relevant values used to search for a user.

Responses

HTTP 200 - User has been successfully updated
HTTP 401 - Unauthorized
HTTP 404 - Valid user is not found

Panel

borderColor	Black
bgColor	White

PUT/ Update User

PUT https://localhost/t/{tenant-domain}/scim2/Me

This API uses a PUT operation to update user details. It returns HTTP 404 if the user is not found.

Code Block

title	Request

curl -v -k --user [username]:[password] -X PUT -d '{"schemas":[],"name":{"familyName":[last name],"givenName":[name]},"emails":[{"primary":[true/false],"value":[email address],"type":[home/work]},{"value":[email address 2],"type":[home/work]}]}' --header "Content-Type:application/json" https://localhost:9443/scim2/Me

Code Block

title	Sample cURL

curl -v -k --user kim:kimwso2 -X PUT -d '{"schemas":[],"name":{"familyName":"JacksonJohn","givenName":"Kim"},"userName":"kim","emails":[{"primary":true,"value":"jacksonk@gmail.com","type":"home"},{"value":"jackson_k@wso2.com","type":"work"}],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"employeeNumber":"123A","manager":{"value":"Taylor"}}}' --header "Content-Type:application/json" https://localhost:9443/scim2/Me

Code Block

title	Response

{"emails":[{"type":"work","value":"jackson_k@wso2.com"},{"type":"home","value":"jacksonk@gmail.com"}],"meta":{"created":"2018-08-16T17:19:43Z","location":"https://localhost:9443/scim2/Users/f60e6ddd-8d04-411f-92b9-c7ba95fb0fa9","lastModified":"2018-08-16T17:43:17Z","resourceType":"User"},"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"manager":{"value":"Taylor"},"employeeNumber":"123A"},"roles":[{"type":"default","value":"manager,Internal/everyone,admin"}],"name":{"givenName":"Kim","familyName":"JacksonJohn"},"groups":[{"display":"manager","value":"a43fe003-d90d-43ca-ae38-d2332ecc0f36"}],"id":"f60e6ddd-8d04-411f-92b9-c7ba95fb0fa9","userName":"kim"}

Parameters

Type

Name

Description

Schema

Default Value

Query

attributes

(optional)

Attribute names of attributes that are to be included in the response. When this parameter is included in the request, the response returns only the attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user kim:kimwso2 -X PUT -d '{"schemas":[],"name":{"familyName":"JacksonJohn","givenName":"Kim"},"userName":"kim","emails":[{"primary":true,"value":"jacksonk@gmail.com","type":"home"},{"value":"jackson_k@wso2.com","type":"work"}],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"employeeNumber":"123A","manager":{"value":"Taylor"}}}' --header "Content-Type:application/json" https://localhost:9443/scim2/Meattributes=userName,name.familyName

String

-

Query

excludedAttributes

(optional)

Attribute names of attributes that are to be excluded from the response. When this parameter is included in the request, the response returns all attributes except the excluded attributes that are specified in the request. All the attributes of the users dialect and meta dialect are supported. For more information about this parameter, see the SCIM 2.0 specification.

Code Block

title	Sample Request

curl -v -k --user kim:kimwso2 -X PUT -d '{"schemas":[],"name":{"familyName":"JacksonJohn","givenName":"Kim"},"userName":"kim","emails":[{"primary":true,"value":"jacksonk@gmail.com","type":"home"},{"value":"jackson_k@wso2.com","type":"work"}],"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"employeeNumber":"123A","manager":{"value":"Taylor"}}}' --header "Content-Type:application/json" https://localhost:9443/scim2/MeexcludedAttributes=userName,name.familyName

String

-

Body

body

(optional)

This is a JSON object that contains relevant values used to search for a user.

String

-

Responses

HTTP 200 - User has been successfully updated
HTTP 401 - Unauthorized
HTTP 404 - Valid users are not found

Bulk Endpoint

This endpoint is used for bulk operations.

Panel

borderColor	Black
bgColor	White

POST/ Create Users in Bulk

POST https://localhost/t/{tenant-domain}/scim2/Bulk

This API is used to create multiple users at once. It returns an HTTP 201 response if the users are successfully created.

Code Block

title	Request

curl -v -k --user [username]:[password] --data '{"failOnErrors": [value],"schemas":[],"Operations":[{"method": [request type],"path": [end point],"bulkId": [bulk id] ,"data": [input user details] }] }' --header "Content-Type:application/scim+json" https://localhost:9443/scim2/Bulk

Code Block

title	Sample cURL

curl -v -k --user admin:admin --data '{"failOnErrors":1,"schemas":["urn:ietf:params:scim:api:messages:2.0:BulkRequest"],"Operations":[{"method": "POST","path": "/Users","bulkId": "qwerty","data":{"schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],"userName": "Kris","password":"krispass"}},{"method": "POST","path": "/Users","bulkId":"ytrewq","data":{"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"userName":"Jesse","password":"jessepass","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"employeeNumber": "11250","manager": {"value": "bulkId:qwerty"}}}}]}' --header "Content-Type:application/scim+json" https://localhost:9443/scim2/Bulk

Code Block

title	Response

{"schemas":["urn:ietf:params:scim:api:messages:2.0:BulkResponse"],"Operations":[{"bulkId":"qwerty","method":"POST","location":"https://localhost:9443/scim2/Users/81cbba1b-c259-485d-8ba4-79afb03e5bd1","status":{"code":201}},{"bulkId":"ytrewq","method":"POST","location":"https://localhost:9443/scim2/Users/b489dacc-fc89-449c-89f6-7acc37422031","status":{"code":201}}]}

Parameters

Type

Name

Description

Schema

Default Value

Body

body

(optional)

This is a JSON object that contains relevant values used to create the users.

String

-

Responses

HTTP 200 - Valid users are created
HTTP 401 - Unauthorized
HTTP 404 - Invalid users

ResourceType Endpoint

This endpoint is used to retrieve meta data about the resource types.

Panel

borderColor	Black
bgColor	White

GET/ Get Resource Types

GET https://localhost/t/{tenant-domain}/scim2/ResourceType

This API lists and returns metadata about resource types. It returns an HTTP 200 response if the schema is found.

Code Block

title	Request

curl -v -k --user [username]:[password] https://localhost:9443/scim2/ResourceType

Code Block

title	Sample cURL

curl -v -k --user admin:admin https://localhost:9443/scim2/ResourceType

Code Block

title	Response

{"schemas":["urn:ietf:params:scim:schemas:core:2.0:ResourceType"],"resourceType":[{"schema":"urn:ietf:params:scim:schemas:core:2.0:User","endpoint":"/Users","meta":{"location":"https://localhost:9443/scim2/ResourceType/User","resourceType":"ResourceType"},"name":"User","description":"User Account","schemaExtensions":{"schema":"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User","required":false},"id":"User"},{"schema":"urn:ietf:params:scim:schemas:core:2.0:Group","endpoint":"/Groups","meta":{"location":"https://localhost:9443/scim2/ResourceType/Group","resourceType":"ResourceType"},"name":"Group","description":"Group","id":"Group"}]}

Parameters

None

Responses

HTTP 200 - Schema is found
HTTP 401 - Unauthorized
HTTP 404 - Schema is not found

ServiceProviderConfig Endpoint

This endpoint is used to retrieve the service provider's configuration details.

Panel

borderColor	Black
bgColor	White

GET/ Get Service Provider Config

GET https://localhost/t/{tenant-domain}/scim2/ServiceProviderConfig

This API is used to create multiple users at once. It returns an HTTP 201 response if the users are successfully created.

Code Block

title	Request

curl -v -k --user [username]:[password]  https://localhost:9443/scim2/ServiceProviderConfig

Code Block

title	Sample cURL

curl -v -k --user admin:admin  https://localhost:9443/scim2/ServiceProviderConfig

Code Block

title	Response

{"patch":{"supported":true},"filter":{"maxResults":200,"supported":true},"documentationUri":"http://example.com/help/scim.html","authenticationSchemes":[{"name":"OAuth Bearer Token","description":"Authentication scheme using the OAuth Bearer Token Standard","specUri":"http://www.rfc-editor.org/info/rfc6750","type":"oauthbearertoken","primary":true},{"name":"HTTP Basic","description":"Authentication scheme using the HTTP Basic Standard","specUri":"http://www.rfc-editor.org/info/rfc2617","type":"httpbasic","primary":false}],"schemas":["urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"],"etag":{"supported":false},"sort":{"supported":false},"bulk":{"maxPayloadSize":1048576,"maxOperations":1000,"supported":true},"changePassword":{"supported":false}}

Parameters

None

Responses

HTTP 200 - Schema is found
HTTP 401 - Unauthorized
HTTP 404 - Schema is not found

Required permissions for SCIM 2.0 APIs

The default permissions required to access each resource in SCIM 2.0 are given below.

Endpoint	HTTP Method	Permission
/scim2/Users	/scim2/Users	POST	/permission/admin/manage/identity/usermgt/create
/scim2/Users	GET	/permission/admin/manage/identity/usermgt/list
/scim2/Groups	POST	/permission/admin/manage/identity/rolemgt/create	/scim2/Groups	/create
/scim2/Groups GET	GET	/permission/admin/manage/identity/rolemgt/view
/scim2/Users/(.*)	GET	/permission/admin/manage/identity/usermgt/view
/scim2/Users/(.*)	PUT	/permission/admin/manage/identity/usermgt/update
/scim2/Users/(.*)	PATCH	/permission/admin/manage/identity/usermgt/update
/scim2/Users/(.*)	DELETE	/permission/admin/manage/identity/usermgt/delete delete
/scim2/Groups/(.*)	GET	/permission/admin/manage/identity/rolemgt/view
/scim2/Groups/(.*)	PUT	/permission/admin/manage/identity/rolemgt/update
/scim2/Groups/(.*)	PATCH	/permission/admin/manage/identity/rolemgt/update
/scim2/Groups/(.*)	DELETE	/permission/admin/manage/identity/rolemgt/delete
/scim2/Me	GET	/permission/admin/login
/scim2/Me	DELETE	/permission/admin/login
/scim2/Me	PUT	/permission/admin/login
/scim2/Me	PATCH	/permission/admin/login
/scim2/Me	POST	/permission/admin/manage/identity/usermgt/create
/scim2/ServiceProviderConfig	all	-
/scim2/ResourceType	all	-
/scim2/Bulk	all		all	/permission/admin/manage/identity/usermgt

Note

The EnableFilteringEnhancements property is introduced to identity.xml in <IS_HOME>/repository/conf/identity in order to apply filtering enhancements for SCIM2 filter results. This property makes sure that Eq checks for the String match (in this case cross user store search will not be performed). It also enforces consistency in the filtered attribute formats in the response when filtering is done via different endpoints. For example, when this property is enabled, the two endpoints, Users and Groups will have the same format of response.

Code Block
<SCIM2><EnableFilteringEnhancements>true</EnableFilteringEnhancements></SCIM2>

Info

If the OverrideUsernameClaimFromInternalUsername property in user-mgt.xml in <IS_HOME>/repository/conf/identity is enabled, the Username claim is populated even when SCIM is not enabled.

Code Block
<OverrideUsernameClaimFromInternalUsername>true</OverrideUsernameClaimFromInternalUsername>

...

Versions Compared

Old Version 10

New Version Current

Key

Users endpoint

GET/ Get User by ID

POST/ Create User

DELETE/ Delete User by ID

GET/ Get Users (User Listing/Filtering)

POST/ Search Users

PATCH/ Update User

PUT/ Update User

Groups endpoint

GET/ Group by ID

POST/ Create Group

POST/ Create Group

DELETE/ Delete Group By ID

GET/ Filter Groups

POST/ Search Groups

PATCH/ Update User

PUT/ Update User

Me Endpoint

POST/ Create Me

DELETE/ Delete Me

GET/ Get Me

PATCH/ Update Me

PUT/ Update User

Bulk Endpoint

POST/ Create Users in Bulk

ResourceType Endpoint

GET/ Get Resource Types

ServiceProviderConfig Endpoint

GET/ Get Service Provider Config

Required permissions for SCIM 2.0 APIs