Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tip

Prior to IS 5.4.0, SCIM 2.0 was supported as an external connector that could be plugged in to WSO2 Identity Server. From 5.4.0 onwards, SCIM 2.0 is supported OOTB with WSO2 IS.

For information on user and tenant management using SCIM 2.0 REST APIs, see the REST API swagger docs for SCIM APIs.

The default permissions required to access each resource in SCIM 2.0 are given below. 

/scim2/Groups
GET
/permission/admin/manage/identity/rolemgt/view
/scim2/Users/(.*)
GET
/permission/admin/manage/identity/usermgt/view
/scim2/Users/(.*)
PUT
/permission/admin/manage/identity/usermgt/update
/scim2/Users/(.*)
PATCH
/permission/admin/manage/identity/usermgt/update
/scim2/Users/(.*)
DELETE
/permission/admin/manage/identity/usermgt/delete
/scim2/Groups/(.*)
GET
/permission/admin/manage/identity/rolemgt/view
/scim2/Groups/(.*)
PUT
/permission/admin/manage/identity/rolemgt/update
/scim2/Groups/(.*)
PATCH
/permission/admin/manage/identity/rolemgt/update
/scim2/Groups/(.*)
DELETE
/permission/admin/manage/identity/rolemgt/delete
/scim2/Me
GET
/permission/admin/login
/scim2/Me
DELETE
/permission/admin/login
/scim2/Me
PUT
/permission/admin/login
/scim2/Me
PATCH
/permission/admin/login
/scim2/Me
POST
/permission/admin/manage/identity/usermgt/create
/scim2/ServiceProviderConfig
all
-
/scim2/ResourceType
all
-
/scim2/Bulk
all
/permission/admin/manage/identity/usermgt


Note

If the OverrideUsernameClaimFromInternalUsername property in user-mgt.xml in <IS_HOME>/repository/conf/identity is enabled, the Username claim is populated even when SCIM is not enabled.

Warning

To use this feature, apply the 3888 WUM update for WSO2 IS 5.6.0 using the WSO2 Update Manager (WUM).

To deploy a WUM update into production, you need to have a paid subscription. If you do not have a paid subscription, you can use this feature with the next version of WSO2 Identity Server when it is released. For more information on updating WSO2 Identity Server using WUM, see Getting Started with WUM in the WSO2 Administration Guide.


Code Block
<OverrideUsernameClaimFromInternalUsername>true</OverrideUsernameClaimFromInternalUsername>



Info

More information about how to secure the REST APIs and configure authorization level can be found from Authenticating and Authorizing REST APIs

...