This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Using the SCIM 2.0 REST APIs
The System for Cross-domain Identity Management (SCIM) is a specification that is designed to manage user identities in cloud-based applications and services in a standardized way to enable interoperability, security, and scalability. It is an emerging open standard which provides RESTful APIs for easier, cheaper, and faster way for creating, provisioning, and maintaining identities. The latest version SCIM 2.0 was released as IETF RFC in September 2015.
Prior to IS 5.4.0, SCIM 2.0 was supported as an external connector that could be plugged in to WSO2 Identity Server. From 5.4.0 onwards, SCIM 2.0 is supported OOTB with WSO2 IS.
Enabling SCIM 2.0
- Disable the SCIM 1.0 listener whereĀ
orderId=90
Ā by setting the enable parameter toĀ falseĀ in theĀidentity.xml
Ā file found in theĀ<IS_HOME>/repository/conf/identity
Ā folder.Ā Enable the SCIM 2.0 listener whereĀ
orderid=93
Ā by setting the enable parameter toĀ true.Ā<EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener" orderId="90" enable="false" /> <!-- Enable the following SCIM2 event listener and disable the above SCIM event listener if SCIM2 is used. --> <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.scim2.common.listener.SCIMUserOperationListener" orderId="93" enable="true" />
Tip: For sample cURL commands and more information on user and tenant management using SCIM 2.0 REST APIs, see theĀ REST API swagger docs for SCIM APIs.
The default permissions required to access each resource in SCIM 2.0 are given below.
Endpoint | HTTP Method | Permission |
---|---|---|
/scim2/Users | POST | /permission/admin/manage/identity/usermgt/create |
/scim2/Users | GET | /permission/admin/manage/identity/usermgt/list |
/scim2/Groups | POST | /permission/admin/manage/identity/rolemgt/create |
/scim2/Groups | GET | /permission/admin/manage/identity/rolemgt/view |
/scim2/Users/(.*) | GET | /permission/admin/manage/identity/usermgt/view |
/scim2/Users/(.*) | PUT | /permission/admin/manage/identity/usermgt/update |
/scim2/Users/(.*) | PATCH | /permission/admin/manage/identity/usermgt/update |
/scim2/Users/(.*) | DELETE | /permission/admin/manage/identity/usermgt/delete |
/scim2/Groups/(.*) | GET | /permission/admin/manage/identity/rolemgt/view |
/scim2/Groups/(.*) | PUT | /permission/admin/manage/identity/rolemgt/update |
/scim2/Groups/(.*) | PATCH | /permission/admin/manage/identity/rolemgt/update |
/scim2/Groups/(.*) | DELETE | /permission/admin/manage/identity/rolemgt/delete |
/scim2/Me | GET | /permission/admin/login |
/scim2/Me | DELETE | /permission/admin/login |
/scim2/Me | PUT | /permission/admin/login |
/scim2/Me | PATCH | /permission/admin/login |
/scim2/Me | POST | /permission/admin/manage/identity/usermgt/create |
/scim2/ServiceProviderConfig | all | - |
/scim2/ResourceType | all | - |
/scim2/Bulk | all | /permission/admin/manage/identity/usermgt |
More information about how to secure the REST APIs and configure authorization level can be found from Authenticating and Authorizing REST APIs