This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, go to https://wso2.com/documentation/.

Using the SCIM 2.0 REST APIs

Owned by Former user (Deleted)
Last updated: Jul 12, 2023 by divyaa
3 min read

Prior to IS 5.4.0, SCIM 2.0 was supported as an external connector that could be plugged in to WSO2 Identity Server. From 5.4.0 onwards, SCIM 2.0 is supported OOTB with WSO2 IS.

For information on user and tenant management using SCIM 2.0 REST APIs, see the REST API swagger docs for SCIM APIs.

The default permissions required to access each resource in SCIM 2.0 are given below. 

EndpointHTTP MethodPermission
/scim2/Users
POST
        
/permission/admin/manage/identity/usermgt/create
        
/scim2/Users
        
GET
        
/permission/admin/manage/identity/usermgt/list
        
/scim2/Groups
        
POST
        
/permission/admin/manage/identity/rolemgt/create
        
/scim2/Groups
        
GET
        
/permission/admin/manage/identity/rolemgt/view
        
/scim2/Users/(.*)
        
GET
        
/permission/admin/manage/identity/usermgt/view
        
/scim2/Users/(.*)
PUT
/permission/admin/manage/identity/usermgt/update
        
/scim2/Users/(.*)
PATCH
/permission/admin/manage/identity/usermgt/update
        
/scim2/Users/(.*)
DELETE
/permission/admin/manage/identity/usermgt/delete
        
/scim2/Groups/(.*)
        
GET
        
/permission/admin/manage/identity/rolemgt/view
        
/scim2/Groups/(.*)
PUT
/permission/admin/manage/identity/rolemgt/update
        
/scim2/Groups/(.*)
PATCH
/permission/admin/manage/identity/rolemgt/update
        
/scim2/Groups/(.*)
DELETE
/permission/admin/manage/identity/rolemgt/delete
        
/scim2/Me
GET
/permission/admin/login
        
/scim2/Me
DELETE
/permission/admin/login
        
/scim2/Me
PUT
/permission/admin/login
        
/scim2/Me
PATCH
/permission/admin/login
        
/scim2/Me
POST
/permission/admin/manage/identity/usermgt/create
        
/scim2/ServiceProviderConfig
all-
/scim2/ResourceType
all-
/scim2/Bulk
all
/permission/admin/manage/identity/usermgt

The  EnableFilteringEnhancements   property is introduced to identity.xml in <IS_HOME>/repository/conf/identity in order to apply filtering enhancements for SCIM2 filter results. This property makes sure that Eq checks for the String match (in this case cross user store search will not be performed). It also enforces consistency in the filtered attribute formats in the response when filtering is done via different endpoints. For example, when this property is enabled, the two endpoints, Users and Groups will have the same format of response.

To use this feature, apply the 3749 WUM update for WSO2 IS 5.7.0 using the WSO2 Update Manager (WUM).

To deploy a WUM update into production, you need to have a paid subscription. If you do not have a paid subscription, you can use this feature with the next version of WSO2 Identity Server when it is released. For more information on updating WSO2 Identity Server using WUM, see Getting Started with WUM in the WSO2 Administration Guide.

<SCIM2><EnableFilteringEnhancements>true</EnableFilteringEnhancements></SCIM2>

More information about how to secure the REST APIs and configure authorization level can be found from Authenticating and Authorizing REST APIs