Supported SCIM API endpoints¶
MKE supports SCIM API endpoints across three operational areas: User, Group, and Service Provider Configuration.
User operations¶
The SCIM API endpoints that serve in user operations provide the means to:
Retrieve user information
Create a new user
Update user information
For user GET and POST operations:
Filtering is only supported using the
userName
attribute andeq
operator. For example,filter=userName Eq "john"
.Attribute name and attribute operator are case insensitive. For example, the following two expressions have the same logical value:
filter=userName Eq "john"
filter=Username eq "john"
Pagination is fully supported.
Sorting is not supported.
GET /Users¶
Returns a list of SCIM users (by default, 200 users per page).
Use the startIndex
and count
query parameters to paginate long lists of
users. For example, to retrieve the first 20 Users, set startIndex
to 1
and count
to 20
, provide the following JSON request:
GET Host IP/enzi/v0/scim/v2/Users?startIndex=1&count=20
Host: example.com
Accept: application/scim+json
Authorization: Bearer h480djs93hd8
The response to the previous query returns paging metadata that is similar to the following example:
{
"totalResults":100,
"itemsPerPage":20,
"startIndex":1,
"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
"Resources":[{
...
}]
}
GET /Users/{id}¶
Retrieves a single user resource.
The value of the {id}
should be the user’s ID. You can also use the
userName
attribute to filter the results.
GET {Host IP}/enzi/v0/scim/v2/Users?{user ID}
Host: example.com
Accept: application/scim+json
Authorization: Bearer h480djs93hd8
POST /Users¶
Creates a user.
The operation must include the userName
attribute and at least one
email address.
POST {Host IP}/enzi/v0/scim/v2/Users
Host: example.com
Accept: application/scim+json
Authorization: Bearer h480djs93hd8
PATCH /Users/{id}¶
Updates a user’s active
status.
Reactivate inactive users by specifying "active": true
. To deactivate
active users, specify "active": false
. The value of the {id}
should be
the user’s ID.
PATCH {Host IP}/enzi/v0/scim/v2/Users?{user ID}
Host: example.com
Accept: application/scim+json
Authorization: Bearer h480djs93hd8
PUT /Users/{id}¶
Updates existing user information.
All attribute values are overwritten, including attributes for which empty
values or no values have been provided. If a previously set attribute value is
left blank during a PUT
operation, the value is updated with a blank value
in accordance with the attribute data type and storage provider. The value of
the {id}
should be the user’s ID.
Group operations¶
The SCIM API endpoints that serve in group operations provide the means to:
Create a new user group
Retrieve group information
Update user group membership (add/replace/remove users)
For group GET
and POST
operations:
Pagination is fully supported.
Sorting is not supported.
GET /Groups/{id}¶
Retrieves information for a single group.
GET /scim/v1/Groups?{Group ID}
Host: example.com
Accept: application/scim+json
Authorization: Bearer h480djs93hd8
GET /Groups¶
Returns a paginated list of groups (by default, ten groups per page).
Use the startIndex
and count
query parameters to paginate long lists of
groups.
GET /scim/v1/Groups?startIndex=4&count=500 HTTP/1.1
Host: example.com
Accept: application/scim+json
Authorization: Bearer h480djs93hd8
POST /Groups¶
Creates a new group.
Add users to the group during group creation by supplying user ID
values in the members
array.
PATCH /Groups/{id}¶
Updates an existing group resource, allowing the addition or removal of
individual (or groups of) users from the group with a single operation. Add
is the default operation.
To remove members from a group, set the operation attribute of a member object
to delete
.
PUT /Groups/{id}¶
Updates an existing group resource, overwriting all values for a group even if an attribute is empty or is not provided.
PUT
replaces all members of a group with members that are provided by way
of the members
attribute. If a previously set attribute is left blank
during a PUT
operation, the new value is set to blank in accordance with
the data type of the attribute and the storage provider.
Service Provider configuration operations¶
The SCIM API endpoints that serve in Service provider configuration operations provide the means to:
Retrieve service provider resource type metadata
Retrieve schema for service provider and SCIM resources
Retrieve schema for service provider configuration
SCIM defines three endpoints to facilitate discovery of the SCIM service provider features and schema that you can retrieve using HTTP GET:
GET /ResourceTypes¶
Discovers the resource types available on a SCIM service provider (for example, Users and Groups).
Each resource type defines the endpoints, the core schema URI that defines the resource, and any supported schema extensions.
GET /Schemas¶
Retrieves information about all supported resource schemas supported by a SCIM service provider.
GET /ServiceProviderConfig¶
Returns a JSON structure that describes the SCIM specification features
that are available on a service provider using a schemas
attribute of
urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig
.