Patch user
PATCH/nevisidm/api/scim/v1/:clientExtId/Users/:id
Applies partial updates to a user using SCIM PATCH operations (add, replace, remove). Supports patching credentials, profiles, authorizations, addresses, emails, phone numbers, login info, and custom properties.
By default, the patched user is returned in the response body (200 OK). If performGet is set to false in the request body (or the server-side default application.scim.patch-performs-get-by-default is false), returns 204 No Content instead.
Request
Path Parameters
Client's external identifier.
User's internal identifier.
- application/json
Body
required
- Array [
- ScimCredentialCertInfo
- ScimCredentialContextPassword
- ScimCredentialDevicePassword
- ScimCredentialFido2
- ScimCredentialFidoUaf
- ScimCredentialGeneric
- ScimCredentialKerberos
- ScimCredentialMTan
- ScimCredentialMobileSignature
- ScimCredentialOTP
- ScimCredentialOath
- ScimCredentialPassword
- ScimCredentialPuk
- ScimCredentialRecoveryCode
- ScimCredentialSafeWordUser
- ScimCredentialSamlFederation
- ScimCredentialSecurId
- ScimCredentialSecurityQuestion
- ScimCredentialTempStrongPassword
- ScimCredentialTicket
- ScimCredentialUnsupported
- ScimCredentialUrlTicket
- ScimCredentialVasco
- Array [
- ]
- Array [
- ]
- Array [
- ]
- Array [
- Array [
- ]
- Array [
- ]
- ]
- Array [
- ]
- Array [
- ]
- Array [
- ]
- Array [
- ]
- ]
operations object[]required
List of patch operations to be performed.
Operation type that need to be performed. Valid values are: replace, add and remove.
The operation will be performed on this path. We support only [extId='id'] filtering selector
Possible values: [TEXTUAL, PHYSICAL_ADDRESS, MULTI_ATTRIBUTE, CREDENTIAL, PROFILE, IDM_AUTHORIZATION, APP_AUTHORIZATION, ENTERPRISE_AUTHORIZATION, LOGIN_INFO, CREDENTIAL_LOGIN_INFO, PROPERTY]
Value to be processed as the patch operation. It can be complex, such as credential, but we don't support lists of values. Delete operation must not have a value.
physicalAddress ScimPhysicalAddress
SCIM defined complex to hold postal address. Defined in ScimUser.
The full street address component. This part is mapped to addressline1 and addressline2 properties of User with separating new line character (only one supported).
The city or locality component. This part is mapped to city property of User.
The state or region component. This part is not mapped to any property of User, yet.
The zipcode or postal code component. This part is mapped to postalcode property of User.
The country name component. This part is mapped to country property of User.
A label indicating the attribute's function; e.g. 'work' or 'home'. This part is not mapped to any property of User, yet.
A Boolean value indicating the 'primary' or preferred. This part is not mapped to any property of User, yet.
multiAttribute ScimMultiAttribute
SCIM defined complex to hold multiple attributes for eg. phone numbers, email addresses. Defined for ScimUser.
Attribute value (eg. email address, prhone number. This part is mapped to the referred property of User.
A human readable name, primarily used for display purposes. This part is not mapped, for output the value is repeated here.
A label indicating the attribute's function; e.g. 'work', 'home', etc. For email this part is not mapped. For phone the following values are accepted and required: 'telephone', 'telefax' or 'mobile'. Other types are not supported, yet.
A Boolean value indicating the 'primary' or preferred. This part is not mapped, the first one always true the rest always false.
credential object
External identifier for the credential. Must be unique.
Possible values: [PASSWORD, GENERIC, FIDO2, TICKET, MTAN, RECOVERY_CODE, TEMPSTRONGPASSWORD, SAFEWORDUSER, SECURID, PUK, FIDO_UAF, CONTEXTPASSWORD, CERTIFICATE, KERBEROS, VASCO, URLTICKET, MOBILESIGNATURE, SAMLFEDERATION, DEVICEPASSWORD, OATH, OTP, SECURITYQUESTIONS, UNSUPPORTED]
Type of the credential.
Name attribute for the credential.
Possible values: [INITIAL, ACTIVE, TMP_LOCKED, FAIL_LOCKED, RESET_CODE, ADMIN_CHANGED, DISABLED, ARCHIVED]
Enumeration value indicating the credential's administrative status.
Validity starting timestamp for the credential.
Validity ending timestamp for the credential.
properties object
Name value pairs map of Credential's custom properties.
Name value pairs map of Credential's custom properties.
The external ID of the used policy.
The certificate value of the credential.
DN of the subject.
DN of the issuer.
Fingerprint of the certificate in hexbyte-colon notation.
Serial number.
The subject key identifier extension stored in the certificate credential.
External identifier for the credential. Must be unique.
Possible values: [PASSWORD, GENERIC, FIDO2, TICKET, MTAN, RECOVERY_CODE, TEMPSTRONGPASSWORD, SAFEWORDUSER, SECURID, PUK, FIDO_UAF, CONTEXTPASSWORD, CERTIFICATE, KERBEROS, VASCO, URLTICKET, MOBILESIGNATURE, SAMLFEDERATION, DEVICEPASSWORD, OATH, OTP, SECURITYQUESTIONS, UNSUPPORTED]
Type of the credential.
Name attribute for the credential.
Possible values: [INITIAL, ACTIVE, TMP_LOCKED, FAIL_LOCKED, RESET_CODE, ADMIN_CHANGED, DISABLED, ARCHIVED]
Enumeration value indicating the credential's administrative status.
Validity starting timestamp for the credential.
Validity ending timestamp for the credential.
properties object
Name value pairs map of Credential's custom properties.
Name value pairs map of Credential's custom properties.
The external ID of the used policy.
Hashed password value with message digest algorithm prefix. The prefix must be a valid message digest algorithm and the content must be base64 encoded byte array where the extra part after the requested number of bytes by the algorithm is used as salt. Without algorithm prefix the value is used as plain text value and it is being hashed with default password hashing algorithm (SSHA256). SSHA is alias for SHA and SSHA256 is alias for SHA-256 algorithms.With the right policy, it is possible to encrypt the password instead of hashing it.
In order to log in using the context password, the context must be given by the user, which uniquely defines which context password to use.
External identifier for the credential. Must be unique.
Possible values: [PASSWORD, GENERIC, FIDO2, TICKET, MTAN, RECOVERY_CODE, TEMPSTRONGPASSWORD, SAFEWORDUSER, SECURID, PUK, FIDO_UAF, CONTEXTPASSWORD, CERTIFICATE, KERBEROS, VASCO, URLTICKET, MOBILESIGNATURE, SAMLFEDERATION, DEVICEPASSWORD, OATH, OTP, SECURITYQUESTIONS, UNSUPPORTED]
Type of the credential.
Name attribute for the credential.
Possible values: [INITIAL, ACTIVE, TMP_LOCKED, FAIL_LOCKED, RESET_CODE, ADMIN_CHANGED, DISABLED, ARCHIVED]
Enumeration value indicating the credential's administrative status.
Validity starting timestamp for the credential.
Validity ending timestamp for the credential.
properties object
Name value pairs map of Credential's custom properties.
Name value pairs map of Credential's custom properties.
The external ID of the used policy.
Hashed password value with message digest algorithm prefix. The prefix must be a valid message digest algorithm and the content must be base64 encoded byte array where the extra part after the requested number of bytes by the algorithm is used as salt. Without algorithm prefix the value is used as plain text value and it is being hashed with default password hashing algorithm (SSHA256). SSHA is alias for SHA and SSHA256 is alias for SHA-256 algorithms.
External identifier for the credential. Must be unique.
Possible values: [PASSWORD, GENERIC, FIDO2, TICKET, MTAN, RECOVERY_CODE, TEMPSTRONGPASSWORD, SAFEWORDUSER, SECURID, PUK, FIDO_UAF, CONTEXTPASSWORD, CERTIFICATE, KERBEROS, VASCO, URLTICKET, MOBILESIGNATURE, SAMLFEDERATION, DEVICEPASSWORD, OATH, OTP, SECURITYQUESTIONS, UNSUPPORTED]
Type of the credential.
Name attribute for the credential.
Possible values: [INITIAL, ACTIVE, TMP_LOCKED, FAIL_LOCKED, RESET_CODE, ADMIN_CHANGED, DISABLED, ARCHIVED]
Enumeration value indicating the credential's administrative status.
Validity starting timestamp for the credential.
Validity ending timestamp for the credential.
properties object
Name value pairs map of Credential's custom properties.
Name value pairs map of Credential's custom properties.
The external ID of the used policy.
A 128-bit identifier indicating the type (e.g. make and model) of the authenticator
The server’s preference on how it would like to verify the attestations of the authenticators.
CBOR serialized authenticator object
Defines how the authenticator is accessed by the WebAuthn client, i.e. where the authenticator is at.
The hashed credential ID generated by the authenticator. It may contain the encrypted private key of the client.
Domain name of Relying Party
Whether the server is willing to accept residental keys (i.e. whether storing the webauthn private key encrypted on the server side is okay or not)
User agent used by the AuthCloud team, no FIDO2 relation.
The technical process by which an authenticator locally authorizes the invocation of the authenticatorMakeCredential and authenticatorGetAssertion operations (i.e. grants access for the user to proceed with the WebAuthn flows).
The technical process by which an authenticator locally authorizes the invocation of the authenticatorMakeCredential and authenticatorGetAssertion operations (i.e. grants access for the user to proceed with the WebAuthn flows).
External identifier for the credential. Must be unique.
Possible values: [PASSWORD, GENERIC, FIDO2, TICKET, MTAN, RECOVERY_CODE, TEMPSTRONGPASSWORD, SAFEWORDUSER, SECURID, PUK, FIDO_UAF, CONTEXTPASSWORD, CERTIFICATE, KERBEROS, VASCO, URLTICKET, MOBILESIGNATURE, SAMLFEDERATION, DEVICEPASSWORD, OATH, OTP, SECURITYQUESTIONS, UNSUPPORTED]
Type of the credential.
Name attribute for the credential.
Possible values: [INITIAL, ACTIVE, TMP_LOCKED, FAIL_LOCKED, RESET_CODE, ADMIN_CHANGED, DISABLED, ARCHIVED]
Enumeration value indicating the credential's administrative status.
Validity starting timestamp for the credential.
Validity ending timestamp for the credential.
properties object
Name value pairs map of Credential's custom properties.
Name value pairs map of Credential's custom properties.
The external ID of the used policy.
The authenticator attestation identifier. The aaid is a unique identifier assigned to a model, class or batch of FIDO authenticators that all share the same characteristics.
The key identifier of the authenticator's registered key.
The device identifier obtained from a push service, which sends push messages to this specific device.
Indicates how many times this authenticator has performed signatures in the past.
The version of the authenticator.
Possible values: non-empty
OS-specific ID of the application that uses the FIDO credential.
Possible values: non-empty
Public key algorithm used for the public key in the authenticator record. You need this information in order to know how to decode the key later on.
Possible values: non-empty
The user authentication public key generated by the FIDO authenticator during the registration process. The key is stored in the credential attribute value.
In contrast with the deviceId this field can guarantee a unique 1:N association between the dispatch target and the UAF credential.
dispatchTarget ScimDispatchTarget
Human readable name of the device
The external ID of the Dispatch Target
The device identifier
The target identifier of the channel
The name of the dispatcher
User-Agent of FIDO UAF device
Encryption key used for encrypting the channel data
The signature key used for signing dispatch channel information
The appId of the application where the device is registered
Possible values: [active, disabled]
The state of the dispatch target.
Possible values: [fido-uaf]
The type of the Dispatch Target
Business identification of the dispatch target.
appAttestation ScimAppAttestation
Attestation information for the dispatch target
Number of times the attestation was used to successfully validate an assertion
Receipt of the iOS App Attestation
Public Key of the iOS App Attestation
Device ID associated with the iOS App Attestation
User friendly name of the iOS App Attestation
The environment where this credential can be used
Possible values: [fullBasic, fullBasicPermissive, surrogateBasic, ecdaa, failedFullBasicPermissive]
The attestation type indicates with which type of attestation the authenticator has been registered.
External identifier for the credential. Must be unique.
Possible values: [PASSWORD, GENERIC, FIDO2, TICKET, MTAN, RECOVERY_CODE, TEMPSTRONGPASSWORD, SAFEWORDUSER, SECURID, PUK, FIDO_UAF, CONTEXTPASSWORD, CERTIFICATE, KERBEROS, VASCO, URLTICKET, MOBILESIGNATURE, SAMLFEDERATION, DEVICEPASSWORD, OATH, OTP, SECURITYQUESTIONS, UNSUPPORTED]
Type of the credential.
Name attribute for the credential.
Possible values: [INITIAL, ACTIVE, TMP_LOCKED, FAIL_LOCKED, RESET_CODE, ADMIN_CHANGED, DISABLED, ARCHIVED]
Enumeration value indicating the credential's administrative status.
Validity starting timestamp for the credential.
Validity ending timestamp for the credential.
properties object
Name value pairs map of Credential's custom properties.
Name value pairs map of Credential's custom properties.
The external ID of the used policy.
Plaintext password value.
External identifier for the credential. Must be unique.
Possible values: [PASSWORD, GENERIC, FIDO2, TICKET, MTAN, RECOVERY_CODE, TEMPSTRONGPASSWORD, SAFEWORDUSER, SECURID, PUK, FIDO_UAF, CONTEXTPASSWORD, CERTIFICATE, KERBEROS, VASCO, URLTICKET, MOBILESIGNATURE, SAMLFEDERATION, DEVICEPASSWORD, OATH, OTP, SECURITYQUESTIONS, UNSUPPORTED]
Type of the credential.
Name attribute for the credential.
Possible values: [INITIAL, ACTIVE, TMP_LOCKED, FAIL_LOCKED, RESET_CODE, ADMIN_CHANGED, DISABLED, ARCHIVED]
Enumeration value indicating the credential's administrative status.
Validity starting timestamp for the credential.
Validity ending timestamp for the credential.
properties object
Name value pairs map of Credential's custom properties.
Name value pairs map of Credential's custom properties.
The external ID of the used policy.
Identifier of the credential
External identifier for the credential. Must be unique.
Possible values: [PASSWORD, GENERIC, FIDO2, TICKET, MTAN, RECOVERY_CODE, TEMPSTRONGPASSWORD, SAFEWORDUSER, SECURID, PUK, FIDO_UAF, CONTEXTPASSWORD, CERTIFICATE, KERBEROS, VASCO, URLTICKET, MOBILESIGNATURE, SAMLFEDERATION, DEVICEPASSWORD, OATH, OTP, SECURITYQUESTIONS, UNSUPPORTED]
Type of the credential.
Name attribute for the credential.
Possible values: [INITIAL, ACTIVE, TMP_LOCKED, FAIL_LOCKED, RESET_CODE, ADMIN_CHANGED, DISABLED, ARCHIVED]
Enumeration value indicating the credential's administrative status.
Validity starting timestamp for the credential.
Validity ending timestamp for the credential.
properties object
Name value pairs map of Credential's custom properties.
Name value pairs map of Credential's custom properties.
The external ID of the used policy.
Mobile number which is in raw or E164 format.
External identifier for the credential. Must be unique.
Possible values: [PASSWORD, GENERIC, FIDO2, TICKET, MTAN, RECOVERY_CODE, TEMPSTRONGPASSWORD, SAFEWORDUSER, SECURID, PUK, FIDO_UAF, CONTEXTPASSWORD, CERTIFICATE, KERBEROS, VASCO, URLTICKET, MOBILESIGNATURE, SAMLFEDERATION, DEVICEPASSWORD, OATH, OTP, SECURITYQUESTIONS, UNSUPPORTED]
Type of the credential.
Name attribute for the credential.
Possible values: [INITIAL, ACTIVE, TMP_LOCKED, FAIL_LOCKED, RESET_CODE, ADMIN_CHANGED, DISABLED, ARCHIVED]
Enumeration value indicating the credential's administrative status.
Validity starting timestamp for the credential.
Validity ending timestamp for the credential.
properties object
Name value pairs map of Credential's custom properties.
Name value pairs map of Credential's custom properties.
The external ID of the used policy.
MSSP-specific identificator of the mobile signature credential.
URI-based identifier of MSSP.
X509 signer certificate in PEM format.
Calling number for mobile device according to ETSI Standard.
External identifier for the credential. Must be unique.
Possible values: [PASSWORD, GENERIC, FIDO2, TICKET, MTAN, RECOVERY_CODE, TEMPSTRONGPASSWORD, SAFEWORDUSER, SECURID, PUK, FIDO_UAF, CONTEXTPASSWORD, CERTIFICATE, KERBEROS, VASCO, URLTICKET, MOBILESIGNATURE, SAMLFEDERATION, DEVICEPASSWORD, OATH, OTP, SECURITYQUESTIONS, UNSUPPORTED]
Type of the credential.
Name attribute for the credential.
Possible values: [INITIAL, ACTIVE, TMP_LOCKED, FAIL_LOCKED, RESET_CODE, ADMIN_CHANGED, DISABLED, ARCHIVED]
Enumeration value indicating the credential's administrative status.
Validity starting timestamp for the credential.
Validity ending timestamp for the credential.
properties object
Name value pairs map of Credential's custom properties.
Name value pairs map of Credential's custom properties.
The external ID of the used policy.
Indexed table of small passwords.
External identifier for the credential. Must be unique.
Possible values: [PASSWORD, GENERIC, FIDO2, TICKET, MTAN, RECOVERY_CODE, TEMPSTRONGPASSWORD, SAFEWORDUSER, SECURID, PUK, FIDO_UAF, CONTEXTPASSWORD, CERTIFICATE, KERBEROS, VASCO, URLTICKET, MOBILESIGNATURE, SAMLFEDERATION, DEVICEPASSWORD, OATH, OTP, SECURITYQUESTIONS, UNSUPPORTED]
Type of the credential.
Name attribute for the credential.
Possible values: [INITIAL, ACTIVE, TMP_LOCKED, FAIL_LOCKED, RESET_CODE, ADMIN_CHANGED, DISABLED, ARCHIVED]
Enumeration value indicating the credential's administrative status.
Validity starting timestamp for the credential.
Validity ending timestamp for the credential.
properties object
Name value pairs map of Credential's custom properties.
Name value pairs map of Credential's custom properties.
The external ID of the used policy.
The ID of the OATH hashing algorithm to use. Possible options: 1 (SHA1), 2 (SHA256), 3 (SHA512)
The length of the generated token. Possible options: 6, 7, 8
The ID of the OATH authentication method to use. Possible options: 1 (HOTP), 2 (TOTP)
The time window (in seconds) how long a TOTP token is valid.
The counter for tokens. This is increased on each successful authentication.
Detected clock drift for the token in terms of the number of time steps.
Flag to make sure the credential is only shared once.
The secret that is required to initialize the mobile application.
Context of the credential. This is used as a label for the credential.
External identifier for the credential. Must be unique.
Possible values: [PASSWORD, GENERIC, FIDO2, TICKET, MTAN, RECOVERY_CODE, TEMPSTRONGPASSWORD, SAFEWORDUSER, SECURID, PUK, FIDO_UAF, CONTEXTPASSWORD, CERTIFICATE, KERBEROS, VASCO, URLTICKET, MOBILESIGNATURE, SAMLFEDERATION, DEVICEPASSWORD, OATH, OTP, SECURITYQUESTIONS, UNSUPPORTED]
Type of the credential.
Name attribute for the credential.
Possible values: [INITIAL, ACTIVE, TMP_LOCKED, FAIL_LOCKED, RESET_CODE, ADMIN_CHANGED, DISABLED, ARCHIVED]
Enumeration value indicating the credential's administrative status.
Validity starting timestamp for the credential.
Validity ending timestamp for the credential.
properties object
Name value pairs map of Credential's custom properties.
Name value pairs map of Credential's custom properties.
The external ID of the used policy.
Hashed password value with message digest algorithm prefix. The prefix must be a valid message digest algorithm and the content must be base64 encoded byte array where the extra part after the requested number of bytes by the algorithm is used as salt. Without algorithm prefix the value is used as plain text value and it is being hashed with default password hashing algorithm (SSHA256). SSHA is alias for SHA and SSHA256 is alias for SHA-256 algorithms.
External identifier for the credential. Must be unique.
Possible values: [PASSWORD, GENERIC, FIDO2, TICKET, MTAN, RECOVERY_CODE, TEMPSTRONGPASSWORD, SAFEWORDUSER, SECURID, PUK, FIDO_UAF, CONTEXTPASSWORD, CERTIFICATE, KERBEROS, VASCO, URLTICKET, MOBILESIGNATURE, SAMLFEDERATION, DEVICEPASSWORD, OATH, OTP, SECURITYQUESTIONS, UNSUPPORTED]
Type of the credential.
Name attribute for the credential.
Possible values: [INITIAL, ACTIVE, TMP_LOCKED, FAIL_LOCKED, RESET_CODE, ADMIN_CHANGED, DISABLED, ARCHIVED]
Enumeration value indicating the credential's administrative status.
Validity starting timestamp for the credential.
Validity ending timestamp for the credential.
properties object
Name value pairs map of Credential's custom properties.
Name value pairs map of Credential's custom properties.
The external ID of the used policy.
Hashed ticket value with message digest algorithm prefix.Without algorithm prefix the value is used as plain text value and it is being hashed with default hashing algorithm (SSHA256). SSHA is alias for SHA and SSHA256 is alias for SHA-256 algorithms.
External identifier for the credential. Must be unique.
Possible values: [PASSWORD, GENERIC, FIDO2, TICKET, MTAN, RECOVERY_CODE, TEMPSTRONGPASSWORD, SAFEWORDUSER, SECURID, PUK, FIDO_UAF, CONTEXTPASSWORD, CERTIFICATE, KERBEROS, VASCO, URLTICKET, MOBILESIGNATURE, SAMLFEDERATION, DEVICEPASSWORD, OATH, OTP, SECURITYQUESTIONS, UNSUPPORTED]
Type of the credential.
Name attribute for the credential.
Possible values: [INITIAL, ACTIVE, TMP_LOCKED, FAIL_LOCKED, RESET_CODE, ADMIN_CHANGED, DISABLED, ARCHIVED]
Enumeration value indicating the credential's administrative status.
Validity starting timestamp for the credential.
Validity ending timestamp for the credential.
properties object
Name value pairs map of Credential's custom properties.
Name value pairs map of Credential's custom properties.
The external ID of the used policy.
codes ScimRecoveryCode[]
Recovery codes, which are random String values of 16 characters of upper or lower case ASCII characters or numbers separated by dashes
Date of use. The value is null if the code is not used.
External identifier for the credential. Must be unique.
Possible values: [PASSWORD, GENERIC, FIDO2, TICKET, MTAN, RECOVERY_CODE, TEMPSTRONGPASSWORD, SAFEWORDUSER, SECURID, PUK, FIDO_UAF, CONTEXTPASSWORD, CERTIFICATE, KERBEROS, VASCO, URLTICKET, MOBILESIGNATURE, SAMLFEDERATION, DEVICEPASSWORD, OATH, OTP, SECURITYQUESTIONS, UNSUPPORTED]
Type of the credential.
Name attribute for the credential.
Possible values: [INITIAL, ACTIVE, TMP_LOCKED, FAIL_LOCKED, RESET_CODE, ADMIN_CHANGED, DISABLED, ARCHIVED]
Enumeration value indicating the credential's administrative status.
Validity starting timestamp for the credential.
Validity ending timestamp for the credential.
properties object
Name value pairs map of Credential's custom properties.
Name value pairs map of Credential's custom properties.
The external ID of the used policy.
The content of the safe word credential
External identifier for the credential. Must be unique.
Possible values: [PASSWORD, GENERIC, FIDO2, TICKET, MTAN, RECOVERY_CODE, TEMPSTRONGPASSWORD, SAFEWORDUSER, SECURID, PUK, FIDO_UAF, CONTEXTPASSWORD, CERTIFICATE, KERBEROS, VASCO, URLTICKET, MOBILESIGNATURE, SAMLFEDERATION, DEVICEPASSWORD, OATH, OTP, SECURITYQUESTIONS, UNSUPPORTED]
Type of the credential.
Name attribute for the credential.
Possible values: [INITIAL, ACTIVE, TMP_LOCKED, FAIL_LOCKED, RESET_CODE, ADMIN_CHANGED, DISABLED, ARCHIVED]
Enumeration value indicating the credential's administrative status.
Validity starting timestamp for the credential.
Validity ending timestamp for the credential.
properties object
Name value pairs map of Credential's custom properties.
Name value pairs map of Credential's custom properties.
The external ID of the used policy.
Identifies of the subject of the SAML assertion (generally user to be authenticated).
Aligns the expectations between the identity provider and the service provider on the user identity that is communicated
Identifies of the issuer of the SAML assertion.
Aligns the expectations between the identity provider and the service provider on the user identity that is communicated
Hashed identification value with optional message digest algorithm prefix. Without algorithm prefix the value is used as plain text input for the default password hashing algorithm.SSHA is alias for SHA-1 and SSHA256 is alias for SHA-256 algorithms (string).
External identifier for the credential. Must be unique.
Possible values: [PASSWORD, GENERIC, FIDO2, TICKET, MTAN, RECOVERY_CODE, TEMPSTRONGPASSWORD, SAFEWORDUSER, SECURID, PUK, FIDO_UAF, CONTEXTPASSWORD, CERTIFICATE, KERBEROS, VASCO, URLTICKET, MOBILESIGNATURE, SAMLFEDERATION, DEVICEPASSWORD, OATH, OTP, SECURITYQUESTIONS, UNSUPPORTED]
Type of the credential.
Name attribute for the credential.
Possible values: [INITIAL, ACTIVE, TMP_LOCKED, FAIL_LOCKED, RESET_CODE, ADMIN_CHANGED, DISABLED, ARCHIVED]
Enumeration value indicating the credential's administrative status.
Validity starting timestamp for the credential.
Validity ending timestamp for the credential.
properties object
Name value pairs map of Credential's custom properties.
Name value pairs map of Credential's custom properties.
The external ID of the used policy.
The SecurID username.
External identifier for the credential. Must be unique.
Possible values: [PASSWORD, GENERIC, FIDO2, TICKET, MTAN, RECOVERY_CODE, TEMPSTRONGPASSWORD, SAFEWORDUSER, SECURID, PUK, FIDO_UAF, CONTEXTPASSWORD, CERTIFICATE, KERBEROS, VASCO, URLTICKET, MOBILESIGNATURE, SAMLFEDERATION, DEVICEPASSWORD, OATH, OTP, SECURITYQUESTIONS, UNSUPPORTED]
Type of the credential.
Name attribute for the credential.
Possible values: [INITIAL, ACTIVE, TMP_LOCKED, FAIL_LOCKED, RESET_CODE, ADMIN_CHANGED, DISABLED, ARCHIVED]
Enumeration value indicating the credential's administrative status.
Validity starting timestamp for the credential.
Validity ending timestamp for the credential.
properties object
Name value pairs map of Credential's custom properties.
Name value pairs map of Credential's custom properties.
The external ID of the used policy.
personalAnswers ScimPersonalAnswer[]
A set of personal answers with their personal questions.
Symmetrically encrypted answer of user.
External identifier of the personal question.
External identifier for the credential. Must be unique.
Possible values: [PASSWORD, GENERIC, FIDO2, TICKET, MTAN, RECOVERY_CODE, TEMPSTRONGPASSWORD, SAFEWORDUSER, SECURID, PUK, FIDO_UAF, CONTEXTPASSWORD, CERTIFICATE, KERBEROS, VASCO, URLTICKET, MOBILESIGNATURE, SAMLFEDERATION, DEVICEPASSWORD, OATH, OTP, SECURITYQUESTIONS, UNSUPPORTED]
Type of the credential.
Name attribute for the credential.
Possible values: [INITIAL, ACTIVE, TMP_LOCKED, FAIL_LOCKED, RESET_CODE, ADMIN_CHANGED, DISABLED, ARCHIVED]
Enumeration value indicating the credential's administrative status.
Validity starting timestamp for the credential.
Validity ending timestamp for the credential.
properties object
Name value pairs map of Credential's custom properties.
Name value pairs map of Credential's custom properties.
The external ID of the used policy.
Hashed password value with message digest algorithm prefix. The prefix must be a valid message digest algorithm and the content must be base64 encoded byte array where the extra part after the requested number of bytes by the algorithm is used as salt. Without algorithm prefix the value is used as plain text value and it is being hashed with default password hashing algorithm (SSHA256). SSHA is alias for SHA and SSHA256 is alias for SHA-256 algorithms. This password is only valid for a single login operation. Therefore, it could also be described as a one-time password credential, which is considered an exceptionally strong authentication method.
External identifier for the credential. Must be unique.
Possible values: [PASSWORD, GENERIC, FIDO2, TICKET, MTAN, RECOVERY_CODE, TEMPSTRONGPASSWORD, SAFEWORDUSER, SECURID, PUK, FIDO_UAF, CONTEXTPASSWORD, CERTIFICATE, KERBEROS, VASCO, URLTICKET, MOBILESIGNATURE, SAMLFEDERATION, DEVICEPASSWORD, OATH, OTP, SECURITYQUESTIONS, UNSUPPORTED]
Type of the credential.
Name attribute for the credential.
Possible values: [INITIAL, ACTIVE, TMP_LOCKED, FAIL_LOCKED, RESET_CODE, ADMIN_CHANGED, DISABLED, ARCHIVED]
Enumeration value indicating the credential's administrative status.
Validity starting timestamp for the credential.
Validity ending timestamp for the credential.
properties object
Name value pairs map of Credential's custom properties.
Name value pairs map of Credential's custom properties.
The external ID of the used policy.
Hashed ticket value with message digest algorithm prefix.
External identifier for the credential. Must be unique.
Possible values: [PASSWORD, GENERIC, FIDO2, TICKET, MTAN, RECOVERY_CODE, TEMPSTRONGPASSWORD, SAFEWORDUSER, SECURID, PUK, FIDO_UAF, CONTEXTPASSWORD, CERTIFICATE, KERBEROS, VASCO, URLTICKET, MOBILESIGNATURE, SAMLFEDERATION, DEVICEPASSWORD, OATH, OTP, SECURITYQUESTIONS, UNSUPPORTED]
Type of the credential.
Name attribute for the credential.
Possible values: [INITIAL, ACTIVE, TMP_LOCKED, FAIL_LOCKED, RESET_CODE, ADMIN_CHANGED, DISABLED, ARCHIVED]
Enumeration value indicating the credential's administrative status.
Validity starting timestamp for the credential.
Validity ending timestamp for the credential.
properties object
Name value pairs map of Credential's custom properties.
Name value pairs map of Credential's custom properties.
The external ID of the used policy.
Message about the credential type cannot be mapped
External identifier for the credential. Must be unique.
Possible values: [PASSWORD, GENERIC, FIDO2, TICKET, MTAN, RECOVERY_CODE, TEMPSTRONGPASSWORD, SAFEWORDUSER, SECURID, PUK, FIDO_UAF, CONTEXTPASSWORD, CERTIFICATE, KERBEROS, VASCO, URLTICKET, MOBILESIGNATURE, SAMLFEDERATION, DEVICEPASSWORD, OATH, OTP, SECURITYQUESTIONS, UNSUPPORTED]
Type of the credential.
Name attribute for the credential.
Possible values: [INITIAL, ACTIVE, TMP_LOCKED, FAIL_LOCKED, RESET_CODE, ADMIN_CHANGED, DISABLED, ARCHIVED]
Enumeration value indicating the credential's administrative status.
Validity starting timestamp for the credential.
Validity ending timestamp for the credential.
properties object
Name value pairs map of Credential's custom properties.
Name value pairs map of Credential's custom properties.
The external ID of the used policy.
Hashed identification value with message digest algorithm prefix. The prefix must be a valid message digest algorithm and the content must be base64 encoded byte array where the extra part after the requested number of bytes by the algorithm is used as salt. Without algorithm prefix the value is used as plain text value and it is being hashed with default password hashing algorithm (SSHA256). SSHA is alias for SHA and SSHA256 is alias for SHA-256 algorithms.
External identifier for the credential. Must be unique.
Possible values: [PASSWORD, GENERIC, FIDO2, TICKET, MTAN, RECOVERY_CODE, TEMPSTRONGPASSWORD, SAFEWORDUSER, SECURID, PUK, FIDO_UAF, CONTEXTPASSWORD, CERTIFICATE, KERBEROS, VASCO, URLTICKET, MOBILESIGNATURE, SAMLFEDERATION, DEVICEPASSWORD, OATH, OTP, SECURITYQUESTIONS, UNSUPPORTED]
Type of the credential.
Name attribute for the credential.
Possible values: [INITIAL, ACTIVE, TMP_LOCKED, FAIL_LOCKED, RESET_CODE, ADMIN_CHANGED, DISABLED, ARCHIVED]
Enumeration value indicating the credential's administrative status.
Validity starting timestamp for the credential.
Validity ending timestamp for the credential.
properties object
Name value pairs map of Credential's custom properties.
Name value pairs map of Credential's custom properties.
The external ID of the used policy.
tokens ScimVascoDpToken[]
Vasco digipass tokens.
profile ScimProfile
SCIM defined complex to hold IDM profiles. Defined for ScimUserExtension.
Possible values: [ACTIVE, DISABLED, ARCHIVED]
An enumeration value indicating the profile's administrative status.
Name of the profile.
Description for the profile.
External identifier for the profile. Must be unique.
Indicates it is the default profile of user or not. One and only one must true.
Validity starting timestamp can be defined for the profile.
Validity ending timestamp can be defined for the profile.
External identifier of deputed profile if exists.
Unit external identifier belonging to the client that the profile refers. By default the configured default unit for the client is used to.
properties object
Name value pairs map of Profile's custom properties.
Name value pairs map of Profile's custom properties.
idmAuthorizations ScimIdmAuthorization[]required
IDM role assignments for the profile.
External identifier for the enterprise authorization of profile. Must be unique.
Validity starting timestamp can be defined for the enterprise authorization of profile.
Validity ending timestamp can be defined for the enterprise authorization of profile.
The assigned role external identifier for the authorization of profile.
The user is authorized to manage all clients in the system.
The user is authorized to manage all units in the system.
The user is authorized to manage all applications in the system.
The user is authorized to manage all enterprise roles in the system.
The user is authorized to manage the selected clients in case all clients flag is false.
The user is authorized to manage the selected applications in case all applications flag is false.
authorizedUnitExtIdSetForClients object
The user is authorized to manage the selected client:units associations in case all units flag is false.
property name* string[]
The user is authorized to manage the selected client:units associations in case all units flag is false.
string
authorizedEnterpriseRoleExtIdSetForClients object
The user is authorized to manage the selected client:enterprise-roles associations in case all roles flag is false.
property name* string[]
The user is authorized to manage the selected client:enterprise-roles associations in case all roles flag is false.
string
appAuthorizations ScimAppAuthorization[]required
Application role assignments for the profile.
External identifier for the enterprise authorization of profile. Must be unique.
Validity starting timestamp can be defined for the enterprise authorization of profile.
Validity ending timestamp can be defined for the enterprise authorization of profile.
The assigned role external identifier for the authorization of profile.
properties object
Name value pairs map of Authorization's custom properties.
Name value pairs map of Authorization's custom properties.
enterpriseAuthorizations ScimEnterpriseAuthorization[]required
Enterprise role assignments for the profile.
External identifier for the enterprise authorization of profile. Must be unique.
Validity starting timestamp can be defined for the enterprise authorization of profile.
Validity ending timestamp can be defined for the enterprise authorization of profile.
The assigned role external identifier for the authorization of profile.
idmAuthorization ScimIdmAuthorization
SCIM defined complex to hold IDM authorizations. Defined for ScimUserExtension.
External identifier for the enterprise authorization of profile. Must be unique.
Validity starting timestamp can be defined for the enterprise authorization of profile.
Validity ending timestamp can be defined for the enterprise authorization of profile.
The assigned role external identifier for the authorization of profile.
The user is authorized to manage all clients in the system.
The user is authorized to manage all units in the system.
The user is authorized to manage all applications in the system.
The user is authorized to manage all enterprise roles in the system.
The user is authorized to manage the selected clients in case all clients flag is false.
The user is authorized to manage the selected applications in case all applications flag is false.
authorizedUnitExtIdSetForClients object
The user is authorized to manage the selected client:units associations in case all units flag is false.
property name* string[]
The user is authorized to manage the selected client:units associations in case all units flag is false.
string
authorizedEnterpriseRoleExtIdSetForClients object
The user is authorized to manage the selected client:enterprise-roles associations in case all roles flag is false.
property name* string[]
The user is authorized to manage the selected client:enterprise-roles associations in case all roles flag is false.
string
appAuthorization ScimAppAuthorization
SCIM defined complex to hold application authorizations. Defined for ScimUserExtension.
External identifier for the enterprise authorization of profile. Must be unique.
Validity starting timestamp can be defined for the enterprise authorization of profile.
Validity ending timestamp can be defined for the enterprise authorization of profile.
The assigned role external identifier for the authorization of profile.
properties object
Name value pairs map of Authorization's custom properties.
Name value pairs map of Authorization's custom properties.
enterpriseAuthorization ScimEnterpriseAuthorization
SCIM defined complex to hold enterprise authorizations. Defined for ScimUserExtension.
External identifier for the enterprise authorization of profile. Must be unique.
Validity starting timestamp can be defined for the enterprise authorization of profile.
Validity ending timestamp can be defined for the enterprise authorization of profile.
The assigned role external identifier for the authorization of profile.
property object
Shall the endpoint perform getting the patched resource, or not? The default is depending on system configuration. See: application.scim.patch-performs-get-by-default
Responses
- 200
- 400
- 404
- 422
User patched and returned successfully
- application/json
- Schema
- Example (from schema)
- User
Schema
- Array [
- ]
- Array [
- ]
- Array [
- ]
- Array [
- ]
- Array [
- Array [
- Array [
- ]
- Array [
- ]
- ]
- Array [
- ]
- Array [
- ]
- ]
An array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas that define the attributes present in the current JSON structure.
A unique identifier for a SCIM resource.
An identifier for the resource as defined by the provisioning client.
meta ScimMeta
SCIM defined complex to hold meta information.
The name of the resource type of the resource.
The date and time that the resource was added to the service provider.
The most recent date and time that the details of this resource were updated at the service provider.
The URI of the resource being returned.
The version of the resource being returned.
Unique identifier for the User for the actual customer. This is mapped to the loginId property of User.
name ScimName
SCIM defined complex to hold name of user. Defined for ScimUser.
The full name, including all middle names, titles, and suffixes. This is not mapped for input, just generated for output.
The family name of the User, or Last Name in most Western languages. This is mapped to name property of User.
The given name of the User, or First Name in most Western languages. This is mapped to firstName attribute of User.
The middle name(s) of the User. This is not mapped to any property of User, yet.
The honorific prefix(es) of the User, or Title in most Western languages. This is mapped to title property of User.
The name of the User, suitable for display to end-users. This is generated like name.formatted. If empty the userName will be returned.
Indicates the User's preferred written or spoken language. This is mapped to languageId property of User.
Used to indicate the User's default location for purposes of localizing items such as currency, date time format, numerical representations, etc. This is mapped to locality property of User.
A Boolean value indicating the User's administrative status. This it mapped to status property of User. 'true' => ACTIVE, 'false' => DISABLED; ACTIVE => 'true', otherwise 'false'.
emails ScimMultiAttribute[]required
E-mail addresses for the user. The Idm can accept only one email address. By default the email address is mandatory and must be unique. This is mapped to email and uniqueEmail properties of User.
Attribute value (eg. email address, prhone number. This part is mapped to the referred property of User.
A human readable name, primarily used for display purposes. This part is not mapped, for output the value is repeated here.
A label indicating the attribute's function; e.g. 'work', 'home', etc. For email this part is not mapped. For phone the following values are accepted and required: 'telephone', 'telefax' or 'mobile'. Other types are not supported, yet.
A Boolean value indicating the 'primary' or preferred. This part is not mapped, the first one always true the rest always false.
phoneNumbers ScimMultiAttribute[]
Phone numbers for the User. The Idm can accept three kind of phone numbers. Indicate the type as 'telephone', 'telefax' or 'mobile'. These values are mapped to properties indicated in type attribute.
Attribute value (eg. email address, prhone number. This part is mapped to the referred property of User.
A human readable name, primarily used for display purposes. This part is not mapped, for output the value is repeated here.
A label indicating the attribute's function; e.g. 'work', 'home', etc. For email this part is not mapped. For phone the following values are accepted and required: 'telephone', 'telefax' or 'mobile'. Other types are not supported, yet.
A Boolean value indicating the 'primary' or preferred. This part is not mapped, the first one always true the rest always false.
addresses ScimPhysicalAddress[]
Physical mailing addresses for this User. The Idm can accept only one address.This is mapped to country, city, postalcode, addressline2 and addressline1 properties of User.
The full mailing address, formatted for display or for label. This is not mapped for input, just generated for output.
The full street address component. This part is mapped to addressline1 and addressline2 properties of User with separating new line character (only one supported).
The city or locality component. This part is mapped to city property of User.
The state or region component. This part is not mapped to any property of User, yet.
The zipcode or postal code component. This part is mapped to postalcode property of User.
The country name component. This part is mapped to country property of User.
A label indicating the attribute's function; e.g. 'work' or 'home'. This part is not mapped to any property of User, yet.
A Boolean value indicating the 'primary' or preferred. This part is not mapped to any property of User, yet.
urn:nevis:idm:scim:schemas:v1:extension:User ScimUserExtension
SCIM User IDM extension for properties in IDM "User" that has not been covered by the ScimUser. Schema: "urn:nevis:idm:scim:schemas:v1:extension:User".
Description for the user.
Gender of the user.
Birthdate of the user.
Validity starting timestamp can be defined for the user.
Validity ending timestamp can be defined for the user.
Indicates if it the user is technical or not.
Street name of user's address.
House number of user's address.
Property unit number of user's address.
Post office box text of user's address.
Post office box number of user's address.
Name of template collection assigned to the user.
credentials ScimCredential[]required
List of credential a assigned to the user.
External identifier for the credential. Must be unique.
Possible values: [PASSWORD, GENERIC, FIDO2, TICKET, MTAN, RECOVERY_CODE, TEMPSTRONGPASSWORD, SAFEWORDUSER, SECURID, PUK, FIDO_UAF, CONTEXTPASSWORD, CERTIFICATE, KERBEROS, VASCO, URLTICKET, MOBILESIGNATURE, SAMLFEDERATION, DEVICEPASSWORD, OATH, OTP, SECURITYQUESTIONS, UNSUPPORTED]
Type of the credential.
Name attribute for the credential.
Possible values: [INITIAL, ACTIVE, TMP_LOCKED, FAIL_LOCKED, RESET_CODE, ADMIN_CHANGED, DISABLED, ARCHIVED]
Enumeration value indicating the credential's administrative status.
Validity starting timestamp for the credential.
Validity ending timestamp for the credential.
properties object
Name value pairs map of Credential's custom properties.
Name value pairs map of Credential's custom properties.
credentialLoginInfo ScimCredentialLoginInfo
SCIM defined complex to hold IDM credential login information. Defined for ScimCredential.
Timestamp of last login of user.
Counter for successful login attempts.
Timestamp of last login failure of user.
Counter for failed login attempts.
The external ID of the used policy.
profiles ScimProfile[]required
List of assigned profiles to the user. At least one is mandatory.
Possible values: [ACTIVE, DISABLED, ARCHIVED]
An enumeration value indicating the profile's administrative status.
Name of the profile.
Description for the profile.
External identifier for the profile. Must be unique.
Indicates it is the default profile of user or not. One and only one must true.
Validity starting timestamp can be defined for the profile.
Validity ending timestamp can be defined for the profile.
External identifier of deputed profile if exists.
Unit external identifier belonging to the client that the profile refers. By default the configured default unit for the client is used to.
properties object
Name value pairs map of Profile's custom properties.
Name value pairs map of Profile's custom properties.
idmAuthorizations ScimIdmAuthorization[]required
IDM role assignments for the profile.
External identifier for the enterprise authorization of profile. Must be unique.
Validity starting timestamp can be defined for the enterprise authorization of profile.
Validity ending timestamp can be defined for the enterprise authorization of profile.
The assigned role external identifier for the authorization of profile.
The user is authorized to manage all clients in the system.
The user is authorized to manage all units in the system.
The user is authorized to manage all applications in the system.
The user is authorized to manage all enterprise roles in the system.
The user is authorized to manage the selected clients in case all clients flag is false.
The user is authorized to manage the selected applications in case all applications flag is false.
authorizedUnitExtIdSetForClients object
The user is authorized to manage the selected client:units associations in case all units flag is false.
property name* string[]
The user is authorized to manage the selected client:units associations in case all units flag is false.
string
authorizedEnterpriseRoleExtIdSetForClients object
The user is authorized to manage the selected client:enterprise-roles associations in case all roles flag is false.
property name* string[]
The user is authorized to manage the selected client:enterprise-roles associations in case all roles flag is false.
string
appAuthorizations ScimAppAuthorization[]required
Application role assignments for the profile.
External identifier for the enterprise authorization of profile. Must be unique.
Validity starting timestamp can be defined for the enterprise authorization of profile.
Validity ending timestamp can be defined for the enterprise authorization of profile.
The assigned role external identifier for the authorization of profile.
properties object
Name value pairs map of Authorization's custom properties.
Name value pairs map of Authorization's custom properties.
enterpriseAuthorizations ScimEnterpriseAuthorization[]required
Enterprise role assignments for the profile.
External identifier for the enterprise authorization of profile. Must be unique.
Validity starting timestamp can be defined for the enterprise authorization of profile.
Validity ending timestamp can be defined for the enterprise authorization of profile.
The assigned role external identifier for the authorization of profile.
properties object
Name value pairs map of User's custom properties.
Name value pairs map of User's custom properties.
loginInfo ScimLoginInfo
SCIM defined complex to hold IDM user login information. Defined for ScimUserExtension.
Timestamp of last login of user.
Timestamp of last login failure of user.
extensions object
Possible list of extensions. Only the 'urn:nevis:idm:scim:schemas:v1:extension:User' extension is supported.
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "100-100",
"externalId": "100",
"meta": {
"resourceType": "User",
"created": "2022-02-20T18:50:02Z",
"lastModified": "2022-02-20T18:51:30Z",
"version": "v2"
},
"userName": "bootstrap",
"name": "Strap",
"displayName": "Ms. Barbara J Jensen, III.",
"preferredLanguage": "en",
"locale": "ch",
"active": true,
"emails": [
{
"value": "[email protected]"
}
],
"phoneNumbers": [
{
"value": "555-555-5555",
"type": "telephone"
}
],
"addresses": [
{
"streetAddress": "100 Universal City Plaza",
"locality": "Hollywood",
"region": "CA",
"postalCode": "91608",
"country": "US"
}
],
"urn:nevis:idm:scim:schemas:v1:extension:User": {
"remarks": "Some description.",
"sex": "male",
"birthDate": "2024-07-29T15:51:28.071Z",
"validFrom": "2024-07-29T15:51:28.071Z",
"validTo": "2024-07-29T15:51:28.071Z",
"technical": false,
"street": "Schwarze-Bären-Straße",
"houseNumber": "6",
"dwellingNumber": "6",
"postOfficeBoxText": "Smith's",
"postOfficeBoxNumber": 9054,
"templateCollectionName": "Default",
"credentials": [
{
"extid": "100",
"type": "PASSWORD",
"active": true,
"password": "secret"
}
],
"profiles": [
{
"active": true,
"name": "profile100",
"extid": "100",
"defaultProfile": true
}
],
"properties": "{\"property1\": \"123\"}, {\"property2\": \"456\"}",
"loginInfo": {
"lastLogin": "2021-11-29T17:16:32:11.123",
"lastFailure": "2021-11-29T17:16:26:54.123"
}
},
"extensions": {}
}
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:nevis:idm:scim:schemas:v1:extension:User"
],
"id": "100-1001",
"externalId": "1001",
"userName": "jdoe",
"name": {
"formatted": "John Doe",
"familyName": "Doe",
"givenName": "John"
},
"displayName": "John Doe",
"preferredLanguage": "en",
"locale": "US",
"active": true,
"emails": [{"value": "[email protected]"}],
"phoneNumbers": [{"value": "555-555-5555", "type": "telephone"}],
"addresses": [
{
"streetAddress": "100 Universal City Plaza",
"locality": "Hollywood",
"postalCode": "91608",
"country": "US"
}
],
"meta": {
"resourceType": "User",
"created": "2024-01-15T10:30:00.000",
"lastModified": "2024-01-15T10:30:00.000",
"location": "https://idm.example.com/nevisidm/api/scim/v1/100/Users/100-1001"
}
}
Invalid SCIM request
- application/json
- Schema
- Example (from schema)
- User ID not parseable
- User does not belong to client
- Patch operation failed
Schema
An array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas that define the attributes present in the current JSON structure.
status HttpStatusCoderequired
The HTTP status code.
Possible values: [invalidFilter, tooMany, uniqueness, mutability, invalidSyntax, invalidPath, noTarget, invalidValue, invalidVers, sensitive]
A SCIM detail error keyword.
A detailed human-readable message.
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"status": 400,
"scimType": "invalidValue",
"detail": "The requested user '999' does not exist in IDM database."
}
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:Error"],
"status": "BAD_REQUEST",
"scimType": "invalidValue",
"detail": "The requested user 'abc' cannot be parsed as number."
}
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:Error"],
"status": "BAD_REQUEST",
"scimType": "invalidValue",
"detail": "The requested user does not belong to the actual client."
}
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:Error"],
"status": "BAD_REQUEST",
"scimType": "invalidValue",
"detail": "Cannot perform operation #1, because the credential does not exist"
}
SCIM user not found
- application/json
- Schema
- Example (from schema)
- User not found
Schema
An array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas that define the attributes present in the current JSON structure.
status HttpStatusCoderequired
The HTTP status code.
Possible values: [invalidFilter, tooMany, uniqueness, mutability, invalidSyntax, invalidPath, noTarget, invalidValue, invalidVers, sensitive]
A SCIM detail error keyword.
A detailed human-readable message.
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"status": 400,
"scimType": "invalidValue",
"detail": "The requested user '999' does not exist in IDM database."
}
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:Error"],
"status": "NOT_FOUND",
"scimType": "invalidValue",
"detail": "The requested user '999' does not exist in IDM database."
}
Request body parse error
- application/json
- Schema
- Example (from schema)
- JSON parse error
Schema
An array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas that define the attributes present in the current JSON structure.
status HttpStatusCoderequired
The HTTP status code.
Possible values: [invalidFilter, tooMany, uniqueness, mutability, invalidSyntax, invalidPath, noTarget, invalidValue, invalidVers, sensitive]
A SCIM detail error keyword.
A detailed human-readable message.
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"status": 400,
"scimType": "invalidValue",
"detail": "The requested user '999' does not exist in IDM database."
}
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:Error"],
"status": "UNPROCESSABLE_ENTITY",
"scimType": "invalidSyntax",
"detail": "JSON parse error: Unexpected character ('x' (code 120))"
}