nevisIDM SCIM REST API
Introduction
The nevisIDM SCIM REST API enables to query and manipulate the managed identity objects in nevisIDM using CRUD operations. CRUD stands for Creating, Reading and Deleting resources.
Relationships between two resources are defined by mostly by containment.
The nevisIDM SCIM API also provides access to the properties of the different objects. Properties are dynamic parameters that contain additional, Customer-specific information about an object.
Tags
since 2.85
New calls are annotated with the nevisIDM version from which they are available from.
Deprecated
Calls that can no longer be used are marked with the DEPRECATED tag.
Common errors
HTTP response codes
The following common error codes are available:
- 401 - The caller user is unauthorized (not logged in).
- 403 - The caller user has no right to access the target data room or entity type.
- 404 - There is no entity with the external ID set in the request URI, that is, the requested entity could not be found.
- 409 - The request could not be completed due to a conflict with the current state of the target resource. For example, the target resource may have been modified concurrently.
- 422 - The request format is valid, but the values are violating business rules. For example, a mandatory value is missing, a read-only value is changed, or a value represents an invalid state. This error code always refers to business errors.
- 500 - A technical, non-business-related error occurred on the server side.
Important notes
- The nevisIDM SCIM API is an individual API. Its versioning is independent from other APIs.
- You have to be logged in to nevisIDM so that you can use the nevisIDM REST API. except specified meta Endpoints
- The data room concept is valid for this API (see the nevisIDM reference guide, chapter “Authorization in nevisIDM”). This means that you might receive different result sets and might be able to create or modify different resources than another caller, depending on the nevisIDM roles assigned to you.
- All data that goes through the REST API is validated on the server side before processing. It is important, however, that you validate the data on the client side as well.
SCIM REST Service
SCIM Error DTO
In addition to returning an HTTP response code the SCIM server must response the errors in the body as a JSON format. The SCIM Error DTO has the following parameters:
- schemas - An array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas that define the attributes present in the current JSON structure (list, string).
- status - The HTTP status code (number)
- scimType - A SCIM detail error keyword (string)
- INVALID_FILTER
- TOO_MANY
- UNIQUENESS
- MUTABILITY
- INVALID_SYNTAX
- INVALID_PATH
- NO_TARGET
- INVALID_VALUE
- INVALID_VERS
- SENSITIVE.
- detail - A detailed human-readable message (string).
Scim ScimListResponse DTO
SCIM defined list response. The SCIM ListResponse DTO has the following parameters:
- schemas - An array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas that define the attributes present in the current JSON structure (list, string).
- totalResults - Number of total results (number).
- itemsPerPage - Number of results in a single response. By default 10. Controlled by ‘count’ request parameter (number).
- startIndex - Start index of current result. By default 1. Controlled by ‘startIndex’ request parameter (number).
- Resources - Array of SCIM resources. For example array of users (list).
Scim ScimBulkResponse DTO
SCIM defined complex to hold SCIM bulk operations response. The ScimBulkResponse DTO has the following parameters:
- Operations - List of operations performed (list).
- method - HTTP method that indicates the operation to be performed (string, enum).
- POST
- GET
- DELETE
- bulkId - Identifier of the single operations in the response (string, optional).
- version - The current resource version to supports entity-tags (ETags). (string, optional).
- location - Resource URI to get the single SCIM resource (string, optional).
- response - The HTTP response body for the specified request operation. Included with a response with an HTTP status other than a 200-series response (string, optional).
- status - HTTP status that indicates the result status of performed operation (number).
- method - HTTP method that indicates the operation to be performed (string, enum).
- meta - Meta information of the Resource (object).
- resourceType - The name of the resource type of the resource (string, optional).
- created - The date and time that the resource was added to the service provider (string, optional).
- lastModified - The most recent date and time that the details of this resource were updated at the service provider (string, optional).
- location - The URI of the resource being returned (string, optional).
- version - The version of the resource being returned (string, optional).
Scim ScimBulkRequest DTO
SCIM defined complex to hold SCIM bulk operations request. The ScimBulkRequest DTO has the following parameters:
Mandatory
- schemas - An array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas that define the attributes present in the current JSON structure (list, string).
- Operations - List of operations to be performed (list).
- method - HTTP method that indicates the operation to be performed (string, enum)
- POST
- DELETE
- GET
- bulkId - Identifier to identify the single operations in the response (string, optional).
- version - The current resource version to supports entity-tags (ETags) (string, optional).
- path - SCIM resource path. Currently only one path is supported: /Users (string).
- data - Resource data for the operation, for example in case of POST operation the SCIM User instance to be created. Currently only the User resource is supported as input data (object, optional).
- method - HTTP method that indicates the operation to be performed (string, enum)
- meta - Meta information of the Resource (object).
- resourceType - The name of the resource type of the resource (string, optional).
- created - The date and time that the resource was added to the service provider (string, optional).
- lastModified - The most recent date and time that the details of this resource were updated at the service provider (string, optional ).
- location - The URI of the resource being returned (string, optional).
- version - The version of the resource being returned (string, optional).
Optional
- failOnErrors - An integer specifying the number of errors that the service provider will accept before the operation is terminated and an error response is returned. (number)
Scim ScimCredentialGeneric DTO
SCIM defined complex to hold IDM generic credentials. Defined for ScimUserExtension. The SCIM CredentialGeneric DTO has the following parameters:
Mandatory
- type - Type of the credential (string, enum).
- GENERIC
- state - An Enum value indicating the Credential’s administrative status (enum).
- Available values:
- INITIAL,
- ACTIVE,
- TMP_LOCKED,
- FAIL_LOCKED,
- RESET_CODE,
- ADMIN_CHANGED,
- DISABLED,
- ARCHIVED
- Available values:
- validFrom - Validity starting timestamp for the credential (string).
- validTo - Validity ending timestamp for the credential (string).
- generic - Value of the generic credential (string).
Optional
- extId - External identifier for the credential. Must be unique (string).
- name - Name attribute of the credential (string).
- policyExtId - The external ID of the used policy. The default policy will be set if it is null (string).
- properties - Name value pairs map of Credential’s custom properties (map<string, string>).
Scim ScimCredentialPassword DTO
SCIM defined complex to hold IDM password credentials. Defined for ScimUserExtension. The SCIM CredentialPassword DTO has the following parameters:
Mandatory
- type - Type of the credential (string, enum).
- PASSWORD
- state - An Enum value indicating the Credential’s administrative status (enum).
- Available values:
- INITIAL,
- ACTIVE,
- TMP_LOCKED,
- FAIL_LOCKED,
- RESET_CODE,
- ADMIN_CHANGED,
- DISABLED,
- ARCHIVED
- Available values:
- validFrom - Validity starting timestamp for the credential (string).
- validTo - Validity ending timestamp for the credential (string).
- password - Hashed password value with message digest algorithm prefix. The prefix must be a valid message digest algorithm and the content must be base64 encoded byte array where the extra part after the requested number of bytes by the algorithm is used as salt. Without algorithm prefix the value is used as plain text value and it is being hashed with default password hashing algorithm (SSHA256). SSHA is alias for SHA and SSHA256 is alias for SHA-256 algorithms (string).
Optional
- extId - External identifier for the credential. Must be unique (string).
- name - Name attribute of the credential (string).
- policyExtId - The external ID of the used policy. The default policy will be set if it is null (string).
Scim ScimCredentialOTP DTO
SCIM defined complex to hold IDM OTP credentials. Defined for ScimUserExtension. The SCIM CredentialOTP DTO has the following parameters:
Mandatory
- type - Type of the credential (string, enum).
- OTP
- state - An Enum value indicating the Credential’s administrative status (enum).
- Available values:
- INITIAL,
- ACTIVE,
- TMP_LOCKED,
- FAIL_LOCKED,
- RESET_CODE,
- ADMIN_CHANGED,
- DISABLED,
- ARCHIVED
- Available values:
- validFrom - Validity starting timestamp for the credential (string).
- validTo - Validity ending timestamp for the credential (string).
- otp - Indexed table of small passwords. The parts separated by ‘|’ sign by name: rows|cols|counters|card(|latestChallenge). The last part is optional. (string).
- example:
12|14|1001111111111111111100011111111111111111111111111111110111111111111111111111111111111111111111111001|A1=4523 A2=8997 A3=7419 A4=8616 A5=8577 A6=7319 A7=4337 A8=3287 A9=8897 A10=7756 B1=3818 B2=5627 B3=6546 B4=9119 B5=3314 B6=8742 B7=9699 B8=4775 B9=1519 B10=3753 C1=9516 C2=5527 C3=8821 C4=8365 C5=7483 C6=5639 C7=6963 C8=8183 C9=2481 C10=3821 D1=4383 D2=7841 D3=6662 D4=4394 D5=3419 D6=8638 D7=3871 D8=2425 D9=4249 D10=9288 E1=9967 E2=9726 E3=7288 E4=3695 E5=9871 E6=6878 E7=9933 E8=7487 E9=9713 E10=5612 F1=2549 F2=6425 F3=1947 F4=6561 F5=6284 F6=9484 F7=2229 F8=1477 F9=1941 F10=7822 G1=7624 G2=6656 G3=9529 G4=3943 G5=1377 G6=3676 G7=6362 G8=1112 G9=9387 G10=1558 H1=1211 H2=2737 H3=2647 H4=3334 H5=1171 H6=6636 H7=4676 H8=8637 H9=5917 H10=5234 I1=7337 I2=2371 I3=9634 I4=3912 I5=9485 I6=5584 I7=3212 I8=5845 I9=7143 I10=7845 J1=7481 J2=5913 J3=1162 J4=2973 J5=8658 J6=4928 J7=6184 J8=6784 J9=2648 J10=1985
* example:
100|10|111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111|001=N8BZ 013=GJRT 025=AMNC 037=9TWY 049=CF2R 061=K4QU 073=NG5S 085=N5DK 097=WE8D 109=A163 121=JA45 133=LPG8 145=KTEV 157=33TT 002=5NDE 014=Z5BB 026=7PMF 038=1H8G 050=L1N4 062=JNZ1 074=NE1Y 086=KYNS 098=ZBQC 110=BNW4 122=Y85V 134=WZ23 146=ARNG 158=7AS7 003=7JZK 015=S4P2 027=T23J 039=PT7W 051=6ZSP 063=LM63 075=2JNX 087=887E 099=LAPE 111=3Y62 123=TVEM 135=48FW 147=PCMS 159=5W79 004=7L4Y 016=UTNS 028=TZFF 040=A49Q 052=QSN2 064=DWMF 076=5XQS 088=RHAT 100=RZUA 112=HMH4 124=SF93 136=R8V3 148=YPZN 160=XF8J 005=VR7L 017=E772 029=QMVH 041=WR2X 053=ZELR 065=1DU7 077=UFHC 089=GQWU 101=G1E5 113=QP37 125=4M4J 137=U9FY 149=MRYS 161=K259 006=T6LH 018=JLZ5 030=X3MV 042=KZRF 054=VFJP 066=CCKE 078=FJ3P 090=45J9 102=FE5J 114=GRL8 126=AGP2 138=HVHR 150=Z7TK 162=S9U6 007=U12Q 019=4EUE 031=VGYU 043=EYLX 055=1PL2 067=C3M2 079=S9U1 091=P2HJ 103=NSGC 115=F92M 127=QM25 139=D5ZX 151=EHSQ 163=QRDH 008=Y1KH 020=6RW5 032=K4UG 044=SKC8 056=TBT3 068=URHU 080=2BKR 092=764J 104=KXCD 116=X8T7 128=NGBT 140=32VB 152=2DFJ 164=MPPU 009=AP4M 021=AYYG 033=Y2K2 045=81AC 057=8Y47 069=4ZN4 081=GFNK 093=V52G 105=DB3C 117=VP5E 129=VCQ3 141=7NJ3 153=P5XE 165=5W7W 010=7KXP 022=HAC8 034=TCQJ 046=QE97 058=GJLE 070=7G4F 082=SUZL 094=8QBH 106=HEJ1 118=1L9K 130=13W5 142=Z7FV 154=L8X2 166=ZXYU 011=GTTU 023=DU23 035=W7DJ 047=CTQZ 059=NJ6F 071=GNQ3 083=41KP 095=Z6RY 107=RYEF 119=EXWZ 131=B8R3 143=717Z 155=HT9H 167=8GNB 012=H5JJ 024=JQZA 036=RJPD 048=EVRM 060=EU3D 072=FY9R 084=JNKE 096=3ETU 108=5GB7 120=1LCR 132=JFXY 144=MEX8 156=AKMT 168=P14E
Optional
- extId - External identifier for the credential. Must be unique (string).
- name - Name attribute of the credential (string).
- policyExtId - The external ID of the used policy. The default policy will be set if it is null (string).
Scim ScimCredentialContextPassword DTO
SCIM defined complex to hold IDM context password credentials. Defined for ScimUserExtension. The SCIM CredentialContextPassword DTO has the following parameters:
Mandatory
- type - Type of the credential (string, enum).
- CONTEXTPASSWORD
- state - An Enum value indicating the Credential’s administrative status (enum).
- Available values:
- INITIAL,
- ACTIVE,
- TMP_LOCKED,
- FAIL_LOCKED,
- RESET_CODE,
- ADMIN_CHANGED,
- DISABLED,
- ARCHIVED
- Available values:
- validFrom - Validity starting timestamp for the credential (string).
- validTo - Validity ending timestamp for the credential (string).
- password - Hashed password value with message digest algorithm prefix. The prefix must be a valid message digest algorithm and the content must be base64 encoded byte array where the extra part after the requested number of bytes by the algorithm is used as salt. Without algorithm prefix the value is used as plain text value and it is being hashed with default password hashing algorithm (SSHA256). SSHA is alias for SHA and SSHA256 is alias for SHA-256 algorithms. With the right policy, it is possible to encrypt the password instead of hashing it (string).
- example:
{SHA-256}eje4XIkY6sGakInA+loqtNzj+QUo3N7sEIsj3fNge5lzYWx0 - example:
exampleEncryptWithRightPolicy!
- example:
- context - In order to log in using the context password, the context must be given by the user, which uniquely defines which context password to use.
- example: testContext
Optional
- extId - External identifier for the credential. Must be unique (string).
- name - Name attribute of the credential (string).
- policyExtId - The external ID of the used policy. The default policy will be set if it is null (string).
Scim ScimCredentialTicket DTO
SCIM defined complex to hold IDM ticket credentials. Defined for ScimUserExtension. The SCIM CredentialTicket DTO has the following parameters:
Mandatory
- type - Type of the credential (string, enum).
- TICKET
- state - An Enum value indicating the Credential’s administrative status (enum).
- Available values:
- INITIAL,
- ACTIVE,
- TMP_LOCKED,
- FAIL_LOCKED,
- RESET_CODE,
- ADMIN_CHANGED,
- DISABLED,
- ARCHIVED
- Available values:
- validFrom - Validity starting timestamp for the credential (string).
- validTo - Validity ending timestamp for the credential (string).
- ticket - Hashed ticket value with message digest algorithm prefix (string).
Optional
- extId - External identifier for the credential. Must be unique (string).
- name - Name attribute of the credential (string).
- policyExtId - The external ID of the used policy. The default policy will be set if it is null (string).
Scim ScimCredentialMTan DTO
SCIM defined complex to hold IDM mTAN credentials. Defined for ScimUserExtension. The SCIM CredentialMTan DTO has the following parameters:
Mandatory
- type - Type of the credential (string, enum).
- MTAN
- state - An Enum value indicating the Credential’s administrative status (enum).
- Available values:
- INITIAL,
- ACTIVE,
- TMP_LOCKED,
- FAIL_LOCKED,
- RESET_CODE,
- ADMIN_CHANGED,
- DISABLED,
- ARCHIVED
- Available values:
- validFrom - Validity starting timestamp for the credential (string).
- validTo - Validity ending timestamp for the credential (string).
- context - Mobile number which is in raw or E164 format (string).
- example:
- raw:
06401234567, - E164:
+41401234567
- raw:
- example:
Optional
- extId - External identifier for the credential. Must be unique (string).
- name - Name attribute of the credential (string).
- policyExtId - The external ID of the used policy. The default policy will be set if it is null (string).
Scim ScimCredentialRecoveryCode DTO
SCIM defined complex to hold IDM Recovery Code credentials. Defined for ScimUserExtension. The SCIM CredentialRecoveryCode DTO has the following parameters:
Mandatory
- type - Type of the credential (string, enum).
- RECOVERY_CODE
- state - An Enum value indicating the Credential’s administrative status (enum).
- Available values:
- INITIAL,
- ACTIVE,
- TMP_LOCKED,
- FAIL_LOCKED,
- RESET_CODE,
- ADMIN_CHANGED,
- DISABLED,
- ARCHIVED
- Available values:
- validFrom - Validity starting timestamp for the credential (string).
- validTo - Validity ending timestamp for the credential (string).
- codes - Array of Recovery Codes with a date of use (list)
- usageDate - Date of use in ISO 8601 date and time format. The value is null if the code is not used. (string).
- example:
2022-07-25T07:23:05
- example:
- code - Recovery codes, which are random String values of 16 characters of upper or lower case ASCII characters or numbers separated by dashes (string).
- example:
Az09-Az09-Az09-Az09
- example:
- usageDate - Date of use in ISO 8601 date and time format. The value is null if the code is not used. (string).
Optional
- extId - External identifier for the credential. Must be unique (string).
- name - Name attribute of the credential (string).
Scim ScimCredentialTempStrongPassword DTO
SCIM defined complex to hold IDM Temporary Strong Password credentials. Defined for ScimUserExtension. The SCIM CredentialTempStrongPassword DTO has the following parameters:
Mandatory
- type - Type of the credential (string, enum).
- TEMPSTRONGPASSWORD
- state - An Enum value indicating the Credential’s administrative status (enum).
- Available values:
- INITIAL,
- ACTIVE,
- TMP_LOCKED,
- FAIL_LOCKED,
- RESET_CODE,
- ADMIN_CHANGED,
- DISABLED,
- ARCHIVED
- Available values:
- validFrom - Validity starting timestamp for the credential (string).
- validTo - Validity ending timestamp for the credential (string).
- tempStrongPassword - Hashed password value with message digest algorithm prefix. The prefix must be a valid message digest algorithm and the content must be base64 encoded byte array where the extra part after the requested number of bytes by the algorithm is used as salt. Without algorithm prefix the value is used as plain text value and it is being hashed with default password hashing algorithm (SSHA256). SSHA is alias for SHA and SSHA256 is alias for SHA-256 algorithms. This password is only valid for a single login operation. Therefore, it could also be described as a one-time password credential, which is considered an exceptionally strong authentication method (string).
Optional
- extId - External identifier for the credential. Must be unique (string).
- name - Name attribute of the credential (string).
- policyExtId - The external ID of the used policy. The default policy will be set if it is null (string).
Scim ScimCredentialSafeWordUser DTO
SCIM defined complex to hold IDM safe word user credentials. Defined for ScimUserExtension. The SCIM CredentialSafeWordUser DTO has the following parameters:
Mandatory
- type - Type of the credential (string, enum).
- SAFEWORDUSER
- state - An Enum value indicating the Credential’s administrative status (enum).
- Available values:
- INITIAL,
- ACTIVE,
- TMP_LOCKED,
- FAIL_LOCKED,
- RESET_CODE,
- ADMIN_CHANGED,
- DISABLED,
- ARCHIVED
- Available values:
- validFrom - Validity starting timestamp for the credential (string).
- validTo - Validity ending timestamp for the credential (string).
- username - The content of the safe word credential (string).
Optional
- extId - External identifier for the credential. Must be unique (string).
- name - Name attribute of the credential (string).
Scim ScimCredentialSecurId DTO
SCIM defined complex to hold IDM SecurID credentials. Defined for ScimUserExtension. The SCIM CredentialSecurId DTO has the following parameters:
Mandatory
- type - Type of the credential (string, enum).
- SECURID
- state - An Enum value indicating the Credential’s administrative status (enum).
- Available values:
- INITIAL,
- ACTIVE,
- TMP_LOCKED,
- FAIL_LOCKED,
- RESET_CODE,
- ADMIN_CHANGED,
- DISABLED,
- ARCHIVED
- Available values:
- validFrom - Validity starting timestamp for the credential (string).
- validTo - Validity ending timestamp for the credential (string).
- username - The SecurID username. (string).
Optional
- extId - External identifier for the credential. Must be unique (string).
- name - Name attribute of the credential (string).
Scim ScimCredentialPuk DTO
SCIM defined complex to hold IDM puk credentials. Defined for ScimUserExtension. The SCIM CredentialPuk DTO has the following parameters:
Mandatory
- type - Type of the credential (string, enum).
- PUK
- state - An Enum value indicating the Credential’s administrative status (enum).
- Available values:
- INITIAL,
- ACTIVE,
- TMP_LOCKED,
- FAIL_LOCKED,
- RESET_CODE,
- ADMIN_CHANGED,
- DISABLED,
- ARCHIVED
- Available values:
- validFrom - Validity starting timestamp for the credential (string).
- validTo - Validity ending timestamp for the credential (string).
- puk - Hashed ticket value with message digest algorithm prefix. Without algorithm prefix the value is used as plain text value and it is being hashed with default hashing algorithm (SSHA256). SSHA is alias for SHA and SSHA256 is alias for SHA-256 algorithms (string).
Optional
- extId - External identifier for the credential. Must be unique (string).
- name - Name attribute of the credential (string).
- policyExtId - The external ID of the used policy. The default policy will be set if it is null (string).
Scim ScimCredentialCertInfo DTO
SCIM defined complex to hold IDM certificate credentials. Defined for ScimUserExtension. The SCIM CredentialCertInfo DTO has the following parameters:
Mandatory
- type - Type of the credential (string, enum).
- CERTIFICATE
- state - An Enum value indicating the Credential’s administrative status (enum).
- Available values:
- INITIAL,
- ACTIVE,
- TMP_LOCKED,
- FAIL_LOCKED,
- RESET_CODE,
- ADMIN_CHANGED,
- DISABLED,
- ARCHIVED
- Available values:
- validFrom - Validity starting timestamp for the credential (string).
- validTo - Validity ending timestamp for the credential (string).
- certificate - The certificate value of the credential (string).
- example:
-----BEGIN CERTIFICATE----- MIIFSDCCBDCg........................................ -----END CERTIFICATE-----
- example:
Optional
- extId - External identifier for the credential. Must be unique (string).
- name - Name attribute of the credential (string).
- policyExtId - The external ID of the used policy. The default policy will be set if it is null (string).
- properties - Name value pairs map of Credential’s custom properties (map<string, string>).
- subjectDN - DN of the subject (string).
- example:
CN=www.getCertificateSUBJECT_DN.com
- example:
- issuerDN - DN of the issuer (string).
- example:
CN=www.getCertificateISSUER_DN.com
- example:
- fingerprint - Fingerprint of the certificate in hexbyte-colon notation (string).
- example:
42:2D:4D:16:47:C5:FC:46:8F:1D:97:3E:DB:8B:4B:60:56:F1:D7:A7
- example:
- serial - Serial number (string).
- example:
12944643904094573006
- example:
- subjectKeyIdentifier - The subject key identifier extension stored in the certificate credential (string).
- example:
1178e0b26a1f4df8c706c51437157cce56f80316
- example:
Scim ScimCredentialFido2 DTO
SCIM defined complex to hold IDM FIDO2 credentials. Defined for ScimUserExtension. The SCIM CredentialFido2 DTO has the following parameters:
Mandatory
- type - Type of the credential (string, enum).
- FIDO2
- state - An Enum value indicating the Credential’s administrative status (enum).
- Available values:
- INITIAL,
- ACTIVE,
- TMP_LOCKED,
- FAIL_LOCKED,
- RESET_CODE,
- ADMIN_CHANGED,
- DISABLED,
- ARCHIVED
- Available values:
- validFrom - Validity starting timestamp for the credential (string).
- validTo - Validity ending timestamp for the credential (string).
- aaguid - A 128-bit identifier indicating the type (e.g. make and model) of the authenticator (string).
- attestationConveyancePreference - The server’s preference on how it would like to verify the attestations of the authenticators (string).
- authenticator - CBOR serialized authenticator object (string).
- hashedFido2CredentialId - The hashed credential ID generated by the authenticator. It may contain the encrypted private key of the client (string).
- rpId - Domain name of Relying Party (string).
- residentKeyRequirement - Whether the server is willing to accept residental keys (i.e. whether storing the webauthn private key encrypted on the server side is okay or not) (string).
- userAgent - User agent used by the AuthCloud team, no FIDO2 relation (string).
- userFriendlyName - The technical process by which an authenticator locally authorizes the invocation of the authenticatorMakeCredential and authenticatorGetAssertion operations (i.e. grants access for the user to proceed with the WebAuthn flows) (string).
- userVerificationRequirement - The technical process by which an authenticator locally authorizes the invocation of the authenticatorMakeCredential and authenticatorGetAssertion operations (i.e. grants access for the user to proceed with the WebAuthn flows) (string).
Optional
- extId - External identifier for the credential. Must be unique (string).
- name - Name attribute of the credential (string).
- authenticatorAttachment - Defines how the authenticator is accessed by the WebAuthn client, i.e. where the authenticator is at (string).
Scim ScimCredentialFidoUaf DTO
SCIM defined complex to hold IDM FIDO UAF credentials. Defined for ScimUserExtension. The SCIM CredentialFidoUaf DTO has the following parameters:
Mandatory
- type - Type of the credential (string, enum).
- FIDO_UAF
- state - An Enum value indicating the Credential’s administrative status (enum).
- Available values:
- INITIAL,
- ACTIVE,
- TMP_LOCKED,
- FAIL_LOCKED,
- RESET_CODE,
- ADMIN_CHANGED,
- DISABLED,
- ARCHIVED
- Available values:
- validFrom - Validity starting timestamp for the credential (string).
- validTo - Validity ending timestamp for the credential (string).
- aaid - The authenticator attestation identifier. The aaid is a unique identifier assigned to a model, class or batch of FIDO authenticators that all share the same characteristics. Has to match the regex ^[0-9a-fA-F]{4}#[0-9a-fA-F]{4}$ (string).
- example:
aaaa#a26c
- example:
- keyId - The key identifier of the authenticator’s registered key (string).
- authenticatorVersion - The version of the authenticator (integer).
- appId - OS-specific ID of the application that uses the FIDO credential (string).
- publicKeyAlgorithm - Public key algorithm used for the public key in the authenticator record. You need this information in order to know how to decode the key later on (string).
- publicKey - The user authentication public key generated by the FIDO authenticator during the registration process. The key is stored in the credential attribute value (string).
Optional
- extId - External identifier for the credential. Must be unique (string).
- name - Name attribute of the credential (string).
- deviceId - The device identifier obtained from a push service, which sends push messages to this specific device (string).
- signCounter - Indicates how many times this authenticator has performed signatures in the past (integer).
Scim ScimCredentialKerberos DTO
SCIM defined complex to hold IDM kerberos credentials. Defined for ScimUserExtension. The SCIM CredentialKerberos DTO has the following parameters:
Mandatory
- type - Type of the credential (string, enum).
- KERBEROS
- state - An Enum value indicating the Credential’s administrative status (enum).
- Available values:
- INITIAL,
- ACTIVE,
- TMP_LOCKED,
- FAIL_LOCKED,
- RESET_CODE,
- ADMIN_CHANGED,
- DISABLED,
- ARCHIVED
- Available values:
- validFrom - Validity starting timestamp for the credential (string).
- validTo - Validity ending timestamp for the credential (string).
- kerberosId - Identifier of the credential (string).
Optional
- extId - External identifier for the credential. Must be unique (string).
- name - Name attribute of the credential (string).
Scim ScimCredentialVasco DTO
SCIM defined complex to hold IDM Vasco credentials. Defined for ScimUserExtension. If creating a new Credential, the SCIM CredentialVasco DTO has the following parameters:
Mandatory
- type - Type of the credential (string, enum).
- VASCO
- extId - External identifier for the credential. (string).
- state - An Enum value indicating the Credential’s administrative status (enum).
- Available values:
- INITIAL,
- ACTIVE,
- TMP_LOCKED,
- FAIL_LOCKED,
- RESET_CODE,
- ADMIN_CHANGED,
- DISABLED,
- ARCHIVED
- Available values:
- validFrom - Validity starting timestamp for the credential (string).
- validTo - Validity ending timestamp for the credential (string).
- tokens - Array of Vasco digipass tokens with the authentication mode (list)
- vascoDpToken:
- authMode - The authentication use case the data block is used for. Possible options: RO, CR, SG, MM, UL (string).
- data - The Vasco Digipass data block (string).
- vascoDpToken:
Optional
- name - Name attribute of the credential (string).
- policyExtId - The external ID of the used policy. The default policy will be set if it is null (string).
If attaching an existing Vasco Credential to a user, the SCIM CredentialVasco DTO has the following parameters:
Mandatory
- type - Type of the credential (string, enum).
- VASCO
- extId - External identifier for the credential. The extId of the existing credential and the provided extId must be identical. (string).
- state - An Enum value indicating the Credential’s administrative status (enum).
- Available values:
- INITIAL,
- ACTIVE,
- TMP_LOCKED,
- FAIL_LOCKED,
- RESET_CODE,
- ADMIN_CHANGED,
- DISABLED,
- ARCHIVED
- Available values:
If any of the optional parameter is provided, it must match the corresponding parameters of the existing credential.
Optional
- name - Name attribute of the credential (string).
- validFrom - Validity starting timestamp for the credential (string).
- validTo - Validity ending timestamp for the credential (string).
- policyExtId - The external ID of the used policy. The default policy will be set if it is null (string).
- tokens - Array of Vasco digipass tokens with the authentication mode (list)
- vascoDpToken:
- authMode - The authentication use case the data block is used for. Possible options: RO, CR, SG, MM, UL (string).
- data - The Vasco Digipass data block (string).
- vascoDpToken:
Scim ScimCredentialSAMLFederation DTO
SCIM defined complex to hold IDM SAML Federation credentials. Defined for ScimUserExtension. The SCIM SamlFederation DTO has the following parameters:
Mandatory
- type - Type of the credential (string, enum).
- SAMLFEDERATION
- state - An Enum value indicating the Credential’s administrative status (enum).
- Available values:
- INITIAL,
- ACTIVE,
- TMP_LOCKED,
- FAIL_LOCKED,
- RESET_CODE,
- ADMIN_CHANGED,
- DISABLED,
- ARCHIVED
- Available values:
- validFrom - Validity starting timestamp for the credential (string).
- validTo - Validity ending timestamp for the credential (string).
- subjectNameId - Identifies of the subject of the SAML assertion (generally user to be authenticated) (string).
- subjectNameIdFormat - Aligns the expectations between the identity provider and the service provider on the user identity that is communicated. (string).
- issuerNameId - Identifies of the issuer of the SAML assertion (string).
- issuerNameIdFormat - Aligns the expectations between the identity provider and the service provider on the user identity that is communicated (string).
Optional
- extId - External identifier for the credential. Must be unique (string).
- name - Name attribute of the credential (string).
- policyExtId - The external ID of the used policy. The default policy will be set if it is null (string).
- properties - Name value pairs map of Credential’s custom properties (
map<string, string>). - credentialValue - Hashed identification value with optional message digest algorithm prefix. Without algorithm prefix the value is used as plain text input for the default password hashing algorithm. SSHA is alias for SHA-1 and SSHA256 is alias for SHA-256 algorithms (string).
Scim ScimCredentialUrlTicket DTO
SCIM defined complex to hold IDM url ticket credentials. Defined for ScimUserExtension. The SCIM CredentialUrlTicket DTO has the following parameters:
Mandatory
- type - Type of the credential (string, enum).
- URLTICKET
- state - An Enum value indicating the Credential’s administrative status (enum).
- Available values:
- INITIAL,
- ACTIVE,
- TMP_LOCKED,
- FAIL_LOCKED,
- RESET_CODE,
- ADMIN_CHANGED,
- DISABLED,
- ARCHIVED
- Available values:
- validFrom - Validity starting timestamp for the credential (string).
- validTo - Validity ending timestamp for the credential (string).
- identification - Hashed identification value with message digest algorithm prefix. The prefix must be a valid message digest algorithm and the content must be base64 encoded byte array where the extra part after the requested number of bytes by the algorithm is used as salt. Without algorithm prefix the value is used as plain text value and it is being hashed with default password hashing algorithm (SSHA256). SSHA is alias for SHA and SSHA256 is alias for SHA-256 algorithms (string).
Optional
- extId - External identifier for the credential. Must be unique (string).
- name - Name attribute of the credential (string).
- policyExtId - The external ID of the used policy. The default policy will be set if it is null (string).
Scim ScimCredentialMobileSignature DTO
SCIM defined complex to hold IDM mobile signature credentials. Defined for ScimUserExtension. The SCIM CredentialMobileSignature DTO has the following parameters:
Mandatory
- type - Type of the credential (string, enum).
- MOBILESIGNATURE
- state - An Enum value indicating the Credential’s administrative status (enum).
- Available values:
- INITIAL,
- ACTIVE,
- TMP_LOCKED,
- FAIL_LOCKED,
- RESET_CODE,
- ADMIN_CHANGED,
- DISABLED,
- ARCHIVED
- Available values:
- validFrom - Validity starting timestamp for the credential (string).
- validTo - Validity ending timestamp for the credential (string).
- identificator - MSSP-specific identificator of the mobile signature credential. (string).
- msspIdentifier - URI-based identifier of MSSP. (string).
- msisdn - Calling number for mobile device according to ETSI Standard. (string).
Optional
- extId - External identifier for the credential. Must be unique (string).
- name - Name attribute of the credential (string).
- policyExtId - The external ID of the used policy. The default policy will be set if it is null (string).
- properties - Name value pairs map of Credential’s custom properties (
map<string, string>). - signerCert - X509 signer certificate in PEM format. (string).
Scim ScimCredentialDevicePassword DTO
SCIM defined complex to hold IDM device password credentials. Defined for ScimUserExtension. The SCIM CredentialDevicePassword DTO has the following parameters:
Mandatory
- type - Type of the credential (string, enum).
- DEVICEPASSWORD
- state - An Enum value indicating the Credential’s administrative status (enum).
- Available values:
- INITIAL,
- ACTIVE,
- TMP_LOCKED,
- FAIL_LOCKED,
- RESET_CODE,
- ADMIN_CHANGED,
- DISABLED,
- ARCHIVED
- Available values:
- validFrom - Validity starting timestamp for the credential (string).
- validTo - Validity ending timestamp for the credential (string).
- devicepassword - Hashed password value with message digest algorithm prefix. The prefix must be a valid message digest algorithm and the content must be base64 encoded byte array where the extra part after the requested number of bytes by the algorithm is used as salt. Without algorithm prefix the value is used as plain text value and it is being hashed with default password hashing algorithm (SSHA256). SSHA is alias for SHA and SSHA256 is alias for SHA-256 algorithms (string).
Optional
- extId - External identifier for the credential. Must be unique (string).
- name - Name attribute of the credential (string).
- policyExtId - The external ID of the used policy. The default policy will be set if it is null (string).
Scim ScimCredentialOath DTO
SCIM defined complex to hold IDM oath credentials. Defined for ScimUserExtension. The SCIM CredentialOath DTO has the following parameters:
Mandatory
- type - Type of the credential (string, enum).
- OATH
- state - An Enum value indicating the Credential’s administrative status (enum).
- Available values:
- INITIAL,
- ACTIVE,
- TMP_LOCKED,
- FAIL_LOCKED,
- RESET_CODE,
- ADMIN_CHANGED,
- DISABLED,
- ARCHIVED
- Available values:
- validFrom - Validity starting timestamp for the credential (string).
- validTo - Validity ending timestamp for the credential (string).
- hashingAlgorithmId - The ID of the OATH hashing algorithm to use. Possible options: 1 (SHA1), 2 (SHA256), 3 (SHA512) (long).
- example:
1
- example:
- digits - The length of the generated token. Possible options: 6, 7, 8 (integer).
- example:
6
- example:
- authenticationMethodId - The ID of the OATH authentication method to use. Possible options: 1 (HOTP), 2 (TOTP) (long).
- example:
2
- example:
- period - The time window (in seconds) how long a TOTP token is valid. (long).
- example:
30
- example:
- counter - The counter for tokens. This is increased on each successful authentication. (long).
- example:
0
- example:
- isShared - Flag to make sure the credential is only shared once. (boolean).
- example:
true
- example:
- secret - The secret that is required to initialize the mobile application. (string).
- example:
CKV2A2NNYGECFOEJ7ACKMD6C5OSXPQC7
- example:
- context - Context of the credential. This is used as a label for the credential. (string).
- example:
OathCredentialContext
- example:
Optional
- extId - External identifier for the credential. Must be unique (string).
- name - Name attribute of the credential (string).
- policyExtId - The external ID of the used policy. The default policy will be set if it is null (string).
- timeDrift - Detected clock drift for the token in terms of the number of time steps. (long).
- example:
7
- example:
Scim ScimCredentialSecurityQuestion DTO
SCIM defined complex to hold IDM SecurityQuestion credentials. Defined for ScimUserExtension. The SCIM CredentialSecurityQuestion DTO has the following parameters:
Mandatory
- type - Type of the credential (string, enum).
- SECURITYQUESTIONS
- state - An Enum value indicating the Credential’s administrative status (enum).
- Available values:
- INITIAL,
- ACTIVE,
- TMP_LOCKED,
- FAIL_LOCKED,
- RESET_CODE,
- ADMIN_CHANGED,
- DISABLED,
- ARCHIVED
- Available values:
- validFrom - Validity starting timestamp for the credential (string).
- validTo - Validity ending timestamp for the credential (string).
- personalAnswers - Array of personal answers (list).
- personalAnswer:
- content - Symmetrically encrypted answer of user (string).
- revealCount - Number of times the answer has been revealed to an admin. It gets a default value of ‘0’ during credential creation (readonly integer, optional).
- successCount - Number of times the answer has been verified. It gets a default value of ‘0’ during credential creation (readonly integer, optional).
- failureCount - Number of times the security question was answered incorrectly. It gets a default value of ‘0’ during credential creation (readonly integer, optional).
- personalQuestionExtId - External identifier of the answer’s question (string).
- personalAnswer:
Optional
- extId - External identifier for the credential. Must be unique (string).
- name - Name attribute of the credential (string).
- policyExtId - The external ID of the used policy. The default policy will be set if it is null (string).
- properties - Name value pairs map of Credential’s custom properties (
map<string, string>).
Scim ScimUser DTO with IDM extension
SCIM provides a resource type for “User” resources. The SCIM User DTO with IDM’s UserExtension has the following parameters:
Mandatory
- schemas - An array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas that define the attributes present in the current JSON structure (list, string).
- userName - Unique identifier for the User for the actual customer. This is mapped to the loginId property of User (string).
- name - The components of the user’s name complex type. This is mapped to name, firstName, remarks… properties of User (object).
- formatted - The full name, including all middle names, titles, and suffixes. This is not mapped for input, just generated for output. (string, optional).
- familyName - The family name of the User, or Last Name in most Western languages. This is mapped to name property of User (string, optional).
- givenName - The given name of the User, or First Name in most Western languages. This is mapped to firstName attribute of User (string, optional).
- middleName - The middle name(s) of the User. This is not mapped to any property of User, yet (string, optional).
- honorificPrefix - The honorific prefix(es) of the User, or Title in most Western languages. This is mapped to title property of User (string, optional).
- active - A Boolean value indicating the User’s administrative status. This it mapped to status property of User (string).
- emails - E-mail addresses for the user. The IDM can accept only one email address. By default the email address is mandatory and must be unique. This is mapped to email and uniqueEmail properties of User (list).
- addresses - Physical mailing addresses for this User. The IDM can accept only one address. This is mapped to country, city, postalcode, addressline2 and addressline1 properties of User (list).
- formatted - The full mailing address, formatted for display or for label. This is not mapped for input, just generated for output (string, optional).
- streetAddress - The full street address component. This part is mapped to addressline1 and addressline2 properties of User with separating new line character (only one supported) (string, optional).
- locality - The city or locality component. This part is mapped to city property of User (string, optional).
- region - The state or region component. This part is not mapped to any property of User, yet (string, optional).
- postalCode - The zipcode or postal code component. This part is mapped to postalcode property of User (string, optional).
- country - The country name component. This part is mapped to country property of User (string, optional).
- type - A label indicating the attribute’s function; e.g. work or home. This part is not mapped to any property of User, yet (string, optional).
- primary - A Boolean value indicating the ‘primary’ or preferred. This part is not mapped to any property of User, yet (boolean, optional).
- urn:nevis:idm:scim:schemas:v1:extension:User - SCIM User IDM extension for properties in IDM “User” that has not been covered by the ScimUser (object).
- remarks - Description for the user (string, optional).
- sex - Gender of the user (string, optional).
- birthDate - Birthdate of the user (string, optional).
- validFrom - Validity starting timestamp can be defined for the user (string, optional).
- validTo - Validity ending timestamp can be defined for the user (string, optional).
- technical - Indicates if it the user is technical or not (boolean).
- street - Street name of user’s address (string, optional).
- houseNumber - House number of user’s address (string, optional).
- dwellingNumber - Property unit number of user’s address (string, optional).
- postOfficeBoxText - Post office box text of user’s address (string, optional).
- postOfficeBoxNumber - Post office box number of user’s address (string, optional).
- templateCollectionName - Name of template collection assigned to the user (string, optional).
- properties - Name value pairs map of User’s custom properties (map<string, string>, optional).
- loginInfo - Login information about the user (object, optional).
- lastLogin - Timestamp of last login of user (string, optional).
- lastFailure - Timestamp of last login failure of user (string, optional).
- credentials - List of credential a assigned to the user (list).
- profiles - List of assigned profiles to the user. At least one is mandatory (list).
- state - An Enum value indicating the Profile’s administrative status (enum).
- ACTIVE,
- DISABLED,
- ARCHIVED
- name - Name of the profile (string).
- remarks - Description for the profile (string, optional).
- extId - External identifier for the profile. Must be unique (string).
- defaultProfile - Indicates it is the default profile of user or not. One and only one must true (boolean).
- validFrom - Validity starting timestamp can be defined for the profile (string, optional).
- validTo - Validity ending timestamp can be defined for the profile (string, optional).
- deputedProfileExtId - External identifier of deputed profile if exists (string, optional).
- unitExtId - Unit external identifier belonging to the client that the profile refers. By default the configured default unit for the client is used to (string, optional).
- properties - Name value pairs map of Profile’s custom properties (map<string, string>, optional).
- idmAuthorizations - IDM role role assignments for the profile (list).
- authorizedForAllUnits - The user is authorized to manage all units in the system
- authorizedForAllApplications - The user is authorized to manage all applications in the system (boolean).
- authorizedForAllEnterpriseRoles - The user is authorized to manage all enterprise roles in the system (boolean).
- authorizedClientExtIds - The user is authorized to manage the selected clients in case all clients flag is false (list, optional).
- authorizedApplicationExtIds - The user is authorized to manage the selected applications in case all applications flag is false (list, optional).
- authorizedUnitExtIdSetForClients - The user is authorized to manage the selected client:units associations in case all units flag is false (map<string, list>, optional).
- authorizedEnterpriseRoleExtIdSetForClients - The user is authorized to manage the selected client:enterprise-roles associations in case all roles flag is false (map<string, list>, optional).
- appAuthorizations - Application role assignments for the profile (list).
- authorizedForAllUnits - The user is authorized to manage all units in the system
- authorizedForAllApplications - The user is authorized to manage all applications in the system (boolean).
- authorizedForAllEnterpriseRoles - The user is authorized to manage all enterprise roles in the system (boolean).
- authorizedClientExtIds - The user is authorized to manage the selected clients in case all clients flag is false (list, optional).
- authorizedApplicationExtIds - The user is authorized to manage the selected applications in case all applications flag is false (list, optional).
- authorizedUnitExtIdSetForClients - The user is authorized to manage the selected client:units associations in case all units flag is false (map<string, list>, optional).
- authorizedEnterpriseRoleExtIdSetForClients - The user is authorized to manage the selected client:enterprise-roles associations in case all roles flag is false (map<string, list>, optional).
- enterpriseAuthorizations - Enterprise role assignments for the profile (list).
- authorizedForAllUnits - The user is authorized to manage all units in the system
- authorizedForAllApplications - The user is authorized to manage all applications in the system (boolean).
- authorizedForAllEnterpriseRoles - The user is authorized to manage all enterprise roles in the system (boolean).
- authorizedClientExtIds - The user is authorized to manage the selected clients in case all clients flag is false (list, optional).
- authorizedApplicationExtIds - The user is authorized to manage the selected applications in case all applications flag is false (list, optional).
- authorizedUnitExtIdSetForClients - The user is authorized to manage the selected client:units associations in case all units flag is false (map<string, list>, optional).
- authorizedEnterpriseRoleExtIdSetForClients - The user is authorized to manage the selected client:enterprise-roles associations in case all roles flag is false (map<string, list>, optional).
- state - An Enum value indicating the Profile’s administrative status (enum).
Optional
- displayName - The name of the User, suitable for display to end-users. This is generated like name.formatted. If empty the userName will be returned (string-).
- preferredLanguage - Indicates the User’s preferred written or spoken language. This is mapped to languageId property of User (string-)
- locale - Used to indicate the User’s default location for purposes of localizing items such as currency, date time format, numerical representations, etc. This is mapped to locality property of User (string-).
- phoneNumbers - Phone numbers for the User. The IDM can accept three kind of phone numbers. Indicate the type as ‘telephone’, ‘telefax’ or ‘mobile’. These values are mapped to properties indicated in type attribute (list-)
Scim Scim Search Post DTO with IDM extension
Complex data structure to invoke HTTP POST search request. The SCIM SearchResponse DTO has the following parameters:
Optional
- attributes - A multi-valued list of strings indicating the names of resource attributes to return in the response, overriding the set of attributes that would be returned by default (list).
- excludedAttributes - A multi-valued list of strings indicating the names of resource attributes to be removed from the default set of attributes to return (list).
- filter - The filter string used to request a subset of resources (string).
- sortBy - A string indicating the attribute whose value be used to order the returned responses (string).
- sortOrder - Sort order of selected attribute (in sortBy parameter). Empty value means the default ascending sorting order (string).
- ascending
- descending
- startIndex - An integer indicating the 1-based index of the first query result (number).
- count - An integer indicating the desired maximum number of query results per page (number).
- bulkImportFormat - The output is ScimBulkRequest with create operations instead of ScimListResponse as standard defines. This optional parameter by default false.
Scim User
/{clientExtId}/Users/{userId}Retrieves the user with the specified Id from the client with the given external ID.
since 2.85
Required permissions
AccessControl.UserView, AccessControl.PropertyView, AccessControl.PropertyValueView, AccessControl.PropertyAllowedValueView, AccessControl.CredentialView, AccessControl.ProfileView
Example URI
GET https://your-host/nevisidm/api/scim/v1/1000/Users/1234
URI Parameters
- clientExtId: string (required) Example: 1000
ExtID of the client.
- userId: string (required) Example: 1234
ID of the user.
Request
- Headers:
Content-Type: application/json or application/scim+json
Response 200
- Headers:
Content-Type: application/json or application/scim+json - Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:nevis:idm:scim:schemas:v1:extension:User"
],
"id": "100",
"externalId": "100",
"meta": {
"resourceType": "User",
"created": "2022-05-03T11:17:07.000",
"lastModified": "2022-05-03T11:17:07.000",
"location": "http://localhost:8080/nevisidm/api/scim/v1/100/Users/100",
"version": "v1"
},
"userName": "bootstrap",
"name": {
"formatted": "Boot Strap",
"familyName": "Strap",
"givenName": "Boot",
"honorificPrefix": "Mr."
},
"displayName": "Boot Strap",
"preferredLanguage": "en",
"active": true,
"emails": [
{
"value": "[email protected]",
"type": "work",
"primary": true
}
],
"phoneNumbers": [
{
"value": "0444444444",
"type": "telephone",
"primary": true
}
],
"urn:nevis:idm:scim:schemas:v1:extension:User": {
"remarks": "Initial user for bootstrapping",
"technical": false,
"templateCollectionName": "Default",
"credentials": [
{
"extId": "100",
"type": "PASSWORD",
"active": true,
"validFrom": "2022-05-03T11:17:07.000Z",
"validTo": "2029-12-31T23:00:00.000Z",
"password": "{SSHA}OfA52lp84tj5nS6+awPTTgcuY1FF6PdtbxNo/Mry"
}
],
"profiles": [
{
"active": true,
"name": "BootstrapProfile",
"remarks": "Initial profile for bootstrapping",
"extId": "100",
"defaultProfile": true,
"unitExtId": "100",
"idmAuthorizations": [
{
"extId": "100",
"roleExtId": "1",
"authorizedForAllClients": true,
"authorizedForAllUnits": true,
"authorizedForAllApplications": true,
"authorizedForAllEnterpriseRoles": true
},
{
"extId": "105",
"roleExtId": "30",
"authorizedForAllClients": true,
"authorizedForAllUnits": true,
"authorizedForAllApplications": true,
"authorizedForAllEnterpriseRoles": true
}
]
}
],
"loginInfo": {
"lastLogin": "1999-12-31T23:00:00.000Z"
}
}
}
/{clientExtId}/Users/{userId}Retrieves the user with the specified Id from the client with the given external ID.
since 2.85
Required permissions
AccessControl.UserDelete, AccessControl.UserDeleteTechUser (for deleting technical users only)
Example URI
DELETE https://your-host/nevisidm/api/scim/v1/1000/Users/1234
URI Parameters
- clientExtId: string (required) Example: 1000
ExtID of the client.
- userId: string (required) Example: 1234
ID of the user.
Request
- Headers:
Content-Type: application/json or application/scim+json
Response 204
Scim Users
/{clientExtId}/UsersRetrieves all users from the client with the given external ID.
Returned result are pageable with startIndex and count queryParameter.
List is filterable with the following query parameters, which work like the fields of ScimSearchDTO:
- attributes
- excludedAttributes
- filter
- sortBy
- sortOrder
- startIndex
- count
- bulkImportFormat
Note
Use + or %20 in place of the space character to filter out properties with spaces in their names (RFC 1738). Use %2B in place of the + character to filter out attributes, holding mobile numbers (RFC 3151).
since 2.85
Required permissions
AccessControl.UserView, AccessControl.PropertyView, AccessControl.PropertyValueView, AccessControl.PropertyAllowedValueView, AccessControl.CredentialView, AccessControl.ProfileView
Example URI
GET https://your-host/nevisidm/api/scim/v1/1000/Users
URI Parameters
- clientExtId: string (required) Example: 1000
ExtID of the client.
Request
- Headers:
Content-Type: application/json or application/scim+json
Response 200
- Headers:
Content-Type: application/json - Body:
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"itemsPerPage": 10,
"startIndex": 1,
"Resources": [
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:nevis:idm:scim:schemas:v1:extension:User"
],
"id": "3000000003",
"externalId": "3000000003",
"meta": {
"resourceType": "User",
"created": "2021-12-03T14:59:47.000Z",
"lastModified": "2021-12-03T14:59:47.000Z",
"location": "http://localhost:8080/nevisidm/api/scim/v1/100/Users/3000000003",
"version": "v1"
},
"userName": "User4321",
"name": {
"formatted": "Tested User",
"familyName": "Tested",
"givenName": "User"
},
"displayName": "User4321",
"preferredLanguage": "en",
"active": true,
"emails": [
{
"value": "[email protected]",
"type": "work",
"primary": true
}
],
"urn:nevis:idm:scim:schemas:v1:extension:User": {
"technical": false,
"templateCollectionName": "Default",
"credentials": [
{
"extId": "3000000003",
"type": "PASSWORD",
"active": true,
"validFrom": "2021-12-03T15:03:46.000Z",
"validTo": "2031-12-01T15:03:46.000Z",
"password": "{SSHA256}b6HBFxmLGRnW90atPGY9Ap+wpfpbYsgeDl5JsSTIDGlYN0bxa5jRAsi8"
}
],
"properties": {
"User_Import_Property1": "0"
}
}
}
]
}
/{clientExtId}/UsersCreate a new user with the given settings including credentials, profiles, authentications.
Note
In the case of Security Question Credentials, user creation is only allowed if the policy parameter restrictModifyToOwner is set to false.
since 2.85
Required permissions
AccessControl.UserCreate, AccessControl.ProfileCreate, AccessControl.AuthorizationCreate (for creating non-technical users only)
Example URI
POST https://your-host/nevisidm/api/scim/v1/1000/Users
URI Parameters
- clientExtId: string (required) Example: 1000
ExtID of the client.
Request
- Headers:
Content-Type: application/json or application/scim+json - Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:nevis:idm:scim:schemas:v1:extension:User"
],
"externalId": "3690000001",
"userName": "tesla",
"name": {
"familyName": "Tesla",
"givenName": "Nikola"
},
"emails": [
{
"value": "[email protected]"
}
],
"urn:nevis:idm:scim:schemas:v1:extension:User": {
"templateCollectionName": "Default",
"properties": {
"user_global_encrypted": "122"
}
}
}
Response 200
- Headers:
Content-Type: application/json or application/scim+json - Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:nevis:idm:scim:schemas:v1:extension:User"
],
"id": "9999999343",
"externalId": "3690000001",
"meta": {
"resourceType": "User",
"created": "2022-05-03T13:01:31.000Z",
"lastModified": "2022-05-03T13:01:31.000Z",
"location": "http://localhost:8080/nevisidm/api/scim/v1/100/Users/9999999343",
"version": "v1"
},
"userName": "tesla",
"name": {
"formatted": "Nikola Tesla",
"familyName": "Tesla",
"givenName": "Nikola"
},
"displayName": "Nikola Tesla",
"preferredLanguage": "en",
"active": true,
"emails": [
{
"value": "[email protected]",
"type": "work",
"primary": true
}
],
"urn:nevis:idm:scim:schemas:v1:extension:User": {
"technical": false,
"templateCollectionName": "Default",
"profiles": [
{
"active": true,
"name": "Profile-tesla",
"remarks": "Automatically generated profile for tesla",
"extId": "2000001376",
"defaultProfile": true,
"unitExtId": "100",
"idmAuthorizations": [
{
"extId": "260002344",
"roleExtId": "1",
"authorizedForAllClients": false,
"authorizedForAllUnits": false,
"authorizedForAllApplications": false,
"authorizedForAllEnterpriseRoles": false
}
]
}
],
"properties": {
"user_global_encrypted": "122"
}
}
}
Scim User Search
/{clientExtId}/Users/.searchSearches for user with the attributes specified in the request body within the given client. If the application.feature.loginid.casesensitive.enabled is set to false then the search in case of userName filtering will be case-insensitive.
since 2.85
Example URI
POST https://your-host/nevisidm/api/scim/v1/1000/Users/.search
URI ParametersHide
- clientExtId: string (required) Example: 1000
ExtID of the client.
Request
- Headers:
Content-Type: application/json or application/scim+json - Body:
{
"filter": "userName EQ 'bootstrap'"
}
Response 200
- Headers:
Content-Type: application/json or application/scim+json - Body:
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"itemsPerPage": 10,
"startIndex": 1,
"Resources": [
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:nevis:idm:scim:schemas:v1:extension:User"
],
"id": "100",
"externalId": "100",
"meta": {
"resourceType": "User",
"created": "2022-05-03T14:19:25.000Z",
"lastModified": "2022-05-03T14:19:25.000Z",
"location": "http://localhost:8080/nevisidm/api/scim/v1/100/Users/100",
"version": "v1"
},
"userName": "bootstrap",
"name": {
"formatted": "Boot Strap",
"familyName": "Strap",
"givenName": "Boot",
"honorificPrefix": "Mr."
},
"displayName": "Boot Strap",
"preferredLanguage": "en",
"active": true,
"emails": [
{
"value": "[email protected]",
"type": "work",
"primary": true
}
],
"phoneNumbers": [
{
"value": "0444444444",
"type": "telephone",
"primary": true
}
],
"urn:nevis:idm:scim:schemas:v1:extension:User": {
"remarks": "Initial user for bootstrapping",
"technical": false,
"templateCollectionName": "Default",
"credentials": [
{
"extId": "100",
"type": "PASSWORD",
"state": "ACTIVE",
"validFrom": "2022-05-03T14:19:25.000Z",
"validTo": "2029-12-31T23:00:00.000Z",
"credentialLoginInfo": {
"lastLogin": "2022-05-03T14:19:27.000Z",
"loginSuccessCount": 1,
"lastFailure": "2022-05-03T14:19:27.000Z",
"loginFailureCount": 2
},
"password": "{SSHA}OfA52lp84tj5nS6+awPTTgcuY1FF6PdtbxNo/Mry"
}
],
"profiles": [
{
"state": "ACTIVE",
"name": "BootstrapProfile",
"remarks": "Initial profile for bootstrapping",
"extId": "100",
"defaultProfile": true,
"unitExtId": "100",
"idmAuthorizations": [
{
"extId": "100",
"roleExtId": "1",
"authorizedForAllClients": true,
"authorizedForAllUnits": true,
"authorizedForAllApplications": true,
"authorizedForAllEnterpriseRoles": true
},
{
"extId": "105",
"roleExtId": "30",
"authorizedForAllClients": true,
"authorizedForAllUnits": true,
"authorizedForAllApplications": true,
"authorizedForAllEnterpriseRoles": true
}
]
}
],
"loginInfo": {
"lastLogin": "1999-12-31T23:00:00.000Z"
}
}
}
]
}
Scim Bulk Request
/{clientExtId}/bulkExecutes specified operations on a client given with its extId.
since 2.85
Example URI
GET https://your-host/nevisidm/api/scim/v1/1000/bulk
URI ParametersHide
- clientExtId: string (required) Example: 1000
ExtID of the client.
Request
- Headers:
Content-Type: application/json or application/scim+json
Response 200
- Headers:
Content-Type: application/json or application/scim+json - Body:
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:BulkRequest"
],
"failOnErrors": 0,
"Operations": [
{
"method": "POST",
"bulkId": "create",
"path": "Users",
"data": {
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:nevis:idm:scim:schemas:v1:extension:User"
],
"externalId": "3690000001",
"userName": "tesla",
"name": {
"familyName": "Tesla",
"givenName": "Nikola"
},
"emails": [
{
"value": "[email protected]"
}
],
"urn:nevis:idm:scim:schemas:v1:extension:User": {
"templateCollectionName": "Default",
"properties": {
"user_global_encrypted": "122"
}
}
}
},
{
"method": "GET",
"bulkId": "get",
"path": "Users/99991010"
}
]
}
SCIM Meta REST Service
These endpoints do not require authorization.
SCIM Error DTO
- In addition to returning an HTTP response code the SCIM server must response the errors in the body as a JSON format. The SCIM Error DTO has the following parameters:
- schemas - An array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas that define the attributes present in the current JSON structure (list, string).
- status - The HTTP status code (number)
- scimType - A SCIM detail error keyword (string)
- INVALID_FILTER
- TOO_MANY
- UNIQUENESS
- MUTABILITY
- INVALID_SYNTAX
- INVALID_PATH
- NO_TARGET
- INVALID_VALUE
- INVALID_VERS
- SENSITIVE.
- detail - A detailed human-readable message (string).
Scim ResourceType DTO
- Specifies the schema that describes a SCIM resource type. The SCIM ResourceType DTO has the following parameters:
- schemas - An array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas that define the attributes present in the current JSON structure (list, string).
- id - The resource type’s server unique ID. May be the same as the ‘name’ attribute (string).
- name - The resource type name. When applicable, service providers MUST specify the name, e.g., User (string).
- schema - The resource type’s primary/base schema URI (string).
- description - The resource type’s human-readable description. When applicable, service providers MUST specify the description (string).
- endpoint - The resource type’s HTTP-addressable endpoint relative to the Base URL, e.g., /Users (string).
- schemaExtensions - A list of URIs of the resource type’s schema extensions.
- schema - The unique URI of the schema (string).
- required - Contains if the SchemaExtension is required for the Extended Schema (boolean).
- meta - Meta information of the Resource (object).
- resourceType - The name of the resource type of the resource (string, optional).
- created - The date and time that the resource was added to the service provider (string, optional).
- lastModified - The most recent date and time that the details of this resource were updated at the service provider (string, optional ).
- location - The URI of the resource being returned (string, optional).
- version - The version of the resource being returned (string, optional).
Scim Schema DTO
- Specifies the schema that describes a SCIM resource type. The SCIM ResourceType DTO has the following parameters:
- schemas - An array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas that define the attributes present in the current JSON structure (list, string).
- id - The unique URI of the schema (string).
- name - The schema’s human-readable name (string).
- schema - The resource type’s primary/base schema URI (string).
- description - The schema’s human-readable description (string).
- attributes - List of attributes of schema related resource (object).
- type - The attribute’s data type (string, enum).
- STRING
- BOOLEAN
- DECIMAL
- INTEGER
- DATE_TIME
- REFERENCE
- COMPLEX
- mutability - A single keyword indicating the circumstances under which the value of the attribute can be defined (string, enum).
- READ_ONLY
- READ_WRITE
- IMMUTABLE
- WRITE_ONLY
- returned - A single keyword that indicates when an attribute and associated values are returned in response to a GET request or in response to a PUT, POST, or PATCH request (string, enum).
- ALWAYS
- NEVER
- DEFAULT
- REQUEST
- uniqueness - A single keyword value that specifies how the service provider enforces uniqueness of attribute values (string, enum).
- NONE
- SERVER
- GLOBAL
- type - The attribute’s data type (string, enum).
- meta - Meta information of the Resource (object).
- resourceType - The name of the resource type of the resource (string, optional).
- created - The date and time that the resource was added to the service provider (string, optional).
- lastModified - The most recent date and time that the details of this resource were updated at the service provider (string, optional).
- location - The URI of the resource being returned (string, optional).
- version - The version of the resource being returned (string, optional).
Scim ServiceProviderConfig DTO
Schema for representing the service provider’s configuration. The SCIM ServiceProviderConf DTO has the following parameters:
Mandatory
- schemas - An array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas that define the attributes present in the current JSON structure (list, string).
- documentationUri - An HTTP-addressable URL pointing to the service provider’s human-consumable help documentation (string).
- patch - A complex type that specifies PATCH operation is allowed or not (object).
- supported - A Boolean value specifying whether or not the operation is supported (boolean).
- bulk - A complex type that specifies bulk configuration options (object).
- maxOperations - An integer value specifying the maximum number of operations (number).
- supported - A Boolean value specifying whether or not the operation is supported (boolean).
- filter - A complex type that specifies FILTER configuration options (object).
- maxResult - An integer value specifying the maximum number of resources returned in a response (number).
- maxPayload - An integer value specifying the maximum payload size in bytes (number).
- supported - A Boolean value specifying whether or not the operation is supported (boolean).
- etag - A complex type that specifies ETag configuration options. (object).
- supported - A Boolean value specifying whether or not the operation is supported (boolean).
- changePassword - A complex type that specifies configuration options related to changing a password (object).
- supported - A Boolean value specifying whether or not the operation is supported (boolean).
- meta - Meta information of the Resource (object).
- resourceType - The name of the resource type of the resource (string, optional).
- created - The date and time that the resource was added to the service provider (string, optional).
- lastModified - The most recent date and time that the details of this resource were updated at the service provider (string, optional).
- location - The URI of the resource being returned (string, optional).
- version - The version of the resource being returned (string, optional).
Optional
- authenticationSchemes - A complex type that specifies supported authentication scheme properties (list).
type - The authentication scheme. This specification defines the values oauth, oauth2, oauthbearertoken, httpbasic, and httpdigest (string).
- name - The common authentication scheme name, e.g., HTTP Basic (string).
- description - A description of the authentication scheme (string, optional).
- specUri - An HTTP-addressable URL pointing to the authentication scheme’s specification (string, optional).
- documentationUri - An HTTP-addressable URL pointing to the service provider’s human-consumable help documentation (string, optional).
Scim ScimListResponse DTO
- SCIM defined list response. The SCIM ListResponse DTO has the following parameters:
- schemas - An array of Strings containing URIs that are used to indicate the namespaces of the SCIM schemas that define the attributes present in the current JSON structure (list, string).
- totalResults - Number of total results (number).
- itemsPerPage - Number of results in a single response. By default 10. Controlled by ‘count’ request parameter (number).
- startIndex - Start index of current result. By default 1. Controlled by ‘startIndex’ request parameter (number).
- Resources - Array of SCIM resources. For example array of users (list).
Scim Schemas
/SchemasThis is a meta endpoint, it does not require authorization.
Retrieves all SCIM Schema implemented on this server.
since 2.85
Example URI
GET https://your-host/nevisidm/api/scim/v1/Schemas
RequestHide
- Headers:
Content-Type: application/json or application/scim+json
Response 200
- Headers:
Content-Type: application/json or application/scim+json - Body:
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 7,
"itemsPerPage": 10,
"startIndex": 1,
"Resources": [
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"id": "urn:ietf:params:scim:schemas:core:2.0:User",
"name": "User",
"description": "SCIM provides a resource type for \"User\" resources. The core schema for \"User\" is identified using the following schema URI: urn:ietf:params:scim:schemas:core:2.0:User.",
"attributes": [
{
"name": "userName",
"type": "string",
"multiValued": false,
"description": "Unique identifier for the User for the actual customer. This is mapped to the loginId property of User.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "name",
"type": "complex",
"subAttributes": [
{
"name": "formatted",
"type": "string",
"multiValued": false,
"description": "The full name, including all middle names, titles, and suffixes. This is not mapped for input, just generated for output.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
},
{
"name": "familyName",
"type": "string",
"multiValued": false,
"description": "The family name of the User, or Last Name in most Western languages. This is mapped to name property of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "givenName",
"type": "string",
"multiValued": false,
"description": "The given name of the User, or First Name in most Western languages. This is mapped to firstName attribute of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "middleName",
"type": "string",
"multiValued": false,
"description": "The middle name(s) of the User. This is not mapped to any property of User, yet.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "honorificPrefix",
"type": "string",
"multiValued": false,
"description": "The honorific prefix(es) of the User, or Title in most Western languages. This is mapped to title property of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": false,
"description": "The components of the user’s name complex type. This is mapped to name, firstName, remarks... properties of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "displayName",
"type": "string",
"multiValued": false,
"description": "The name of the User, suitable for display to end-users. This is generated like name.formatted. If empty the userName will be returned.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
},
{
"name": "preferredLanguage",
"type": "string",
"multiValued": false,
"description": "Indicates the User's preferred written or spoken language. This is mapped to languageId property of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "locale",
"type": "string",
"multiValued": false,
"description": "Used to indicate the User's default location for purposes of localizing items such as currency, date time format, numerical representations, etc. This is mapped to locality property of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "active",
"type": "boolean",
"multiValued": false,
"description": "A Boolean value indicating the User's administrative status. This it mapped to status property of User. 'true' => ACTIVE, 'false' => DISABLED; ACTIVE => 'true', otherwise 'false'.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "emails",
"type": "complex",
"subAttributes": [
{
"name": "value",
"type": "string",
"multiValued": false,
"description": "Attribute value (eg. email address, prhone number. This part is mapped to the referred property of User.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "display",
"type": "string",
"multiValued": false,
"description": "A human readable name, primarily used for display purposes. This part is not mapped, for output the value is repeated here.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "type",
"type": "string",
"multiValued": false,
"description": "A label indicating the attribute's function; e.g. 'work', 'home', etc. For email this part is not mapped. For phone the following values are accepted and required: 'telephone', 'telefax' or 'mobile'. Other types are not supported, yet.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "primary",
"type": "boolean",
"multiValued": false,
"description": "A Boolean value indicating the 'primary' or preferred. This part is not mapped, the first one always true the rest always false.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": true,
"description": "E-mail addresses for the user. The IDM can accept only one email address. By default the email address is mandatory and must be unique. This is mapped to email and uniqueEmail properties of User.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "phoneNumbers",
"type": "complex",
"subAttributes": [
{
"name": "value",
"type": "string",
"multiValued": false,
"description": "Attribute value (eg. email address, prhone number. This part is mapped to the referred property of User.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "display",
"type": "string",
"multiValued": false,
"description": "A human readable name, primarily used for display purposes. This part is not mapped, for output the value is repeated here.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "type",
"type": "string",
"multiValued": false,
"description": "A label indicating the attribute's function; e.g. 'work', 'home', etc. For email this part is not mapped. For phone the following values are accepted and required: 'telephone', 'telefax' or 'mobile'. Other types are not supported, yet.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "primary",
"type": "boolean",
"multiValued": false,
"description": "A Boolean value indicating the 'primary' or preferred. This part is not mapped, the first one always true the rest always false.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": true,
"description": "Phone numbers for the User. The IDM can accept three kind of phone numbers. Indicate the type as 'telephone', 'telefax' or 'mobile'. These values are mapped to properties indicated in type attribute.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "addresses",
"type": "complex",
"subAttributes": [
{
"name": "formatted",
"type": "string",
"multiValued": false,
"description": "The full mailing address, formatted for display or for label. This is not mapped for input, just generated for output.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
},
{
"name": "streetAddress",
"type": "string",
"multiValued": false,
"description": "The full street address component. This part is mapped to addressline1 and addressline2 properties of User with separating new line character (only one supported).",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "locality",
"type": "string",
"multiValued": false,
"description": "The city or locality component. This part is mapped to city property of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "region",
"type": "string",
"multiValued": false,
"description": "The state or region component. This part is not mapped to any property of User, yet.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "postalCode",
"type": "string",
"multiValued": false,
"description": "The zipcode or postal code component. This part is mapped to postalcode property of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "country",
"type": "string",
"multiValued": false,
"description": "The country name component. This part is mapped to country property of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "type",
"type": "string",
"multiValued": false,
"description": "A label indicating the attribute's function; e.g. 'work' or 'home'. This part is not mapped to any property of User, yet.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "primary",
"type": "boolean",
"multiValued": false,
"description": "A Boolean value indicating the 'primary' or preferred. This part is not mapped to any property of User, yet.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": true,
"description": "Physical mailing addresses for this User. The IDM can accept only one address.This is mapped to country, city, postalcode, addressline2 and addressline1 properties of User.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}
]
},
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"id": "urn:nevis:idm:scim:schemas:v1:extension:User",
"name": "UserExtension",
"description": "SCIM User IDM extension for properties in IDM \"User\" that has not been covered by the ScimUser. Schema: \"urn:nevis:idm:scim:schemas:v1:extension:User\".",
"attributes": [
{
"name": "remarks",
"type": "string",
"multiValued": false,
"description": "Description for the user.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "sex",
"type": "string",
"multiValued": false,
"description": "Gender of the user.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "birthDate",
"type": "dateTime",
"multiValued": false,
"description": "Birthdate of the user.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "validFrom",
"type": "dateTime",
"multiValued": false,
"description": "Validity starting timestamp can be defined for the user.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "validTo",
"type": "dateTime",
"multiValued": false,
"description": "Validity ending timestamp can be defined for the user.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "technical",
"type": "boolean",
"multiValued": false,
"description": "Indicates if it the user is technical or not.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "street",
"type": "string",
"multiValued": false,
"description": "Street name of user's address.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "houseNumber",
"type": "string",
"multiValued": false,
"description": "House number of user's address.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "dwellingNumber",
"type": "string",
"multiValued": false,
"description": "Property unit number of user's address.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "postOfficeBoxText",
"type": "string",
"multiValued": false,
"description": "Post office box text of user's address.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "postOfficeBoxNumber",
"type": "integer",
"multiValued": false,
"description": "Post office box number of user's address.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "templateCollectionName",
"type": "string",
"multiValued": false,
"description": "Name of template collection assigned to the user.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "credentials",
"type": "complex",
"subAttributes": [
{
"name": "extId",
"type": "string",
"multiValued": false,
"description": "External identifier for the credential. Must be unique.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "type",
"type": "string",
"multiValued": false,
"description": "Type of the credential.",
"required": true,
"canonicalValues": [
"PASSWORD",
"GENERIC",
"TICKET"
],
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "name",
"type": "string",
"multiValued": false,
"description": "Name attribute for the credential.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "active",
"type": "boolean",
"multiValued": false,
"description": "A Boolean value indicating the Credential's administrative status. 'true' => ACTIVE, 'false' => DISABLED; INITIAL, ACTIVE, RESET_CODE, ADMIN_CHANGED => 'true', otherwise 'false'.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "validFrom",
"type": "dateTime",
"multiValued": false,
"description": "Validity starting timestamp for the credential.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "validTo",
"type": "dateTime",
"multiValued": false,
"description": "Validity ending timestamp for the credential.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": true,
"description": "List of credential a assigned to the user.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "profiles",
"type": "complex",
"subAttributes": [
{
"name": "active",
"type": "boolean",
"multiValued": false,
"description": "A Boolean value indicating the Profile's administrative status. 'true' => ACTIVE, 'false' => DISABLED; ACTIVE => 'true', otherwise 'false'.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "name",
"type": "string",
"multiValued": false,
"description": "Name of the profile.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "remarks",
"type": "string",
"multiValued": false,
"description": "Description for the profile.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "extId",
"type": "string",
"multiValued": false,
"description": "External identifier for the profile. Must be unique.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "defaultProfile",
"type": "boolean",
"multiValued": false,
"description": "Indicates it is the default profile of user or not. One and only one must true.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "validFrom",
"type": "dateTime",
"multiValued": false,
"description": "Validity starting timestamp can be defined for the profile.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "validTo",
"type": "dateTime",
"multiValued": false,
"description": "Validity ending timestamp can be defined for the profile.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "deputedProfileExtId",
"type": "string",
"multiValued": false,
"description": "External identifier of deputed profile if exists.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "unitExtId",
"type": "string",
"multiValued": false,
"description": "Unit external identifier belonging to the client that the profile refers. By default the configured default unit for the client is used to.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "idmAuthorizations",
"type": "complex",
"subAttributes": [
{
"name": "authorizedForAllClients",
"type": "boolean",
"multiValued": false,
"description": "The user is authorized to manage all clients in the system.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "authorizedForAllUnits",
"type": "boolean",
"multiValued": false,
"description": "The user is authorized to manage all units in the system.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "authorizedForAllApplications",
"type": "boolean",
"multiValued": false,
"description": "The user is authorized to manage all applications in the system.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "authorizedForAllEnterpriseRoles",
"type": "boolean",
"multiValued": false,
"description": "The user is authorized to manage all enterprise roles in the system.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "authorizedClientExtIds",
"type": "string",
"multiValued": true,
"description": "The user is authorized to manage the selected clients in case all clients flag is false.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "authorizedApplicationExtIds",
"type": "string",
"multiValued": true,
"description": "The user is authorized to manage the selected applications in case all applications flag is false.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": true,
"description": "IDM role assignments for the profile.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "appAuthorizations",
"type": "complex",
"multiValued": true,
"description": "Application role assignments for the profile.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "enterpriseAuthorizations",
"type": "complex",
"multiValued": true,
"description": "Enterprise role assignments for the profile.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": true,
"description": "List of assigned profiles to the user. At least one is mandatory.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "loginInfo",
"type": "complex",
"subAttributes": [
{
"name": "lastLogin",
"type": "dateTime",
"multiValued": false,
"description": "Timestamp of last login of user.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
},
{
"name": "lastFailure",
"type": "dateTime",
"multiValued": false,
"description": "Timestamp of last login failure of user.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": false,
"description": "Login information about the user.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
}
]
}
]
}
Scim Schema
/Schemas/{schema}This is a meta endpoint, it does not require authorization.
Retrieves the SCIM schema with the given schema urn if implemented on this server.
since 2.85
Example URI
GET https://your-host/nevisidm/api/scim/v1/Schemas/urn:nevis:idm:scim:schemas:v1:extension:User
URI Parameters
- schema: string (required) Example: urn:nevis:idm:scim:schemas:v1:extension:User
Schema urn of the requested schema.
Request
- Headers:
Content-Type: application/json or application/scim+json
Response 200
- Headers:
Content-Type: application/json or application/scim+json - Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"id": "urn:nevis:idm:scim:schemas:v1:extension:User",
"name": "UserExtension",
"description": "SCIM User IDM extension for properties in IDM \"User\" that has not been covered by the ScimUser. Schema: \"urn:nevis:idm:scim:schemas:v1:extension:User\".",
"attributes": [
{
"name": "remarks",
"type": "string",
"multiValued": false,
"description": "Description for the user.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "sex",
"type": "string",
"multiValued": false,
"description": "Gender of the user.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "birthDate",
"type": "dateTime",
"multiValued": false,
"description": "Birthdate of the user.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "validFrom",
"type": "dateTime",
"multiValued": false,
"description": "Validity starting timestamp can be defined for the user.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "validTo",
"type": "dateTime",
"multiValued": false,
"description": "Validity ending timestamp can be defined for the user.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "technical",
"type": "boolean",
"multiValued": false,
"description": "Indicates if it the user is technical or not.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "street",
"type": "string",
"multiValued": false,
"description": "Street name of user's address.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "houseNumber",
"type": "string",
"multiValued": false,
"description": "House number of user's address.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "dwellingNumber",
"type": "string",
"multiValued": false,
"description": "Property unit number of user's address.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "postOfficeBoxText",
"type": "string",
"multiValued": false,
"description": "Post office box text of user's address.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "postOfficeBoxNumber",
"type": "integer",
"multiValued": false,
"description": "Post office box number of user's address.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "templateCollectionName",
"type": "string",
"multiValued": false,
"description": "Name of template collection assigned to the user.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "credentials",
"type": "complex",
"subAttributes": [
{
"name": "extId",
"type": "string",
"multiValued": false,
"description": "External identifier for the credential. Must be unique.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "type",
"type": "string",
"multiValued": false,
"description": "Type of the credential.",
"required": true,
"canonicalValues": [
"PASSWORD",
"GENERIC",
"TICKET"
],
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "name",
"type": "string",
"multiValued": false,
"description": "Name attribute for the credential.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "active",
"type": "boolean",
"multiValued": false,
"description": "A Boolean value indicating the Credential's administrative status. 'true' => ACTIVE, 'false' => DISABLED; INITIAL, ACTIVE, RESET_CODE, ADMIN_CHANGED => 'true', otherwise 'false'.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "validFrom",
"type": "dateTime",
"multiValued": false,
"description": "Validity starting timestamp for the credential.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "validTo",
"type": "dateTime",
"multiValued": false,
"description": "Validity ending timestamp for the credential.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": true,
"description": "List of credential a assigned to the user.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "profiles",
"type": "complex",
"subAttributes": [
{
"name": "active",
"type": "boolean",
"multiValued": false,
"description": "A Boolean value indicating the Profile's administrative status. 'true' => ACTIVE, 'false' => DISABLED; ACTIVE => 'true', otherwise 'false'.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "name",
"type": "string",
"multiValued": false,
"description": "Name of the profile.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "remarks",
"type": "string",
"multiValued": false,
"description": "Description for the profile.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "extId",
"type": "string",
"multiValued": false,
"description": "External identifier for the profile. Must be unique.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "defaultProfile",
"type": "boolean",
"multiValued": false,
"description": "Indicates it is the default profile of user or not. One and only one must true.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "validFrom",
"type": "dateTime",
"multiValued": false,
"description": "Validity starting timestamp can be defined for the profile.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "validTo",
"type": "dateTime",
"multiValued": false,
"description": "Validity ending timestamp can be defined for the profile.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "deputedProfileExtId",
"type": "string",
"multiValued": false,
"description": "External identifier of deputed profile if exists.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "unitExtId",
"type": "string",
"multiValued": false,
"description": "Unit external identifier belonging to the client that the profile refers. By default the configured default unit for the client is used to.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "idmAuthorizations",
"type": "complex",
"subAttributes": [
{
"name": "authorizedForAllClients",
"type": "boolean",
"multiValued": false,
"description": "The user is authorized to manage all clients in the system.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "authorizedForAllUnits",
"type": "boolean",
"multiValued": false,
"description": "The user is authorized to manage all units in the system.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "authorizedForAllApplications",
"type": "boolean",
"multiValued": false,
"description": "The user is authorized to manage all applications in the system.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "authorizedForAllEnterpriseRoles",
"type": "boolean",
"multiValued": false,
"description": "The user is authorized to manage all enterprise roles in the system.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "authorizedClientExtIds",
"type": "string",
"multiValued": true,
"description": "The user is authorized to manage the selected clients in case all clients flag is false.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "authorizedApplicationExtIds",
"type": "string",
"multiValued": true,
"description": "The user is authorized to manage the selected applications in case all applications flag is false.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": true,
"description": "IDM role assignments for the profile.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "appAuthorizations",
"type": "complex",
"multiValued": true,
"description": "Application role assignments for the profile.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "enterpriseAuthorizations",
"type": "complex",
"multiValued": true,
"description": "Enterprise role assignments for the profile.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": true,
"description": "List of assigned profiles to the user. At least one is mandatory.",
"required": true,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "loginInfo",
"type": "complex",
"subAttributes": [
{
"name": "lastLogin",
"type": "dateTime",
"multiValued": false,
"description": "Timestamp of last login of user.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
},
{
"name": "lastFailure",
"type": "dateTime",
"multiValued": false,
"description": "Timestamp of last login failure of user.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
}
],
"multiValued": false,
"description": "Login information about the user.",
"required": false,
"caseExact": true,
"mutability": "readOnly",
"returned": "default",
"uniqueness": "none"
}
]
}
Scim Resource Types
/ResourceTypesThis is a meta endpoint, it does not require authorization.
Retrieves the SCIM Standard Resource Types implemented on this server. Currently only User is implemented.
since 2.85
Example URI
GET https://your-host/nevisidm/api/scim/v1/ResourceTypes
Request
- Headers:
Content-Type: application/json or application/scim+json
Response 200
- Headers:
Content-Type: application/json or application/scim+json - Body:
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"itemsPerPage": 10,
"startIndex": 1,
"Resources": [
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
],
"id": "User",
"name": "User",
"description": "SCIM provides a resource type for \"User\" resources. The core schema for \"User\" is identified using the following schema URI: urn:ietf:params:scim:schemas:core:2.0:User.",
"meta": {
"resourceType": "ResourceType",
"location": "http://localhost:8080/nevisidm/api/scim/v1/ResourceTypes/User"
},
"endpoint": "/Users",
"schemaExtensions": [
{
"required": true,
"schema": "urn:nevis:idm:scim:schemas:v1:extension:User"
}
],
"schema": "urn:ietf:params:scim:schemas:core:2.0:User"
}
]
}
Scim Resource Type
/ResourceTypes/{id}This is a meta endpoint, it does not require authorization.
Retrieves the SCIM Standard Resource Type with given id if implemented on this server. Currently only User is implemented.
since 2.85
Example URI
GET https://your-host/nevisidm/api/scim/v1/ResourceTypes/User
URI Parameters
- id: string (required) Example: User
Name of the resource type.
Request
- Headers:
Content-Type: application/json or application/scim+json
Response 200
- Headers:
Content-Type: application/json or application/scim+json - Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
],
"id": "User",
"name": "User",
"description": "SCIM provides a resource type for \"User\" resources. The core schema for \"User\" is identified using the following schema URI: urn:ietf:params:scim:schemas:core:2.0:User.",
"meta": {
"resourceType": "ResourceType",
"location": "http://localhost:8080/nevisidm/api/scim/v1/ResourceTypes/User"
},
"endpoint": "/Users",
"schemaExtensions": [
{
"required": true,
"schema": "urn:nevis:idm:scim:schemas:v1:extension:User"
}
],
"schema": "urn:ietf:params:scim:schemas:core:2.0:User"
}
Scim ServiceProvider Configuration
/ServiceProviderConfigurationThis is a meta endpoint, it does not require authorization.
Retrieves the ServiceProvider Configuration from the server, which provides information of its capabilities regards of scim
since 2.85
Example URI
GET https://your-host/nevisidm/api/scim/v1/ServiceProviderConfiguration
Request
- Headers:
Content-Type: application/json or application/scim+json
Response 200
- Headers:
Content-Type: application/json or application/scim+json - Body:
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"
],
"documentationUri": "http://example.com/help/scim.html",
"patch": {
"supported": true
},
"bulk": {
"supported": true,
"maxOperations": 1000,
"maxPayloadSize": 1048576
},
"filter": {
"supported": true,
"maxResults": 200
},
"changePassword": {
"supported": true
},
"sort": {
"supported": true
},
"etag": {
"supported": true
},
"authenticationSchemes": [
{
"name": "OAuth Bearer Token",
"description": "Authentication scheme using the OAuth Bearer Token Standard",
"specUri": "http://www.rfc-editor.org/info/rfc6750",
"documentationUri": "http://example.com/help/oauth.html",
"type": "oauthbearertoken",
"primary": true
},
{
"name": "HTTP Basic",
"description": "Authentication scheme using the HTTP Basic Standard",
"specUri": "http://www.rfc-editor.org/info/rfc2617",
"documentationUri": "http://example.com/help/httpBasic.html",
"type": "httpbasic"
}
],
"meta": {
"location": "https://example.com/v2/ServiceProviderConfig",
"resourceType": "ServiceProviderConfig",
"created": "2010-01-23T04:56:22Z",
"lastModified": "2011-05-13T04:42:34Z",
"version": "W/\"3694e05e9dff594\""
}
}