Overview
The System for Cross-domain Identity Management (SCIM) aims to simplify user provisioning and management in the cloud by defining two standards:
A canonical user schema
A RESTful API for all necessary user management operations
Enboarder currently supports SCIM 2.0.
Base URLs
AU 🇦🇺 : https://api.syd.enboarder.com
EU 🇪🇺 : https://api.fra.e1.enboarder.com
US 🇺🇸 : https://api.ore.e1.enboarder.com
CA 🇨🇦 : https://api.can.e1.enboarder.com
SCIM User Schema Attribute | Detail | Schema |
|
|
|
|
| Core |
|
| Core |
|
| Core |
|
| Core |
|
| Core |
|
| Core |
|
| Core |
|
| Core |
|
| Core |
|
| Core |
|
| Core |
|
| Core |
Get Service Provider config
/ServiceProviderConfig
Base URLs
API Endpoint : {{baseURL}}/scim/ServiceProviderConfig
Request Method: GET
Response:
200 OK
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"
],
"documentationUri": "http://enboarder.com/help/scim.html", //optional
"patch": {
"supported": true
},
"bulk": {
"supported": false,
"maxOperations": 1,
"maxPayloadSize": 1048576
},
"filter": {
"supported": false,
"maxResults": 200
},
"changePassword": {
"supported": false
},
"sort": {
"supported": false
},
"etag": {
"supported": false
},
"authenticationSchemes": [
{
"name": "OAuth Token",
"description": "Authentication scheme using the OAuth Bearer Token Standard",
"specUri": "http://www.rfc-editor.org/info/rfc6750",
"documentationUri": "https://help.enboarder.com/en/articles/4151199-enboarder-api-docs-authentication-overview",
"type": "oauthbearertoken",
"primary": true
},
{
"name": "HTTP Basic",
"description": "Authentication scheme using the HTTP Basic Standard",
"specUri": "http://www.rfc-editor.org/info/rfc2617",
"documentationUri": "https://help.enboarder.com/en/articles/4151199-enboarder-api-docs-authentication-overview",
"type": "httpbasic"
"primary": true
}
],
"meta": {
"location": "https://api.syd.e1.enboarder.com/scim/v2/ServiceProviderConfig",
"resourceType": "ServiceProviderConfig",
"created": "2020-12-02T04:56:22Z",
"lastModified": "2020-12-13T04:42:34Z",
}
}
Get Resource Type
/ResourceTypes
Base URLs
API Endpoint : {{baseURL}}/scim/ResourceTypes
Request Method: GET
Response:
200 OK
[
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
],
"id": "User",
"name": "User",
"endpoint": "/Users",
"description": "User Account",
"schema": "urn:ietf:params:scim:schemas:core:2.0:User",
"schemaExtensions": [
{
"schema": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
"required": true
}
],
"meta": {
"location": "https://example.com/v2/ResourceTypes/User",
"resourceType": "ResourceType"
}
}
]
Get Schemas
Get Schemas
/Schemas
Base URLs
API Endpoint : {{baseURL}}/scim/v2/Schemas
Request Method: GET
Response:
200 OK
[
{
"id": "urn:ietf:params:scim:schemas:core:2.0:User",
"name": "User",
"description": "User Account",
"attributes": [
{
"name": "userName",
"type": "string",
"multiValued": false,
"description": "Unique identifier for the User, typically used by the user to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the service provider's entire set of Users. REQUIRED.",
"required": true,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "server"
},
{
"name": "externalId",
"type": "string",
"multiValued": false,
"description": "Unique identifier for the User in external system, typically used to identified user in source system.",
"required": false,
"caseExact": true,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "server"
},
{
"name": "name",
"type": "complex",
"multiValued": false,
"description": "The components of the user's real name. Providers MAY return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.",
"required": true,
"subAttributes": [
{
"name": "familyName",
"type": "string",
"multiValued": false,
"description": "The family name of the User, or last name in most Western languages (e.g., 'Jensen' given the full name 'Ms. Barbara J Jensen, III').",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "givenName",
"type": "string",
"multiValued": false,
"description": "The given name of the User, or first name in most Western languages (e.g., 'Barbara' given the full name 'Ms. Barbara J Jensen, III').",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "middleName",
"type": "string",
"multiValued": false,
"description": "The middle name(s) of the User (e.g., 'Jane' given the full name 'Ms. Barbara J Jensen, III').",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
}
],
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "displayName",
"type": "string",
"multiValued": false,
"description": "The name of the User, suitable for display to end-users. The name SHOULD be the full name of the User being described, if known.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "userType",
"type": "string",
"multiValued": false,
"description": "Used to identify the relationship between the organization and the user. Typical values used will be Super Admin, General Admin, Account Manager, User Manager, Workflow Manager, Experience Manager, Author and Reporter, but any value may be used.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "active",
"type": "boolean",
"multiValued": false,
"description": "A Boolean value indicating the User's administrative status.",
"required": false,
"mutability": "readWrite",
"returned": "default"
},
{
"name": "emails",
"type": "complex",
"multiValued": true,
"description": "Email addresses for the user. The value SHOULD be canonicalized by the service provider, e.g., 'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and 'other'.",
"required": true,
"subAttributes": [
{
"name": "value",
"type": "string",
"multiValued": false,
"description": "Email addresses for the user. The value SHOULD be canonicalized by the service provider, e.g., 'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and 'other'.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "display",
"type": "string",
"multiValued": false,
"description": "A human-readable name, primarily used for display purposes. READ-ONLY.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "type",
"type": "string",
"multiValued": false,
"description": "A label indicating the attribute's function, e.g., 'work' or 'home'.",
"required": false,
"caseExact": false,
"canonicalValues": [
"work",
"home",
"other"
],
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "primary",
"type": "boolean",
"multiValued": false,
"description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred mailing address or primary email address. The primary attribute value 'true' MUST appear no more than once.",
"required": false,
"mutability": "readWrite",
"returned": "default"
}
],
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "phoneNumbers",
"type": "complex",
"multiValued": true,
"description": "Phone numbers for the User. The value SHOULD be canonicalized by the service provider according to the format specified in RFC 3966, e.g., 'tel:+1-201-555-0123'. Canonical type values of 'work', 'home', 'mobile', 'fax', 'pager', and 'other'.",
"required": false,
"subAttributes": [
{
"name": "value",
"type": "string",
"multiValued": false,
"description": "Phone number of the User.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "display",
"type": "string",
"multiValued": false,
"description": "A human-readable name, primarily used for display purposes. READ-ONLY.",
"required": false,
"caseExact": false,
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "type",
"type": "string",
"multiValued": false,
"description": "A label indicating the attribute's function, e.g., 'work', 'home', 'mobile'.",
"required": false,
"caseExact": false,
"canonicalValues": [
"work",
"home",
"mobile",
"fax",
"pager",
"other"
],
"mutability": "readWrite",
"returned": "default",
"uniqueness": "none"
},
{
"name": "primary",
"type": "boolean",
"multiValued": false,
"description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred phone number or primary phone number. The primary attribute value 'true' MUST appear no more than once.",
"required": false,
"mutability": "readWrite",
"returned": "default"
}
],
"mutability": "readWrite",
"returned": "default"
}
],
"meta": {
"resourceType": "Schema",
"location": "/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:User"
}
}
]
RESTFUL SCIM APIs
Create User
/Users
BaseURLs:
API Endpoint :
Using API key: {{baseURL}}/scim/v1/Users
Using OAuth Token: {{baseURL}}/scim/v2/Users
Request Method: POST
This API create user and send a reset password link.
Header Parameters
Authorization: {{token}}Content-Type: application/json
Request format
{
"schemas":[
"urn:scim:schemas:core:1.0"
],
"externalId":"",
"userName":"john@example.com",
"name":{
"givenName":"John",
"familyName":"Deo"
},
"displayName":"Justin Bibinka",
"userType":"Super Admin",
"active":true,
"emails":[
{
"value":"john@example.com",
"primary":true
}
]
}
Response:
201 Created
{
"schemas":[
"urn:scim:schemas:core:1.0"
],
"id":"I6zx4C8kq",
"externalId":"",
"meta":{
"created":"2020-12-11T12:40:59-08:00",
"location":"https://api.syd.e1.enboarder.com/scim/v2/Users/I6zx4C8kq"
},
"userName":"john@example.com",
"name":{
"givenName":"John",
"familyName":"Deo"
},
"displayName":"Justin Bibinka",
"userType":"Super Admin",
"active":true,
"emails":[
{
"value":"john@example.com",
"primary":true
}
]
}Get user by ID
/Users/{{id}}
Base URLs
API Endpoint :
Using API key: {{baseURL}}/scim/v1/Users/{{id}}
Using OAuth Token: {{baseURL}}/scim/v2/Users/{{{id}}
Request Method: GET
Header Parameters
Authorization: {{token}}
Response:
200 OK - User Exists
{
"schemas":[
"urn:scim:schemas:core:1.0"
],
"id":"I6zx4C8kq",
"externalId":"",
"meta":{
"created":"2020-11-10T12:40:59-08:00",
"lastModified":"2020-12-10T21:32:44.882Z",
"location":"https://api.syd.e1.enboarder.com/scim/v2/Users/I6zx4C8kq"
},
"userName":"john@example.com",
"userType":"Super Admin",
"name":{
"givenName":"John",
"familyName":"Deo"
},
"displayName":"Justin Bibinka",
"active":true,
"emails":[
{
"value":"john@example.com",
"primary":true
}
]
}Update User
/Users/{{id}}
API Endpoint :
Using API key: {{baseURL}}/scim/v1/Users/{{id}}
Using OAuth Token: {{baseURL}}/scim/v2/Users/{{{id}}
Request Method: PUT
Base URLs
Header Parameters
Authorization: {{token}}Content-Type: application/json
Request format
{
"schemas":[
"urn:scim:schemas:core:1.0"
],
"externalId":"2819c223-7f76-453a-919d-413861904646",
"userName":"john@example.com",
"name":{
"givenName":"John",
"familyName":"Deo"
},
"displayName":"Justin Bibinka",
"userType":"Super Admin",
"active":true,
"emails":[
{
"value":"john@example.com",
"primary":true
},
{
"value":"john2@example.com",
"primary":false
}
]
}
Response:
200 OK
{
"schemas":[
"urn:scim:schemas:core:1.0"
],
"id":"I6zx4C8kq",
"externalId":"2819c223-7f76-453a-919d-413861904646",
"meta":{
"created":"2020-11-10T12:40:59-08:00",
"lastModified":"2020-12-13T21:32:44.882Z",
"location":"https://api.syd.e1.enboarder.com/scim/v2/Users/I6zx4C8kq"
},
"userName":"john@example.com",
"userType":"Super Admin",
"name":{
"givenName":"John",
"familyName":"Deo"
},
"displayName":"Justin Bibinka",
"active":true,
"emails":[
{
"value":"john@example.com",
"primary":true
},
{
"value":"john2@example.com",
"primary":false
}
]
}Delete User
/Users/{{id}}
API Endpoint :
Using API key: {{baseURL}}/scim/v1/Users/{{id}}
Using OAuth Token: {{baseURL}}/scim/v2/Users/{{{id}}
Request Method: DELETE
Base URLs
Header Parameters
Authorization: {{token}}
Response
A response with a 200 OK status code indicates a successful request.
API will return a 404 Not Found for all requests made for the deleted user.
List users
/Users
Base URLs
API Endpoint :
Using API key: {{baseURL}}/scim/v1/Users
Using OAuth Token: {{baseURL}}/scim/v2/Users
Request Method: GET
Header Parameters
Authorization: {{token}}
Response:
200 OK
Note: itemsPerPage and startIndex query parameters can be used for pagination. For example, use a URL like the following to return two records starting with the third record in the list of results: /Users?count=2&startIndex=3
{
"totalResults": 37,
"itemsPerPage": 2,
"startIndex": 3,
"schemas": [
"urn:scim:schemas:core:1.0"
],
"Resources": [
{
"schemas": [
"urn:scim:schemas:core:1.0"
],
"id": "I6zx4C8kq",
"externalId": "2819c223-7f76-453a-919d-413861904646",
"meta": {
"created": "2020-11-10T12:40:59-08:00",
"lastModified": "2020-12-13T21:32:44.882Z",
"location": "https://api.syd.e1.enboarder.com/scim/v2/Users/I6zx4C8kq"
},
"userName": "john@example.com",
"userType": "Super Admin",
"name": {
"givenName": "John",
"familyName": "Deo"
},
"displayName": "Justin Bibinka",
"active": true,
"emails": [
{
"value": "john@example.com",
"primary": true
},
{
"value": "john2@example.com",
"primary": false
}
]
},
{
"schemas": [
"urn:scim:schemas:core:1.0"
],
"id": "X5zx4C8kq",
"externalId": "1819c223-8f76-453a-919d-413861904556",
"meta": {
"created": "2020-10-10T12:40:59-08:00",
"lastModified": "2020-11-13T21:32:44.882Z",
"location": "https://api.syd.e1.enboarder.com/scim/v2/Users/X5zx4C8kq"
},
"userName": "jjalloh@example.com",
"userType": "Super Admin",
"name": {
"givenName": "Justin",
"familyName": "Jalloh"
},
"displayName": "Justin Jalloh",
"active": true,
"emails": [
{
"value": "jjalloh@example.com",
"primary": true
}
]
}
]
}Got questions? Reach out directly to your Customer Success Manager for assistance!