# SCIM API v1.0

Page contents

Introduction
Actors
Preconditions
Exceptions
Order of execution
Endpoints
Filter options for linked accounts

# Introduction

The SCIM REST API allows for creating and updating Users, Groups (referred to as Roles on the OwnIdP dashboard), Organizations, OrganizationUsers and RelyingParties (referred to as Service providers on the OwnIdP dashboard).

A complete list of all schema specifications is accessible via the https://example.tenant.com/ciam/1.0/scim/v2/Schemas endpoint.

# Actors

A SystemUser

# Preconditions

SystemUser's secret token

To authenticate with the SCIM REST API, you need a SystemUser's shared secret token. Contact Technical Support to receive your key.

The SystemUser's shared secret token key should be included in the Authorization HTTP header. The key should be prefixed by the string literal "Token", with whitespace separating the two strings. For example: Authorization: Token r454f2529f2cd27e1722e67a624b2b18335e6c21.
For POST and PATCH request, the Content-Type HTTP header should be application/json.
The SystemUser's linked OrganizationUser needs to have the correct OwnIdP permissions to access the SCIM endpoint.

# Exceptions

# No secret token (or an incorrect one) is included in the request's header.

The response will be in the form of a HTTP UNAUTHORISED (401).

# A secret token is included in the request's header but the SystemUser's OrganizationUser doesn't have the right OwnIdP permissions.

The response will be in the form of a HTTP FORBIDDEN (403).

# Order of execution

In the use case of initial setup, the right order of execution is as follows:

Create the Groups (using POST on the Groups endpoint)
Create the Organisations (using POST on the Organizations endpoint)
Add the Groups to the Organisations (using PATCH on the Organizations endpoint)
Create the Users (using POST on the Users endpoint)
Create the OrganizationUsers (using POST on the OrganizationUsers endpoint)
Add the Groups to the OrganizationUsers (using PATCH on the OrganizationUsers endpoint)

# Endpoints

Note

When filtering by custom attributes (Users, Organizations and OrganizationUsers endpoints only), the customerAttributeName must be entered exactly as it was created.

Users
Groups
Organizations
OrganizationUsers
RelyingParties
TOTPDevices
UserResetPassword
InviteUser
Invitations

# Users

Core schema specification: https://example.tenant.com/ciam/1.0/scim/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:User
Extension schema specification: https://example.tenant.com/ciam/1.0/scim/v2/Schemas/urn:example.tenant.com:ciam:scim:schemas:extension:1.0:User
Endpoint: https://example.tenant.com/ciam/1.0/scim/v2/Users
Allow: GET, POST, DELETE, PATCH
Filter options for Users (for an example, see below):
- id (uuid)
- externalId (string)
- userName (string)
- givenName (string)
- familyName (string)
- name (string)
- emails(string)
- active (boolean)
- isShadowUser (boolean)
- created (date)
- lastModified (date)
- customAttributeName (value)

GET all users example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/Users

Response: 200 OK

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 8,
    "itemsPerPage": 50,
    "startIndex": 1,
    "Resources": [
        {
            "schemas": [
                "urn:ietf:params:scim:schemas:core:2.0:User",
                "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:User"
            ],
            "id": "b04a0c61-132f-4c47-ae9b-ea2b79046254",
            "externalId": "b04a0c61-132f-4c47-ae9b-ea2b79046254",
            "userName": "john-doe",
            "name": {
                "givenName": "John",
                "familyName": "Doe",
                "formatted": "John Doe"
            },
            "displayName": "John Doe",
            "emails": [
                {
                    "value": "john-doe@test.com",
                    "primary": true
                }
            ],
            "active": true,
            "x509Certificates":[],
            "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:User": {

            },
            "meta": {
                "resourceType": "User",
                "created": "2020-08-07T07:39:53.394952+00:00",
                "lastModified": "2020-08-07T07:39:53.394952+00:00",
                "location": "https://example.tenant.com/ciam/1.0/scim/v2/Users/04a0c61-132f-4c47-ae9b-ea2b79046254"
            }
        },
        ...
    ]
}

Note: This will show maximum 50 records by default. Use count as query parameter to change the default max limit. For example, use https://example.tenant.com/ciam/1.0/scim/v2/Users?count=100 to show 100 records.

GET single user example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/Users/b04a0c61-132f-4c47-ae9b-ea2b79046254

Response: 200 OK

{
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User",
        "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:User"
    ],
    "id": "b04a0c61-132f-4c47-ae9b-ea2b79046254",
    "externalId": "b04a0c61-132f-4c47-ae9b-ea2b79046254",
    "userName": "john-doe",
    "name": {
        "givenName": "John",
        "familyName": "Doe",
        "formatted": "John Doe"
    },
    "displayName": "John Doe",
    "emails": [
        {
            "value": "john-doe@test.com",
            "primary": true
        }
    ],
    "active": true,
    "x509Certificates":[],
    "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:User": {

    },
    "meta": {
        "resourceType": "User",
        "created": "2020-08-07T07:39:53.394952+00:00",
        "lastModified": "2020-08-07T07:39:53.394952+00:00",
        "location": "https://example.tenant.com/ciam/1.0/scim/v2/Users/04a0c61-132f-4c47-ae9b-ea2b79046254"
    }
}

GET response attribute filtering example (can also be used in combination with standard filtering):

Request:

https://example.tenant.com/ciam/1.0/scim/v2/Users?attributes=userName

Response: 200 OK

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 8,
    "itemsPerPage": 50,
    "startIndex": 1,
    "Resources": [
        {
            "id": "b04a0c61-132f-4c47-ae9b-ea2b79046254",
            "userName": "john-doe"
        },
        {
            "id": "c159dc61-132f-4c47-ae9b-ea2b79046254",
            "userName": "Tony-coen"
        },
        ...
    ]
}

Multiple values can be passed in the attributes filter, example:

https://example.tenant.com/ciam/1.0/scim/v2/Users?attributes=displayName, userName

Example with standard filter and response attribute filter:

https://example.tenant.com/ciam/1.0/scim/v2/Users?filter=externalId eq "17e78087-ea19-4cd0-a38a-732a4f898413"&attributes=displayName

GET users using filter example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/Users?filter=name.givenName Eq "John" and active Eq "True"

Response: 200 OK

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 1,
    "itemsPerPage": 50,
    "startIndex": 1,
    "Resources": [
        {
            "schemas": [
                "urn:ietf:params:scim:schemas:core:2.0:User",
                "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:User"
            ],
            "id": "b04a0c61-132f-4c47-ae9b-ea2b79046254",
            "externalId": "b04a0c61-132f-4c47-ae9b-ea2b79046254",
            "userName": "john-doe",
            "name": {
                "givenName": "John",
                "familyName": "Doe",
                "formatted": "John Doe"
            },
            "displayName": "John Doe",
            "emails": [
                {
                    "value": "john-doe@test.com",
                    "primary": true
                }
            ],
            "active": true,
            "x509Certificates":[],
            "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:User": {

            },
            "meta": {
                "resourceType": "User",
                "created": "2020-08-07T07:39:53.394952+00:00",
                "lastModified": "2020-08-07T07:39:53.394952+00:00",
                "location": "https://example.tenant.com/ciam/1.0/scim/v2/Users/04a0c61-132f-4c47-ae9b-ea2b79046254"
            }
        }
    ]
}

POST example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/Users

Request body:

{
    "schemas": [
         "urn:ietf:params:scim:schemas:core:2.0:User",
         "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:User"
    ],
    "name": {"givenName": "Jane", "familyName": "Doe"},
    "emails": [{"value": "jane-doe@test.com", "primary": "true"}],
    "userName": "jane-doe",
    "password": "aAbBcCdDeE1!2@3#",
    "resetPassword": true,
    "customAttributes": [{"id": "b04a0c61-132f-4c47-ae9b-ea2b79046254", "value": "test"}]
}

Response: 201 Created

{
    "schemas": [
         "urn:ietf:params:scim:schemas:core:2.0:User",
         "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:User"
    ],
    "id": "e82a9c37-acb0-454c-a901-35968bdba84b",
    "externalId": null,
    "userName": "jane-doe",
    "name": {
        "givenName": "Jane",
        "familyName": "Doe",
        "formatted": "Jane Doe"
    },
    "displayName": "Jane Doe",
    "emails": [
        {
            "value": "jane-doe@test.com",
            "primary": true
        }
    ],
    "active": true,
    "x509Certificates": [],
    "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:User": {

    },
    "meta": {
        "resourceType": "User",
        "created": "2020-08-07T08:32:52.503969+00:00",
        "lastModified": "2020-08-07T08:32:52.503969+00:00",
        "location": "https://example.tenant.com/ciam/1.0/scim/v2/Users/e82a9c37-acb0-454c-a901-35968bdba84b"
    }
}

You can specify if a user has to reset its password before logging in for the first time with the resetPassword field

Example:

{
    "name": {"givenName": "Jane", "familyName": "Doe"},
    "emails": [{"value": "jane-doe@test.com", "primary": "true"}],
    "userName": "jane-doe",
    "password": "aAbBcCdDeE1!2@3#",
    "resetPassword": true,
}

DELETE example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/Users/e82a9c37-acb0-454c-a901-35968bdba84b

Response: 204 No Content

PATCH example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/Users/e82a9c37-acb0-454c-a901-35968bdba84b

Request body:

{
    "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
    "Operations": [
        {"op": "replace", "path": "externalId", "value": "123456"},
        {"op": "replace", "path": "name.givenName", "value": "Jane1"},
        {"op": "replace", "path": "name.familyName", "value": "Doe1"},
        {"op": "replace", "path": "userName", "value": "jane1-doe1"},
        {"op": "replace", "path": "active", "value": false},
        {"op": "replace", "path": "password", "value": "AaBbCcDdEe!1@2#3"},
        {"op": "replace", "path": "emails", "value": {"value": "jane1.doe1@test.com", "primary": "true"}}
    ]
}

Response: 200 OK

{
    "schemas": [
         "urn:ietf:params:scim:schemas:core:2.0:User",
         "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:User"
    ],
    "id": "e82a9c37-acb0-454c-a901-35968bdba84b",
    "externalId": "123456",
    "userName": "jane1-doe1",
    "name": {
        "givenName": "Jane1",
        "familyName": "Doe1",
        "formatted": "Jane1 Doe1"
    },
    "displayName": "Jane1 Doe1",
    "emails": [
        {
            "value": "jane1-doe1@test.com",
            "primary": true
        }
    ],
    "active": false,
    "x509Certificates": [],
    "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:User": {

    },
    "meta": {
        "resourceType": "User",
        "created": "2020-08-07T08:32:52.503969+00:00",
        "lastModified": "2020-08-08T08:32:52.503969+00:00",
        "location": "https://example.tenant.com/ciam/1.0/scim/v2/Users/e82a9c37-acb0-454c-a901-35968bdba84b"
    }
}

# Groups

Core schema specification: https://example.tenant.com/ciam/1.0/scim/v2/urn:ietf:params:scim:schemas:core:2.0:Group
Extension schema specification: https://example.tenant.com/ciam/1.0/scim/v2/Schemas/urn:connectis:ciam:scim:schemas:extension:1.0:Group
Endpoint: https://example.tenant.com/ciam/1.0/scim/v2/Groups
Note: "Groups" are referred to as "Roles" on the front-end dashboard.
Allow: GET, POST, DELETE, PATCH
Filter options for Groups (for an example, see below):
- id (uuid)
- externalId (string)
- displayName (string)
- description (string)

GET all groups example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/Groups

Response: 200 OK

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 4,
    "itemsPerPage": 50,
    "startIndex": 1,
    "Resources": [
        {
            "schemas": [
                "urn:ietf:params:scim:schemas:core:2.0:Group",
                "urn:connectis:ciam:scim:schemas:extension:1.0:Group"
            ],
            "id": "17e78087-ea19-4cd0-a38a-732a4f898413",
            "externalId": "17e78087-ea19-4cd0-a38a-732a4f898413",
            "displayName": "Test Group",
            "members": [
                {
                    "value": "add4cac2-613f-449b-ae1c-97ce7be22a4a",
                    "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/OrganizationUsers/add4cac2-613f-449b-ae1c-97ce7be22a4a",
                    "display": "Test Organization - John Doe"
                    "type": "OrganizationUser"
                }
            ],
            "urn:connectis:ciam:scim:schemas:extension:1.0:Group": {
                "order": 6,
                "description": "Description for Test Group"
    },
            "meta": {
                "resourceType": "Group",
                "location": "https://example.tenant.com/ciam/1.0/scim/v2/Groups/17e78087-ea19-4cd0-a38a-732a4f898413"
            }
        },
        ...
    ]
}

Note: This will show maximum 50 records by default. Use count as query parameter to change the default max limit. For example, use https://example.tenant.com/ciam/1.0/scim/v2/Groups?count=100 to show 100 records.

GET single group example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/Groups/17e78087-ea19-4cd0-a38a-732a4f898413

Response: 200 OK

{
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Group",
        "urn:connectis:ciam:scim:schemas:extension:1.0:Group"
    ],
    "id": "17e78087-ea19-4cd0-a38a-732a4f898413",
    "externalId": "17e78087-ea19-4cd0-a38a-732a4f898413",
    "displayName": "Test Group",
    "members": [
        {
             "value": "add4cac2-613f-449b-ae1c-97ce7be22a4a",
             "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/OrganizationUsers/add4cac2-613f-449b-ae1c-97ce7be22a4a",
             "display": "Test Organization - John Doe"
             "type": "OrganizationUser"
        }
    ],
    "urn:connectis:ciam:scim:schemas:extension:1.0:Group": {
        "order": 6,
        "description": "Description for Test Group"
    },
    "meta": {
        "resourceType": "Group",
        "location": "https://example.tenant.com/ciam/1.0/scim/v2/Groups/17e78087-ea19-4cd0-a38a-732a4f898413"
    }
}

GET response attribute filtering example (can also be used in combination with standard filtering):

Request:

https://example.tenant.com/ciam/1.0/scim/v2/Groups?attributes=displayName

Response: 200 OK

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 5,
    "itemsPerPage": 50,
    "startIndex": 1,
    "Resources": [
        {
            "id": "17e78087-ea19-4cd0-a38a-732a4f898413",
            "displayName": "Test Group"
        },
        ...
    ]
}

Multiple values can be passed in the attributes filter, example:

https://example.tenant.com/ciam/1.0/scim/v2/Groups?attributes=displayName, externalId

Example with standard filter and response attribute filter:

https://example.tenant.com/ciam/1.0/scim/v2/Groups?filter=externalId eq "17e78087-ea19-4cd0-a38a-732a4f898413"&attributes=displayName

GET groups using filter example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/Groups?filter=displayName Eq "Test Group

Response: 200 OK

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 1,
    "itemsPerPage": 50,
    "startIndex": 1,
    "Resources": [
        {
            "schemas": [
                "urn:ietf:params:scim:schemas:core:2.0:Group",
                "urn:connectis:ciam:scim:schemas:extension:1.0:Group"
            ],
            "id": "17e78087-ea19-4cd0-a38a-732a4f898413",
            "externalId": "17e78087-ea19-4cd0-a38a-732a4f898413",
            "displayName": "Test Group",
            "members": [
                {
                    "value": "add4cac2-613f-449b-ae1c-97ce7be22a4a",
                    "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/OrganizationUsers/add4cac2-613f-449b-ae1c-97ce7be22a4a",
                    "display": "Test Organization - John Doe"
                    "type": "OrganizationUser"
                }
            ],
            "urn:connectis:ciam:scim:schemas:extension:1.0:Group": {
                "order": 6,
                "description": "Description for Test Group"
    },
            "meta": {
                "resourceType": "Group",
                "location": "https://example.tenant.com/ciam/1.0/scim/v2/Groups/17e78087-ea19-4cd0-a38a-732a4f898413"
            }
        }
    ]
}

POST example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/Groups

Request body:

{
    "schemas": [
         "urn:ietf:params:scim:schemas:core:2.0:Group",
         "urn:connectis:ciam:scim:schemas:extension:1.0:Group"
    ],
    "displayName": "Test Group"
}

Response: 201 Created

{
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Group",
        "urn:connectis:ciam:scim:schemas:extension:1.0:Group"
    ],
    "id": "17e78087-ea19-4cd0-a38a-732a4f898413",
    "externalId": null,
    "displayName": "Test Group",
    "members": [],
    "urn:connectis:ciam:scim:schemas:extension:1.0:Group": {
        "order": 6,
        "description": ""
    },
    "meta": {
        "resourceType": "Group",
        "location": "https://example.tenant.com/ciam/1.0/scim/v2/Groups/17e78087-ea19-4cd0-a38a-732a4f898413"
    }
}

DELETE example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/Groups/17e78087-ea19-4cd0-a38a-732a4f898413

Response: 204 No Content

PATCH example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/Groups/17e78087-ea19-4cd0-a38a-732a4f898413

Request body:

{
    "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
    "Operations": [
        {"op": "replace", "path": "externalId", "value": "123456"},
        {"op": "replace", "path": "displayName", "value": "Updated Test Group"},
        {"op": "replace", "path": "order", "value": "15"},
        {"op": "replace", "path": "description", "value": "Description for Updated Test Group"}
    ]
}

Response: 200 OK

{
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Group",
        "urn:connectis:ciam:scim:schemas:extension:1.0:Group"
    ],
    "id": "17e78087-ea19-4cd0-a38a-732a4f898413",
    "externalId": "123456,
    "displayName": "Updated Test Group",
    "members": [],
    "urn:connectis:ciam:scim:schemas:extension:1.0:Group": {
        "order": 15,
        "description": "Description for Updated Test Group"
    },
    "meta": {
        "resourceType": "Group",
        "location": "https://example.tenant.com/ciam/1.0/scim/v2/Groups/17e78087-ea19-4cd0-a38a-732a4f898413"
    }
}

# Organizations

Core schema specification: https://example.tenant.com/ciam/1.0/scim/v2/Schemas/urn:connectis:ciam:scim:schemas:core:1.0:Organization
Extension schema specification: https://example.tenant.com/ciam/1.0/scim/v2/Schemas/urn:example.tenant.com:ciam:scim:schemas:extension:1.0:Organization
Endpoint: https://example.tenant.com/ciam/1.0/scim/v2/Organizations
Allow: GET, POST, DELETE, PATCH
Filter options for Organisations (for an example, see below):
- id (uuid)
- externalId (string)
- name (string)
- active (boolean)
- parent (uuid)
- cc (string)
- branchNumber(string)
- organizationCode (string)
- customAttributeName (value)

GET all organizations example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/Organizations

Response: 200 OK

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 5,
    "itemsPerPage": 50,
    "startIndex": 1,
    "Resources": [
        {
            "schemas": [
                "urn:connectis:ciam:scim:schemas:core:1.0:Organization",
                "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:Organization"
            ],
            "id": "f39322c6-7234-478a-a976-9a7409c0b085",
            "externalId": "f39322c6-7234-478a-a976-9a7409c0b085",
            "name": "Test Organization",
            "active": true,
            "parent": {
                "value": "03eb07ff-e21b-48e3-9f7c-147ec69bccba",
                "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Organizations/5b55284a-f330-424f-8dc0-afac7d4cf51f",
                "display": "Parent Organization",
                "type": "Organization"
            },
            "organizationUsers": [
                {
                    "value": "add4cac2-613f-449b-ae1c-97ce7be22a4a",
                    "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/OrganizationUsers/add4cac2-613f-449b-ae1c-97ce7be22a4a",
                    "display": "Test Organization - John Doe"
                    "type": "OrganizationUser"
                }
            ],
            "groups": [
                {
                    "value": "50945e0d-53e8-46fe-88fe-94f571ffec5d",
                    "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Groups/50945e0d-53e8-46fe-88fe-94f571ffec5d",
                    "display": "Test Group"
                    "type": "Group"
                },
            ],
            "meta": {
                "resourceType": "Organization",
                "location": "https://example.tenant.com/ciam/1.0/scim/v2/Organizations/f39322c6-7234-478a-a976-9a7409c0b085"
            }
        },
        ...
    ]
}

Note: This will show maximum 50 records by default. Use count as query parameter to change the default max limit. For example, use https://example.tenant.com/ciam/1.0/scim/v2/Organizations?count=100 to show 100 records.

GET single organisation example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/Organizations/f39322c6-7234-478a-a976-9a7409c0b085

Response: 200 OK

{
    "schemas": [
        "urn:connectis:ciam:scim:schemas:core:1.0:Organization",
        "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:Organization"
    ],
    "id": "f39322c6-7234-478a-a976-9a7409c0b085",
    "externalId": "f39322c6-7234-478a-a976-9a7409c0b085",
    "name": "Test Organization",
    "active": true,
    "parent": {
        "value": "03eb07ff-e21b-48e3-9f7c-147ec69bccba",
        "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Organizations/5b55284a-f330-424f-8dc0-afac7d4cf51f",
        "display": "Parent Organization",
        "type": "Organization"
    },
    "organizationUsers": [
        {
            "value": "add4cac2-613f-449b-ae1c-97ce7be22a4a",
            "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/OrganizationUsers/add4cac2-613f-449b-ae1c-97ce7be22a4a",
            "display": "Test Organization - John Doe"
            "type": "OrganizationUser"
        }
    ],
    "groups": [
        {
            "value": "50945e0d-53e8-46fe-88fe-94f571ffec5d",
            "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Groups/50945e0d-53e8-46fe-88fe-94f571ffec5d",
            "display": "Test Group"
            "type": "Group"
        },
    ],
    "meta": {
        "resourceType": "Organization",
        "location": "https://example.tenant.com/ciam/1.0/scim/v2/Organizations/f39322c6-7234-478a-a976-9a7409c0b085"
    }
}

GET response attribute filtering example (can also be used in combination with standard filtering):

Request:

https://example.tenant.com/ciam/1.0/scim/v2/Organizations?attributes=name

Response: 200 OK

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 5,
    "itemsPerPage": 50,
    "startIndex": 1,
    "Resources": [
        {
            "id": "f39322c6-7234-478a-a976-9a7409c0b085",
            "name": "Test Organization",
        },
        ...
    ]
}

Multiple values can be passed in the attributes filter, example:

https://example.tenant.com/ciam/1.0/scim/v2/Organizations?attributes=name, active

Example with standard filter and response attribute filter:

https://example.tenant.com/ciam/1.0/scim/v2/Organizations?filter=name eq "OrganizationName"&attributes=user

GET organizations using filter example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/Organizations?filter=name Eq "Test Organization"

Response: 200 OK

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 1,
    "itemsPerPage": 50,
    "startIndex": 1,
    "Resources": [
        {
            "schemas": [
                "urn:connectis:ciam:scim:schemas:core:1.0:Organization",
                "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:Organization"
            ],
            "id": "f39322c6-7234-478a-a976-9a7409c0b085",
            "externalId": "f39322c6-7234-478a-a976-9a7409c0b085",
            "name": "Test Organization",
            "active": true,
            "parent": {
                "value": "03eb07ff-e21b-48e3-9f7c-147ec69bccba",
                "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Organizations/5b55284a-f330-424f-8dc0-afac7d4cf51f",
                "display": "Parent Organization",
                "type": "Organization"
            },
            "organizationUsers": [
                {
                    "value": "add4cac2-613f-449b-ae1c-97ce7be22a4a",
                    "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/OrganizationUsers/add4cac2-613f-449b-ae1c-97ce7be22a4a",
                    "display": "Test Organization - John Doe"
                    "type": "OrganizationUser"
                }
            ],
            "groups": [
                {
                    "value": "50945e0d-53e8-46fe-88fe-94f571ffec5d",
                    "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Groups/50945e0d-53e8-46fe-88fe-94f571ffec5d",
                    "display": "Test Group"
                    "type": "Group"
                },
            ],
            "meta": {
                "resourceType": "Organization",
                "location": "https://example.tenant.com/ciam/1.0/scim/v2/Organizations/f39322c6-7234-478a-a976-9a7409c0b085"
            }
        }
    ]
}

POST example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/Organizations

Request body:

{
    "schemas": [
         "urn:connectis:ciam:scim:schemas:core:1.0:Organization",
         "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:Organization"
    ],
    "name": "Test Organization",
    "active": true,
    "parent": "03eb07ff-e21b-48e3-9f7c-147ec69bccba",
    "cc": "987654321",
    "branchNumber": "12345",
    "organizationCode": "6789"
    "customAttributes": [{"id": "b04a0c61-132f-4c47-ae9b-ea2b79046254", "value": "test"}],
    "groups": ["b04a0c61-132f-4c47-ae9b-ea2b79046254", "b04a0c61-132f-4c47-ae9b-ea2b79046254", ]
}

Response: 201 Created

{
    "schemas": [
        "urn:connectis:ciam:scim:schemas:core:1.0:Organization",
        "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:Organization"
    ],
    "id": "f39322c6-7234-478a-a976-9a7409c0b085",
    "externalId": null,
    "name": "Test Organization",
    "active": true,
    "parent": {
        "value": "03eb07ff-e21b-48e3-9f7c-147ec69bccba",
        "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Organizations/5b55284a-f330-424f-8dc0-afac7d4cf51f",
        "display": "Parent Organization",
        "type": "Organization"
    },
    "organizationUsers": [],
    "groups": [],
    "meta": {
        "resourceType": "Organization",
        "location": "https://example.tenant.com/ciam/1.0/scim/v2/Organizations/f39322c6-7234-478a-a976-9a7409c0b085"
    }
}

DELETE example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/Organizations/f39322c6-7234-478a-a976-9a7409c0b085

Response: 204 No Content

WARNING

Do not delete your main organisation with OrganisationID 1 (ciam/organisations/1/). This will cause you to lose the option to login with your MySignicat account.

PATCH example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/Organizations/f39322c6-7234-478a-a976-9a7409c0b085

Request body:

{
    "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
    "Operations": [
        {"op": "replace", "path": "externalId", "value": "123456"},
        {"op": "replace", "path": "name", "value": "Updated Test Organization"},
        {"op": "replace", "path": "active", "value": false},
        {"op": "replace", "path": "parent", "value": "ed32c069-2248-4d03-b3f3-335cd2c3e730"},
        {"op": "replace", "path": "cc", "value": "123456789"},
        {"op": "replace", "path": "branchNumber", "value": "5623"},
        {"op": "replace", "path": "organizationCode", "value": "325621"},
        {"op": "add", "path": "groups", "value": [{"value": "50945e0d-53e8-46fe-88fe-94f571ffec5d"}]},
        {"op": "remove", "path": "groups", "value": [{"value": "5edd5205-f2d0-4b7d-aeac-f43dcc98b2b1"}]},
    ]
}

Response: 200 OK

{
    "schemas": [
        "urn:connectis:ciam:scim:schemas:core:1.0:Organization",
        "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:Organization"
    ],
    "id": "f39322c6-7234-478a-a976-9a7409c0b085",
    "externalId": "123456",
    "name": "Updated Test Organization",
    "active": false,
    "parent": {
        "value": "ed32c069-2248-4d03-b3f3-335cd2c3e730",
        "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Organizations/ed32c069-2248-4d03-b3f3-335cd2c3e730",
        "display": "New Parent Organization",
        "type": "Organization"
    },
    "organizationUsers": [
        {
            "value": "add4cac2-613f-449b-ae1c-97ce7be22a4a",
            "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/OrganizationUsers/add4cac2-613f-449b-ae1c-97ce7be22a4a",
            "display": "Updated Test Organization - John Doe"
            "type": "OrganizationUser"
        }
    ],
    "groups": [
        {
            "value": "50945e0d-53e8-46fe-88fe-94f571ffec5d",
            "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Groups/50945e0d-53e8-46fe-88fe-94f571ffec5d",
            "display": "Test Groups"
            "type": "Group"
        },
    ],
    "meta": {
        "resourceType": "Organization",
        "location": "https://example.tenant.com/ciam/1.0/scim/v2/Organizations/f39322c6-7234-478a-a976-9a7409c0b085"
    }
}

# OrganizationUsers

Core schema specification: https://example.tenant.com/ciam/1.0/scim/v2/Schemas/urn:connectis:ciam:scim:schemas:core:1.0:OrganizationUser
Extension schema specification: https://example.tenant.com/ciam/1.0/scim/v2/Schemas/urn:example.tenant.com:ciam:scim:schemas:extension:1.0:OrganizationUser
Endpoint: https://example.tenant.com/ciam/1.0/scim/v2/OrganizationUsers
Allow: GET, POST, DELETE, PATCH
Filter options for OrganizationsUsers (for an example, see below):
- id (uuid)
- externalId (string)
- active (boolean)
- customAttributeName (value)
- user(uuid)

GET all organization-users example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/OrganizationUsers

Response: 200 OK

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 2,
    "itemsPerPage": 50,
    "startIndex": 1,
    "Resources": [
        {
            "schemas": [
                "urn:connectis:ciam:scim:schemas:core:1.0:OrganizationUser",
                "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:OrganizationUser"
            ],
            "id": "add4cac2-613f-449b-ae1c-97ce7be22a4a",
            "externalId": "add4cac2-613f-449b-ae1c-97ce7be22a4a",
            "displayName": "Test Organization - John Doe",
            "active": true,
            "organization": {
                "value": "f39322c6-7234-478a-a976-9a7409c0b085",
                "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Organizations/f39322c6-7234-478a-a976-9a7409c0b085",
                "display": "Test Organization",
                "type": "Organization"
            },
            "user": {
                "value": "b04a0c61-132f-4c47-ae9b-ea2b79046254",
                "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Users/b04a0c61-132f-4c47-ae9b-ea2b79046254",
                "display": "John Doe"
                "type": "User"
            },
            "invitedBy": {
                "value": "edd68232-0766-411b-8050-1ff35b4e6276",
                "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Users/edd68232-0766-411b-8050-1ff35b4e6276",
                "display": "Test User"
                "type": "User"
            },
            "groups": [
                {
                    "value": "17e78087-ea19-4cd0-a38a-732a4f898413",
                    "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Groups/17e78087-ea19-4cd0-a38a-732a4f898413",
                    "display": "Test Group"
                    "type": "Group"
                }
            ],
            "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:OrganizationUser": {

            },
            "meta": {
                "resourceType": "OrganizationUser",
                "location": "https://example.tenant.com/ciam/1.0/scim/v2/OrganizationUsers/add4cac2-613f-449b-ae1c-97ce7be22a4a"
            }
        },
        ...
    ]
}

Note: This will show maximum 50 records by default. Use count as query parameter to change the default max limit. For example, use https://example.tenant.com/ciam/1.0/scim/v2/OrganizationUsers?count=100 to show 100 records.

GET single organization-user example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/OrganizationUsers/add4cac2-613f-449b-ae1c-97ce7be22a4a

Response: 200 OK

{
    "schemas": [
        "urn:connectis:ciam:scim:schemas:core:1.0:OrganizationUser",
        "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:OrganizationUser"
    ],
    "id": "add4cac2-613f-449b-ae1c-97ce7be22a4a",
    "externalId": "add4cac2-613f-449b-ae1c-97ce7be22a4a",
    "displayName": "Test Organization - John Doe",
    "active": true,
    "organization": {
        "value": "f39322c6-7234-478a-a976-9a7409c0b085",
        $ref": "https://example.tenant.com/ciam/1.0/scim/v2/Organizations/f39322c6-7234-478a-a976-9a7409c0b085",
        "display": "Test Organization",
        "type": "Organization"
    },
    "user": {
        "value": "b04a0c61-132f-4c47-ae9b-ea2b79046254",
        "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Users/b04a0c61-132f-4c47-ae9b-ea2b79046254",
        "display": "John Doe"
        "type": "User"
    },
    "invitedBy": {
        "value": "edd68232-0766-411b-8050-1ff35b4e6276",
        "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Users/edd68232-0766-411b-8050-1ff35b4e6276",
        "display": "Test User"
        "type": "User"
    },
    "groups": [
        {
            "value": "17e78087-ea19-4cd0-a38a-732a4f898413",
            "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Groups/17e78087-ea19-4cd0-a38a-732a4f898413",
            "display": "Test Group"
            "type": "Group"
        }
    ],
    "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:OrganizationUser": {

    },
    "meta": {
        "resourceType": "OrganizationUser",
        "location": "https://example.tenant.com/ciam/1.0/scim/v2/OrganizationUsers/add4cac2-613f-449b-ae1c-97ce7be22a4a"
    }
}

GET response attribute filtering example (can also be used in combination with standard filtering):

Request:

https://example.tenant.com/ciam/1.0/scim/v2/OrganizationUser?attributes=displayName

Response: 200 OK

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 1,
    "itemsPerPage": 50,
    "startIndex": 1,
    "Resources": [
        {
            "id": "50945e0d-53e8-46fe-88fe-94f571ffec5d",
            "displayName": "1st Organization AdminUser",
        },
        ...
    ]
}

Multiple values can be passed in the attributes filter, example:

 https://example.tenant.com/ciam/1.0/scim/v2/OrganizationUser?attributes=displayName, active

Example with standard filter and response attribute filter:

https://example.tenant.com/ciam/1.0/scim/v2/OrganizationUser?filter=displayName eq "OrganizationAdmin"&attributes=organization

GET organization-user using filter example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/OrganizationUsers?filter=active Eq "True"

Response: 200 OK

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 2,
    "itemsPerPage": 50,
    "startIndex": 1,
    "Resources": [
        {
            "schemas": [
                "urn:connectis:ciam:scim:schemas:core:1.0:OrganizationUser",
                "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:OrganizationUser"
            ],
            "id": "add4cac2-613f-449b-ae1c-97ce7be22a4a",
            "externalId": "add4cac2-613f-449b-ae1c-97ce7be22a4a",
            "displayName": "Test Organization - John Doe",
            "active": true,
            "organization": {
                "value": "f39322c6-7234-478a-a976-9a7409c0b085",
                "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Organizations/f39322c6-7234-478a-a976-9a7409c0b085",
                "display": "Test Organization",
                "type": "Organization"
            },
            "user": {
                "value": "b04a0c61-132f-4c47-ae9b-ea2b79046254",
                "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Users/b04a0c61-132f-4c47-ae9b-ea2b79046254",
                "display": "John Doe"
                "type": "User"
            },
            "invitedBy": {
                "value": "edd68232-0766-411b-8050-1ff35b4e6276",
                "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Users/edd68232-0766-411b-8050-1ff35b4e6276",
                "display": "Test User"
                "type": "User"
            },
            "groups": [
                {
                    "value": "17e78087-ea19-4cd0-a38a-732a4f898413",
                    "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Groups/17e78087-ea19-4cd0-a38a-732a4f898413",
                    "display": "Test Group"
                    "type": "Group"
                }
            ],
            "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:OrganizationUser": {

            },
            "meta": {
                "resourceType": "OrganizationUser",
                "location": "https://example.tenant.com/ciam/1.0/scim/v2/OrganizationUsers/add4cac2-613f-449b-ae1c-97ce7be22a4a"
            }
        },
        ...
    ]
}

POST example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/OrganizationUsers

Request body:

{
    "schemas": [
         "urn:connectis:ciam:scim:schemas:core:1.0:OrganizationUser",
         "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:OrganizationUser"
    ],
    "organization": "f39322c6-7234-478a-a976-9a7409c0b085",
    "user": "b04a0c61-132f-4c47-ae9b-ea2b79046254"
    "customAttributes": [{"id": "b04a0c61-132f-4c47-ae9b-ea2b79046254", "value": "test"}],
    "groups": ["b04a0c61-132f-4c47-ae9b-ea2b79046254", "b04a0c61-132f-4c47-ae9b-ea2b79046254", ]
}

Response: 201 Created

{
    "schemas": [
        "urn:connectis:ciam:scim:schemas:core:1.0:OrganizationUser",
        "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:OrganizationUser"
    ],
    "id": "add4cac2-613f-449b-ae1c-97ce7be22a4a",
    "externalId": null,
    "displayName": "Test Organization - John Doe",
    "active": true,
    "organization": {
        "value": "f39322c6-7234-478a-a976-9a7409c0b085",
        $ref": "https://example.tenant.com/ciam/1.0/scim/v2/Organizations/f39322c6-7234-478a-a976-9a7409c0b085",
        "display": "Test Organization",
        "type": "Organization"
    },
    "user": {
        "value": "b04a0c61-132f-4c47-ae9b-ea2b79046254",
        "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Users/b04a0c61-132f-4c47-ae9b-ea2b79046254",
        "display": "John Doe"
        "type": "User"
    },
    "invitedBy": {
        "value": "edd68232-0766-411b-8050-1ff35b4e6276",
        "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Users/edd68232-0766-411b-8050-1ff35b4e6276",
        "display": "Test User"
        "type": "User"
    },
    "groups": [],
    "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:OrganizationUser": {

    },
    "meta": {
        "resourceType": "OrganizationUser",
        "location": "https://example.tenant.com/ciam/1.0/scim/v2/OrganizationUsers/add4cac2-613f-449b-ae1c-97ce7be22a4a"
    }
}

DELETE example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/OrganizationUsers/add4cac2-613f-449b-ae1c-97ce7be22a4a

Response: 204 No Content

PATCH example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/OrganizationUsers/add4cac2-613f-449b-ae1c-97ce7be22a4a

Request body:

{
    "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
    "Operations": [
        {"op": "replace", "path": "externalId", "value": "123456"},
        {"op": "replace", "path": "active", "value": false},
        {"op": "add", "path": "groups", "value": [{"value": "17e78087-ea19-4cd0-a38a-732a4f898413"}]},
        {"op": "remove", "path": "groups", "value": [{"value": "6d1f8176-0c0c-4bf9-8477-5b7520d7b6c3"}]},
    ]
}

Response: 200 OK

{
    "schemas": [
        "urn:connectis:ciam:scim:schemas:core:1.0:OrganizationUser",
        "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:OrganizationUser"
    ],
    "id": "add4cac2-613f-449b-ae1c-97ce7be22a4a",
    "externalId": "123456",
    "displayName": "Test Organization - John Doe",
    "active": false,
    "organization": {
        "value": "f39322c6-7234-478a-a976-9a7409c0b085",
        $ref": "https://example.tenant.com/ciam/1.0/scim/v2/Organizations/f39322c6-7234-478a-a976-9a7409c0b085",
        "display": "Test Organization",
        "type": "Organization"
    },
    "user": {
        "value": "b04a0c61-132f-4c47-ae9b-ea2b79046254",
        "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Users/b04a0c61-132f-4c47-ae9b-ea2b79046254",
        "display": "John Doe"
        "type": "User"
    },
    "invitedBy": {
        "value": "edd68232-0766-411b-8050-1ff35b4e6276",
        "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Users/edd68232-0766-411b-8050-1ff35b4e6276",
        "display": "Test User"
        "type": "User"
    },
    "groups": [
        {
            "value": "17e78087-ea19-4cd0-a38a-732a4f898413",
            "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Groups/17e78087-ea19-4cd0-a38a-732a4f898413",
            "display": "Test Group"
            "type": "Group"
        }
    ],
    "urn:example.tenant.com:ciam:scim:schemas:extension:1.0:OrganizationUser": {

    },
    "meta": {
        "resourceType": "OrganizationUser",
        "location": "https://example.tenant.com/ciam/1.0/scim/v2/OrganizationUsers/add4cac2-613f-449b-ae1c-97ce7be22a4a"
    }
}

# RelyingParties

Schema specification: https://example.tenant.com/ciam/1.0/scim/v2/Schemas/urn:connectis:ciam:scim:schemas:core:1.0:RelyingParty
Endpoint: https://example.tenant.com/ciam/1.0/scim/v2/RelyingParties
Note: "RelyingParties" are referred to as "Service providers" on the front-end dashboard.
Allow: GET, PATCH
Filter options for RelyingParties (for an example, see below):
- id (uuid)
- externalId (string)
- name (string)

GET all relying-parties example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/RelyingParties

Response: 200 OK

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 2,
    "itemsPerPage": 50,
    "startIndex": 1,
    "Resources": [
        {
            "schemas": [
                "urn:connectis:ciam:scim:schemas:core:1.0:RelyingParty"
            ],
            "id": "3ba99848-b13a-4ad2-a7e3-670a17d76cd7",
            "externalId": "3ba99848-b13a-4ad2-a7e3-670a17d76cd7",
            "displayName": "Dummy SP 1",
            "groups": [
                {
                    "value": "17e78087-ea19-4cd0-a38a-732a4f898413",
                    "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Groups/17e78087-ea19-4cd0-a38a-732a4f898413",
                    "display": "Test Group"
                    "type": "Group"
                }
            ],
            "meta": {
                "resourceType": "RelyingParty",
                "location": "https://test.local:8000/ciam/1.0/scim/v2/RelyingParties/3ba99848-b13a-4ad2-a7e3-670a17d76cd7"
            }
        },
        ...
    ]
}

Note: This will show maximum 50 records by default. Use count as query parameter to change the default max limit. For example, use https://example.tenant.com/ciam/1.0/scim/v2/RelyingParties?count=100 to show 100 records.

GET single relying-party example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/RelyingParties/3ba99848-b13a-4ad2-a7e3-670a17d76cd7

Response: 200 OK

{
        "schemas": [
            "urn:connectis:ciam:scim:schemas:core:1.0:RelyingParty"
        ],
        "id": "3ba99848-b13a-4ad2-a7e3-670a17d76cd7",
        "externalId": "3ba99848-b13a-4ad2-a7e3-670a17d76cd7",
        "displayName": "Dummy SP 1",
        "groups": [
            {
                "value": "17e78087-ea19-4cd0-a38a-732a4f898413",
                "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Groups/17e78087-ea19-4cd0-a38a-732a4f898413",
                "display": "Test Group"
                "type": "Group"
            }
        ],
        "meta": {
            "resourceType": "RelyingParty",
            "location": "https://test.local:8000/ciam/1.0/scim/v2/RelyingParties/3ba99848-b13a-4ad2-a7e3-670a17d76cd7"
        }
    }
}

GET response attribute filtering example (can also be used in combination with standard filtering):

Request:

https://example.tenant.com/ciam/1.0/scim/v2/RelyingParty?attributes=displayName

Response: 200 OK

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 1,
    "itemsPerPage": 50,
    "startIndex": 1,
    "Resources": [
        {
            "id": "50945e0d-53e8-46fe-88fe-94f571ffec5d",
            "displayName": "Sample SP2",
        },organization
        ...
    ]
}

Multiple values can be passed in the attributes filter, example:

 https://example.tenant.com/ciam/1.0/scim/v2/RelyingParty?attributes=displayName, groups

Example with standard filter and response attribute filter:

https://example.tenant.com/ciam/1.0/scim/v2/RelyingParty?filter=displayName eq "Admin"&attributes=groups

GET relying-parties using filter example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/RelyingParties?filter=name Eq "Dummy SP 1"

Response: 200 OK

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 1,
    "itemsPerPage": 50,
    "startIndex": 1,
    "Resources": [
        {
            "schemas": [
                "urn:connectis:ciam:scim:schemas:core:1.0:RelyingParty"
            ],
            "id": "3ba99848-b13a-4ad2-a7e3-670a17d76cd7",
            "externalId": "3ba99848-b13a-4ad2-a7e3-670a17d76cd7",
            "displayName": "Dummy SP 1",
            "groups": [
                {
                    "value": "17e78087-ea19-4cd0-a38a-732a4f898413",
                    "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Groups/17e78087-ea19-4cd0-a38a-732a4f898413",
                    "display": "Test Group"
                    "type": "Group"
                }
            ],
            "meta": {
                "resourceType": "RelyingParty",
                "location": "https://test.local:8000/ciam/1.0/scim/v2/RelyingParties/3ba99848-b13a-4ad2-a7e3-670a17d76cd7"
            }
        },
        ...
    ]
}

PATCH example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/RelyingParties/3ba99848-b13a-4ad2-a7e3-670a17d76cd7

Request body:

{
    "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
    "Operations": [
        {"op": "add", "path": "groups", "value": [{"value": "17e78087-ea19-4cd0-a38a-732a4f898413"}]},
        {"op": "remove", "path": "groups", "value": [{"value": "6d1f8176-0c0c-4bf9-8477-5b7520d7b6c3"}]},
    ]
}

Response: 200 OK

{
        "schemas": [
            "urn:connectis:ciam:scim:schemas:core:1.0:RelyingParty"
        ],
        "id": "3ba99848-b13a-4ad2-a7e3-670a17d76cd7",
        "externalId": "3ba99848-b13a-4ad2-a7e3-670a17d76cd7",
        "displayName": "Dummy SP 1",
        "groups": [
            {
                "value": "17e78087-ea19-4cd0-a38a-732a4f898413",
                "$ref": "https://example.tenant.com/ciam/1.0/scim/v2/Groups/17e78087-ea19-4cd0-a38a-732a4f898413",
                "display": "Test Group"
                "type": "Group"
            }
        ],
        "meta": {
            "resourceType": "RelyingParty",
            "location": "https://test.local:8000/ciam/1.0/scim/v2/RelyingParties/3ba99848-b13a-4ad2-a7e3-670a17d76cd7"
        }
    }
}

# TOTPDevices

Core schema specification: https://example.tenant.com/ciam/1.0/scim/v2/Schemas/urn:connectis:ciam:scim:schemas:core:1.0:TOTPDevices
Endpoint: https://example.tenant.com/ciam/1.0/scim/v2/2fa
Allow: GET, DELETE
Filter options for TOTPDeviceAttributes:
- id (uuid)
- externalId (string)
- user (uuid)
- key (string)

Note: GET call to the endpoint will return all the totp devices, and by calling https://example.tenant.com/ciam/1.0/scim/v2/2fa/id you will get information about one totp device

GET Response 200 OK

{
    "schemas": [
        "urn:connectis:ciam:scim:schemas:core:1.0:TOTPDevices"
    ],
    "id": "0c2dbbf4-7377-4f7c-8376-5c35790e37d1",
    "externalId": null,
    "key": "9c5684fc49329d3fda79f0e9e7f2af5bc9ff0f51",
    "meta": {
        "resourceType": "TOTPDevice",
        "location": "https://connectis.local.test-development.nl/ciam/1.0/scim/v2/2fa/0c2dbbf4-7377-4f7c-8376-5c35790e37d1"
    },
    "name": "default",
    "user": {
        "uuid": "97f212f5-f208-4ae8-9a1b-91f69ece7948"
    }
}

Note2: 'DELETE' call to the endpoint needs to be done https://example.tenant.com/ciam/1.0/scim/v2/2fa/id

# UserResetPassword

Endpoint: https://example.tenant.com/ciam/1.0/scim/v2/UserResetPassword/<uuid>
<uuid> is the uuid of the user on which the password reset is done
Allow: PATCH
- PATCH Response 204 No Content

# InviteUser

Endpoint: https://example.tenant.com/ciam/1.0/scim/v2/InviteUser
Allow: POST

POST example:

Request:

https://example.tenant.com/ciam/1.0/scim/v2/InviteUser

Request body:

{
    "organization": "f39322c6-7234-478a-a976-9a7409c0b085" (required),
    "email": "email@email.email" (required),
    "customAttributes": [{
        "id": "f39322c6-7234-478a-a976-9a7409c0b085",
        "value": "test"
     }] (required for the required custom attributes),
    "groups":  ["f39322c6-7234-478a-a976-9a7409c0b085", ] (optional)
}

# Invitations

Endpoint: https://example.tenant.com/ciam/1.0/scim/v2/Invitations/<uuid>
<uuid> is the uuid of the invitation
Allow: GET, DELETE

Request:

https://example.tenant.com/ciam/1.0/scim/v2/Invitations

Response:

"Resources": [
    {
        "id": "01ff4064-a763-4070-aee6-022d22f96346",
        "organization": {
            "value": "86f9f43a-9489-49b2-8133-cf6b4ec2e580",
            "$ref": "https://qa.ng-test.nl/ciam/1.0/scim/v2/Organizations/86f9f43a-9489-49b2-8133-cf6b4ec2e580",
            "display": "Connectis",
            "type": "Organization"
        },
        "invitedBy": {
            "value": "bc4dad3b-08a7-44d1-acc8-a6fda4b92602",
            "$ref": "https://qa.ng-test.nl/ciam/1.0/scim/v2/Users/bc4dad3b-08a7-44d1-acc8-a6fda4b92602",
            "display": "Fname Lname",
            "type": "User"
        },
        "emailAddress": "test@test.com",
        "timestamp": "2020-05-19T15:07:25.442591+00:00",
        "accepted": true
    },...]

GET with filter:
- Request:
```
https://example.tenant.com/ciam/1.0/scim/v2/Invitations?filter=emailAddress eq "test@test.com"
```
- You can also filter by invitedBy(uuid) and invitedBy.userName(str) or id(uuid)
DELETE
- Request:
```
https://example.tenant.com/ciam/1.0/scim/v2/Invitations/<uuid>"
```
- The invitation that is deleted cannot be accepted anymore.

ExternalIdps:
- id (uuid)
- externalId (string)
- name (string)
- issuer (string)
ExternalIdpAttributeDefinitions:
- id (uuid)
- externalId (string)
- name (string)
- description (string)
- type (string, Between INTEGER, STRING, DATE, BOOLEAN)
- required (boolean)
- defaultValue (string)
ImportedUserAttributes:
- id (uuid)
- externalId (string)
- user(uuid)
ImportedOrganizationUserAttributes:
- id (uuid)
- externalId (string)
ExternalUsers:
- id (uuid)
- externalId (string)
- subject (string)
- user(uuid)

# SCIM API v1.0

# Introduction

# Actors

# Preconditions

# Exceptions

# No secret token (or an incorrect one) is included in the request's header.

# A secret token is included in the request's header but the SystemUser's OrganizationUser doesn't have the right OwnIdP permissions.

# Order of execution

# Endpoints

# Users

# Groups

# Organizations

# OrganizationUsers

# RelyingParties

# TOTPDevices

# UserResetPassword

# InviteUser

# Invitations

# Filter options for linked accounts