This documentation is for WSO2 Identity Server 5.4.0 . View documentation for the latest release.
||
Skip to end of metadata
Go to start of metadata

The System for Cross-domain Identity Management (SCIM) is a specification that is designed to manage user identities in cloud-based applications and services in a standardized way to enable interoperability, security, and scalability. It is an emerging open standard which provides RESTful APIs for easier, cheaper, and faster way for creating, provisioning, and maintaining identities. The latest version SCIM 2.0 was released as IETF RFC in September 2015.

Prior to IS 5.4.0, SCIM 2.0 was supported as an external connector that could be plugged in to WSO2 Identity Server. From 5.4.0 onwards, SCIM 2.0 is supported OOTB with WSO2 IS.

Enabling SCIM 2.0
  1. Disable the SCIM 1.0 listener where orderId=90 by setting the enable parameter to false in the identity.xml file found in the <IS_HOME>/repository/conf/identity folder. 
  2. Enable the SCIM 2.0 listener where orderid=93 by setting the enable parameter to true. 

    <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener" orderId="90" enable="false" />
    
    <!-- Enable the following SCIM2 event listener and disable the above SCIM event listener if SCIM2 is used. -->
    
    <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener" name="org.wso2.carbon.identity.scim2.common.listener.SCIMUserOperationListener" orderId="93" enable="true" />

Tip: For sample cURL commands and more information on user and tenant management using SCIM 2.0 REST APIs, see the REST API swagger docs for SCIM APIs.

The default permissions required to access each resource in SCIM 2.0 are given below.

EndpointHTTP MethodPermission
/scim2/Users
POST
/permission/admin/manage/identity/usermgt/create
/scim2/Users
GET
/permission/admin/manage/identity/usermgt/list
/scim2/Groups
POST
/permission/admin/manage/identity/rolemgt/create
/scim2/Groups
GET
/permission/admin/manage/identity/rolemgt/view
/scim2/Users/(.*)
GET
/permission/admin/manage/identity/usermgt/view
/scim2/Users/(.*)
PUT
/permission/admin/manage/identity/usermgt/update
/scim2/Users/(.*)
PATCH
/permission/admin/manage/identity/usermgt/update
/scim2/Users/(.*)
DELETE
/permission/admin/manage/identity/usermgt/delete
/scim2/Groups/(.*)
GET
/permission/admin/manage/identity/rolemgt/view
/scim2/Groups/(.*)
PUT
/permission/admin/manage/identity/rolemgt/update
/scim2/Groups/(.*)
PATCH
/permission/admin/manage/identity/rolemgt/update
/scim2/Groups/(.*)
DELETE
/permission/admin/manage/identity/rolemgt/delete
/scim2/Me
GET
/permission/admin/login
/scim2/Me
DELETE
/permission/admin/login
/scim2/Me
PUT
/permission/admin/login
/scim2/Me
PATCH
/permission/admin/login
/scim2/Me
POST
/permission/admin/manage/identity/usermgt/create
/scim2/ServiceProviderConfig
all-
/scim2/ResourceType
all-
/scim2/Bulk
all
/permission/admin/manage/identity/usermgt

More information about how to secure the REST APIs and configure authorization level can be found from Authenticating and Authorizing REST APIs

  • No labels