This documentation is for WSO2 Identity Server 5.3.0 . View documentation for the latest release.

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

WSO2 Identity Server can act as a SCIM Provider and at the same time it can act as a SCIM consumer. You can test the WSO2 Identity Server's SCIM Provider API as described here. The WSO2 Identity Server build includes the ApacheDS embedded LDAP server. The LDAP server's schema is customized to have the mandatory SCIM attributes, therefore SCIM implementation works out-of-the-box with the WSO2 Identity Server.


  1. Log in to WSO2 Identity Server using your credentials.
  2. Go to the Main menu in the Management Console menu and click List under Claims.
  3. Select urn:scim:schemas:core:1.0 from the Available Claim Dialect list.
  4. Search for userName from the list of claims and note down its Mapped Local Claim.
  5. Select from the Available Claim Dialect list.
  6. Search for username from the list of claims and click Edit.
  7. Change the Mapped Attribute value to cn and click Update.
  8. Edit the other four claims in the same way.
  9. Now the basic claim mapping is done. You can now add a user using the following curl command.

    Localtab Group
    titlePrimary Userstore Command
    Code Block
    curl -v -k --user admin:admin --data "{"schemas":[],"userName":"john","password":"[email protected]"}" --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users
    titleSecondary Userstore Command
    Code Block
    curl -v -k --user admin:admin --data "{"schemas":[],"userName":'',"password":"[email protected]"}" --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users

    Note that the user name is preceded by the domain and is within single quotes ''. Also note that '' here is a reference to a domain name.

    In RestClient, the following header parameters must be added and the double quotations must be removed from the message body.


    Content-Type: application/json
    Accept: */*
    Message body
    {schemas:[],userName:'',password:[email protected]}


    You need to do the claim mapping for every SCIM claim you are using with user operations.


    To find out how to enable extensions for extended attributes in SCIM 2.0, see Extensible SCIM User Schemas with WSO2 Identity Server