SCIM

System for Cross-domain Identity Management

Introduction to SCIM

What is SCIM?

SCIM is a standard created to simplify user management in the cloud by defining a schema for representing users and groups with a REST API for all the necessary CRUD operations.

This standard could be extended to other resources like accounts, roles, etc.

Soffid is compatible with SCIM 2 protocol but uses its owns schema for users, groups, roles and so one. That is why Soffid implements SCIM protocols (RFC7644 and EFC 7644), but not SCIM core schema (RFC7643).

Information about SCIM

All the information about SCIM is published in the following link: http://www.simplecloud.info/

Currently, the last available version of the standard is SCIM 2.0.

The most relevant link about the specification of this protocol is: https://tools.ietf.org/html/rfc7644

Use cases of SCIM

SCIM could be used to create a new identity from third part application assign or revoke permissions, create or disable accounts, or even take part of new or existing workflows.

You can leverage SCIM protocol to extend current Soffid functionality adapting the Identity Platform to your needs.

Example of SCIM

SCIM uses JSON specification for the data model containing the requests and responses. For instance, the data information of a user would be:

{
  "schemas": [
    "urn:ietf:params:scim:schemas:core:2.0:User"
  ],
  "userName": "bjensen",
  "externalId": "bjensen",
  "name": {
    "formatted": "Ms. Barbara J Jensen III",
    "familyName": "Jensen",
    "givenName": "Barbara"
  }
}

SCIM also uses REST specification for HTTP communication between clients and servers. For instance, a request to create a user would be:

POST /Users  HTTP/1.1
Host: example.com
Accept: application/scim+json
Content-Type: application/scim+json
Authorization: Bearer h480djs93hd8
Content-Length: ...

The HTTP codes are very important in the responses. For instance:

HTTP/1.1 200 Response is ok
HTTP/1.1 201 Resource created
HTTP/1.1 404 Resource not found
etc


SCIM Operations

HTTP Method

GET

Retrieves one or more complete or partial resources.

POST

Depending on the endpoint, creates new resources, creates a search request, or MAY be used to bulk-modify resources.

PUT

Modifies a resource by replacing existing attributes with a specified set of replacement attributes (replace). PUT MUST NOT be used to create new resources.

PATCH

Modifies a resource with a set of client-specified changes

(partial update).

DELETE

Deletes a resource.

Get

A HTTP Get request is used to fetch a resource or a set of resources.

Read

http://<your-domain>/soffid/webservice/scim2/v1/{Resource}/{id}
http://<your-domain>/soffid/webservice/scim2/v1/{Resource}/?filter={attribute}{op}{value}&sortBy={attributeName}&sortOrder={ascending|descending}&attributes={attributes}

Also, you can asl for specific attributes of the resource

Example: 

http://<your-domain>/soffid/webservice/scim2/v1/User?filter=lastName co ada and active eq true &sortOrder=descending&sortBy=userName&attributes=userName,lastName&filter=userName co admin

Sorting

Parameter

Description

sortBy Specifies the attribute whose value will be used to order ther returned responses.
sortOrder

Allowed values are "ascending" and "descending".

If sortBy is provided, and sortOrder is nos provided, sortOrder will be "ascending" by default.

Sorting example:

http://<your-server>/soffid/webservice/scim2/v1/User?sortBy=lastName&sortOrder=descending

Pagination

Parameter

Description

startIndex Index of the first query result. Default 1
count Maximun numer of query results per page

Pagination example: 

http://<your-server>/soffid/webservice/scim2/v1/User?startIndex=1&count=10
{
     "totalResults":100,
     "itemsPerPage":10,
     "startIndex":1,
     "schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
     "Resources":[{
       ...
     }]
}

Post

A HTTP Post request is used to create a new resource

http://<your-domain>/soffid/webservice/scim2/v1/{Resource}
Content-Type: application/json

You must send the JSON with the attributes of the resource you want to create.

{
  "schemas":[{schema}],
  "attribute1":"value1",
  "attribute2":"value2",
  "attribute3":{
    "subattribute1":"valueX",
    "subattribute1":"valueX",
  },
  .......
}

Put

A HTTP Put request is used to update resources. This operation replace all values of the resource

http://<your-domain>/soffid/webservice/scim2/v1/{Resource}/{id}
Content-Type: application/json

You must send the JSON with the attributes of the resource you want to update, which includes the ID.

{
  "schemas":[{schema}],
  "id": "idValue",
  "attribute1":"value1",
  "attribute2":"value2",
  "attribute3":{
    "subattribute1":"valueX",
    "subattribute1":"valueX",
  },
  .......
}

Patch

A HTTP Patch request is used to update partial resources

http://<your-domain>/soffid/webservice/scim2/v1/{Resource}/{id}
{
    "Operations": [
        {
            "op": "operation",
            "path": "attribute",
            "value": "value"
        },
        ............
    ]
}

More information about the operations on https://www.rfc-editor.org/rfc/rfc6902

Delete

A HTTP Delete request is used to delete a resource.

http://<your-domain>/soffid/webservice/scim2/v1/{Resource}/{id}

Request

In the PUT and PATCH methods, a JSON stream with the data model is required (please see this format in the following link:  Resource data model).

Response

The response format will be represented as a SCIM JSON response, but all the keys in the response will depend on the method requested and the result of the operation.

HTTP Status

The most commons responses

Successful Responses

200

OK

201

Created

204 

No Content

Error Response

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

500

Internal Server Error

For instance, when you search by id but no resource is found, only a 404 HTTP code is included in the response (the body is empty, no JSON is provided).

User cases:

More detail about SCIM JSON error

SCIM JSON Response

SCIM JSON list

For instance, when a list of resources is requested, this is the JSON output format:

Note, to simplify the JSON output every resource has been replaced by {...}

{
  "totalResults": 3,
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:ListResponse"
  ],
  "resources": [
    {...},
    {...},
    {...}
  ]
}

This is the description of this type of response:

Attribute
Description
totalResults Number of the resources returned in the response
schemas Defined by SCIM protocl. Always: "urn:ietf:params:scim:api:messages:2.0:ListResponse"
resources  List of resources returned

User cases:

SCIM JSON resource

For instance, when a resource by id is requested, this is the JSON format:

Note, to simplify the JSON output every resource has been replaced by {...}

{
  "id": 11345
  "organizational": true,
  ...
}

In this case, the JSON stream of the resource is included directly in the response.

User cases:

SCIM JSON error

For instance, if an attempt to delete a resource is made, but this resource is not found the following JSON response will be obtained:

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:Error"
  ],
  "detail": "User 1234 not found",
  "status": "404"
}

This is the description of this type of response:

Attribute
Description
schemas Defined by SCIM protocl. Always: "urn:ietf:params:scim:api:messages:2.0:Error"
detail Returns the description on the validation, problem, error, etc
status Is the HTTP status, that is the same that the HTTP code of the HTTP response

User cases:

SCIM Query syntax

SCIM protocol provides a language to search and filter resources.

Please browse the standard specifications in this link: https://tools.ietf.org/html/rfc7644#section-3.4.2.2

Example

To search all users having "John" as name:

http://<domain>/webservice/scim2/v1/User/?filter=userName eq "John"

Use

This feature can be used with the Search by filter operation.

After the URL resource. the filter parameter with the language expression to apply must be added: <URL>?filter=<expression>

Remember that in this case the HTTP method is GET.

The result always is a SCIM response list.

Syntax

Attribute operators

Operator

Description

eq

equal

eq_ci

case insensitive version of equal operator

ne

not equal

co

contains

sw

starts with

ew

ends with

pr

present (has value)

gt

greater than

ge

greater than or equal to

lt

less than

le

less than or equal to

Logical operators

Operator

Description

and

Logical "and"

or

Logical "or"

not

"Not" function

Grouping operators

Operator

Description

( )

Precedence grouping

[ ]

Complex attribute filter group

Data values

Data type

Value

Numbers Use the value without ", for example 1234
Text Use the value within ", for example "John"
Date

Use the value within " with an ISO format, for example "2011-05-13T04:42:34Z"

Boolean Use [ true | false ] (without ")
Null Use [ null ] (without ")

Filter examples

filter=userName eq "admin"
filter=userName ne "admin"
filter=userName co "ad"
filter=userName sw "a"
filter=userName ew "n"
filter=userName pr
filter=id gt 1
filter=id ge 60
filter=id lt 1000
filter=id le 1188
filter=consoleProperties.id eq 229
filter=createdDate gt "2011-05-13T04:42:34Z"
filter=id eq 60 and id eq 1188
filter=id eq 60 or id eq 1188
filter=firstName eq "Admin" and id eq 60
filter=firstName eq "Admin" or id eq 61
filter=primaryGroup eq "world" and (firstName co "John” or lastName co "Smith")
filter=userName co "i" and (userName co "a" or userName co "s")
filter=id eq 60 and (userName co "a" and consoleProperties.id eq 229)

Sorting

Short is optional .

Parameter

Description

sortBy Specifies the attribute whose value will be used to order ther returned responses.
sortOrder

Allowed values are "ascending" and "descending".

If sortBy is provided, and sortOrder is nos provided, sortOrder will be "ascending" by default.

Example:

http://<your-server>/webservice/scim2/v1/User?sortBy=lastName&sortOrder=descending

Pagination

Parameter

Description

startIndex Index of the first query result. Default 1
count Maximun numer of query results per page

Example: 

http://<your-server>/webservice/scim2/v1/User?startIndex=1&count=10
{
     "totalResults":100,
     "itemsPerPage":10,
     "startIndex":1,
     "schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
     "Resources":[{
       ...
     }]
}


How to install SCIM in Soffid

Installation

Download

Please download the Soffid SCIM add-on.

You can download it at the following link http://www.soffid.com/download/enterprise/  if you have Soffid user with authorization, or in the following http://download.soffid.com/download/ by registering.

Upload

Once the SCIM add-on is downloaded, please log in to IAM Console.

You need to be an administrator user of the Soffid console or a user with permissions to upload addons.

In the Soffid console, please go to: "Main Menu > Administration > Configure Soffid > Global Settings > Plugins"  and upload the addon file, for more information visit the Addons Getting started page

Finally, when the addon is installed, it will be required to restart the Soffid Console.

Testing

Confirm authorization

To access to the SCIM REST web service, a user with correct authorization is required.

First we can check the authorization created by the SCIM add-on:

Confirm access

Once a user is available to access SCIM functionality, testing is easily done with a browser.

For example, to list groups.

Comments


How to use SCIM in Soffid

Introduction

Soffid has implemented a version of the SCIM protocol 2.0. Some optional recommendations have also been included to improve the usage of this specification within the Soffid context.

This functionality is available only by installing the SCIM add-on. This add-on is available in the download section of the Soffid website. 

Discovery

Soffid provides some endpoints to discover supported features and specific attribute details:

Service provider config

This endpoint provides additional information about the Soffid SCIM implementation.

Request
GET https://<your-domain>/soffid/webservice/scim2/v1/ServiceProviderConfig
Response 200 OK
{
    "patch": {
        "supported": true
    },
    "filter": {
        "maxResults": 1000,
        "supported": true
    },
    "documentationUri": "https://bookstack.soffid.com/books/scim",
    "authenticationSchemes": [
        {
            "documentationUri": "https://bookstack.soffid.com/book/scim",
            "name": "HTTP Basic",
            "description": "Authentication scheme using the HTTP Basic Standard",
            "specUri": "http://www.rfc-editor.org/info/rfc2617",
            "type": "httpbasic"
        }
    ],
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/ServiceProvider",
        "resourceType": "ServiceProviderConfig"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"
    ],
    "etag": {
        "supported": false
    },
    "sort": {
        "supported": true
    },
    "bulk": {
        "supported": false
    },
    "changePassword": {
        "supported": true
    }
}

Resources Types

An endpoint used to discover the types of resources available.

List resources types

The SCIM protocol is focused on resource management, such as users, groups, accounts, etc. To know all the resources  that Soffid provides you can use this REST web service: 

Request
GET https://<your-domain>/soffid/webservice/scim2/v1/ResourceTypes
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 20,
    "startIndex": 1,
    "Resources": [
        {
            "schema": "urn:soffid:com.soffid.iam.api.Account",
            "endpoint": "http://soffid.pat.lab:8080/webservice/scim2/v1/Account",
            "meta": {
                "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/ResourceTypes/Account",
                "resourceType": "ResourceType"
            },
            "schemas": [
                "urn:ietf:params:scim:schemas:core:2.0:ResourceType"
            ],
            "name": "Account",
            "description": "Account object",
            "id": "Account"
        },
        {
            "schema": "urn:soffid:com.soffid.iam.api.Group",
            "endpoint": "http://soffid.pat.lab:8080/webservice/scim2/v1/Group",
            "meta": {
                "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/ResourceTypes/Group",
                "resourceType": "ResourceType"
            },
            "schemas": [
                "urn:ietf:params:scim:schemas:core:2.0:ResourceType"
            ],
            "name": "Group",
            "description": "Group object",
            "id": "Group"
        },
      ...............
      ]
}

Query resource type

Specifies metadata about each resource. To query a specific resource type, you can use this REST web service:

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/ResourceTypes/{Resource}

Example

GET http://<your-domain>/soffid/webservice/scim2/v1/ResourceTypes/User
Response 200 OK
{
    "schema": "urn:soffid:com.soffid.iam.api.User",
    "endpoint": "http://soffid.pat.lab:8080/webservice/scim2/v1/User",
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/ResourceTypes/User",
        "resourceType": "ResourceType"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:ResourceType"
    ],
    "name": "User",
    "description": "User object",
    "id": "User"
}
Response 404
404 Not Found

Schemas

Schema definition for a specific resource.

Request

GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/{Schema_URL}

Example

GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Role

Response 200 OK

{
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Role",
        "resourceType": "Schema"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Schema"
    ],
    "name": "Role",
    "description": "Role object",
    "attributes": [
        {
            "uniqueness": "none",
            "name": "name",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "description",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "system",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "category",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "informationSystemName",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "domain",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "bpmEnabled",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "approvalStart",
            "mutability": "readOnly",
            "type": "dateTime",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "approvalEnd",
            "mutability": "readOnly",
            "type": "dateTime",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        }
    ],
    "id": "urn:soffid:com.soffid.iam.api.Role"
}
Response 404
404 Not Found

Soffid Resources

Soffid provides the following resources:

Resource
Description
User

Management of the users included in the Soffid solution.

A user is an identity that represents only one person.

Group

Management of the groups included in the Soffid solution.

A group could be part of a hierarchical group tree.

Users are assigned to a primary group and optionally could be in some secondary groups.

Account

Management of the accounts included in the Soffid solution.

An account is a representation of one application access.

A user may have a lot of accounts and may have some accounts for the same applications with different roles and restrictions.

Application


Management of the applications (Information Systems from a functional point of view) included in the Soffid solution.

Every agent (of an external system) manages these roles through one or more applications.


Role


Management of the roles included in the Soffid solution. 

Every role is created in one application, so an application has a list of roles.

GroupType

Management of the GroupTypes included in the Soffid solution. 

UserType

Management of the GroupTypes included in the Soffid solution. 

GroupUser

Management of the GroupUsers included in the Soffid solution. 

RoleAccount

Management of the RoleAccounts included in the Soffid solution. 

Host

Management of the Hosts included in the Soffid solution. 

MailDomain

Management of the MailDomains included in the Soffid solution. 

MailList

Management of the MailLists included in the Soffid solution. 

DomainValue

Management of the DomainValues included in the Soffid solution. 

VaultFolder

Management of the VaultFolders included in the Soffid solution. 

System

Management of the Systems (Agents) included in the Soffid solution. 

Information storage system from a technical point of view.

CustomObject

Management of the CustomObjects included in the Soffid solution. 

TaskInstance

Management of the TaskInstances included in the Soffid solution. 

ProcessInstance

Management of the ProcessInstances included in the Soffid solution. 

ProcessDefinition

Management of the ProcessDefinition included in the Soffid solution. 

You can view all resource data models and schemas on Resource data model & schema chapter

Soffid Operations

For every resource the following operations are available:

Operation

HTTP method

URL example

Description

List all

GET

.../soffid/webservice/scim/<resource>

List all resources

Search by id

GET

.../soffid/webservice/scim/<resource>/<id>

Search the resource with the <id> specified

Search by filter

GET

.../soffid/webservice/scim/<resource>?filter=<filter-language>

Search all resources that fulfil the <filter-language> filter (please see filtering language here 5. SCIM filter language)

Create

POST

.../soffid/webservice/scim/<resource>

Create a resource

Update all

PUT

.../soffid/webservice/scim/<resource>/<id> + <JSON in the body>

Update all attributes specified in the JSON stream (the attributes not included will be cleared)

Update partial

PATCH

.../soffid/webservice/scim/<resource>/<id> + <JSON in the body>

Update only the attributes specified in the JSON stream (the other attributes will not be updated)

Delete

DELETE

.../soffid/webservice/scim/<resource>/<id>

Delete a resource

HTTP request

In every HTTP request the following HTTP header parameters are required:

Parameter
Value
Description
URL https://<your-domain>/soffid/webservice/scim/<resource> URL with the <resource> to be managed
Method [ GET | POST | PUT | PATCH | DELETE ] Method allowed in SCIM REST protocol
Content-Type application/scim+json SCIM specification
Accept application/scim+json SCIM specification
Authorization Basic YWRtaW46Y2hhbmdlaXQ= Only BASIC authentication is implemented in this version. A Soffid user (+password) with SCIM access is required to generate this parameter
Accept-Language [ EN  | ES | CA | NL ] This parameter is OPTIONAL. The default language is EN

HTTP codes

The following HTTP codes are managed in the HTTP response:

Code

Status

User case

200

Ok

After: list all, search by id, search by filter, update all, update partial

201

Created

After: create

204

No content

After: delete

404

Not found

After: resource not found

500

Error

After: internal error, PATCH DELETE


Testing tool

REST clients

Any REST client may be used to test and consume our SCIM REST web service.

RESTer

In this case, we will show the usage with RESTer, a browser extension available for Chrome and Firefox.

This extension may be added from these links: ChromeFirefox

Once it's added to the browser, this tool is accessible from its toolbar icon:

RestTer_1.png

This is the RESTer application window:

RESTer_2.png

Remember to use the HTTP headers specified in SCIM in SCIM in Soffid-HTTPrequest 

Remember to use a user with authorization. See 8. How to use SCIM in How to use SCIM in Soffid-Confirmauthorization

Postman

Postman is another REST client, you can use it as an extension of the browser, but we recommend the operating system application.


Resource data model & schema

The data model of the Soffid objects is mapped to JSON objects to enable the data transport between client and server.

Resource data model & schema

User resource

/User

Dictionary table

The diagram service model of the object: http://www.soffid.org/doc/console/latest/uml/com/soffid/iam/api/User.html

Soffid allows you to add customized data to the user object. You can do that on metadata, on the proper object.

Query schema

It is allowed to consult all the User definition using the Schema query:

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.User
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.User",
        "resourceType": "Schema"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Schema"
    ],
    "name": "User",
    "description": "User object",
    "attributes": [
        {
            "subattributes": [
                {
                    "uniqueness": "none",
                    "name": "NIF",
                    "description": "NIF",
                    "mutability": "readWrite",
                    "type": "string",
                    "caseExact": true,
                    "returned": "default",
                    "multiValued": false,
                    "required": false
                },
                {
                    "uniqueness": "none",
                    "name": "PHONE",
                    "description": "PHONE",
                    "canonicalValues": [
                        "1",
                        "2",
                        "3"
                    ],
                    "mutability": "readWrite",
                    "type": "string",
                    "caseExact": true,
                    "returned": "default",
                    "multiValued": false,
                    "required": false
                },
                {
                    "uniqueness": "none",
                    "name": "manager",
                    "description": "Manager",
                    "mutability": "readWrite",
                    "type": "string",
                    "caseExact": true,
                    "returned": "default",
                    "multiValued": false,
                    "required": false
                },
                {
                    "uniqueness": "none",
                    "name": "Contrat_type",
                    "description": "Contract type",
                    "canonicalValues": [
                        "T",
                        "I",
                        "F",
                        "S"
                    ],
                    "mutability": "readWrite",
                    "type": "string",
                    "caseExact": true,
                    "returned": "default",
                    "multiValued": false,
                    "required": false
                },
                {
                    "uniqueness": "none",
                    "name": "RegisterServiceProvider",
                    "description": "RegisterServiceProvider",
                    "mutability": "readWrite",
                    "type": "string",
                    "caseExact": true,
                    "returned": "default",
                    "multiValued": false,
                    "required": false
                },
                {
                    "uniqueness": "none",
                    "name": "EMAIL",
                    "description": "External email",
                    "mutability": "readWrite",
                    "type": "string",
                    "caseExact": true,
                    "returned": "default",
                    "multiValued": false,
                    "required": false
                },
                {
                    "uniqueness": "none",
                    "name": "ActivationKey",
                    "description": "ActivationKey",
                    "mutability": "readWrite",
                    "type": "string",
                    "caseExact": true,
                    "returned": "default",
                    "multiValued": false,
                    "required": false
                },
                {
                    "uniqueness": "none",
                    "name": "picture",
                    "description": "Fotografía",
                    "mutability": "readWrite",
                    "type": "binary",
                    "caseExact": true,
                    "returned": "default",
                    "multiValued": false,
                    "required": false
                },
                {
                    "uniqueness": "none",
                    "name": "birthDate",
                    "description": "Birth date",
                    "mutability": "readWrite",
                    "type": "dateTime",
                    "caseExact": true,
                    "returned": "default",
                    "multiValued": false,
                    "required": false
                },
                {
                    "uniqueness": "none",
                    "name": "language",
                    "description": "Languages spoken by the user",
                    "canonicalValues": [
                        "Spanish",
                        "English",
                        "German"
                    ],
                    "mutability": "readWrite",
                    "type": "string",
                    "caseExact": true,
                    "returned": "default",
                    "multiValued": true,
                    "required": false
                },
                {
                    "uniqueness": "none",
                    "name": "country",
                    "description": "Country",
                    "mutability": "readWrite",
                    "type": "string",
                    "caseExact": true,
                    "returned": "default",
                    "multiValued": false,
                    "required": false
                }
            ],
            "uniqueness": "none",
            "name": "attributes",
            "description": "Custom attributes",
            "mutability": "readWrite",
            "type": "complex",
            "returned": "default",
            "multiValued": false
        },
        {
            "uniqueness": "none",
            "name": "userName",
            "description": "User name",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "firstName",
            "description": "First name",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "lastName",
            "description": "Last Name",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "middleName",
            "description": "Middle name",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "fullName",
            "description": "Full name",
            "mutability": "readOnly",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "userType",
            "description": "Type",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "primaryGroup",
            "description": "Primary group",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "homeServer",
            "description": "Home server",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "profileServer",
            "description": "Profile server",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "emailAddress",
            "description": "Internal eMail",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "mailAlias",
            "description": "Mail alias",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "mailServer",
            "description": "Mail server",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "active",
            "description": "Enabled",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "multiSession",
            "description": "Multi session",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "comments",
            "description": "Comments",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "createdByUser",
            "description": "Created by",
            "mutability": "readOnly",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "createdDate",
            "description": "Created on",
            "mutability": "readOnly",
            "type": "dateTime",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "modifiedByUser",
            "description": "Modifid by",
            "mutability": "readOnly",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "modifiedDate",
            "description": "Modified last on",
            "mutability": "readOnly",
            "type": "dateTime",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "subattributes": [
                {
                    "uniqueness": "none",
                    "name": "domain",
                    "description": "Password domain to be changed. By default, the DEFAULT domain is changed",
                    "mutability": "writeOnly",
                    "type": "string",
                    "caseExact": true,
                    "multiValued": false,
                    "required": false
                },
                {
                    "uniqueness": "none",
                    "name": "value",
                    "description": "The password itself, in  clear text",
                    "mutability": "writeOnly",
                    "type": "string",
                    "caseExact": true,
                    "multiValued": false,
                    "required": true
                },
                {
                    "uniqueness": "none",
                    "name": "expired",
                    "description": "If not set to false, the user will be prompted to change it on next logon",
                    "mutability": "readWrite",
                    "type": "boolean",
                    "caseExact": true,
                    "multiValued": false,
                    "required": false
                }
            ],
            "uniqueness": "none",
            "name": "password",
            "description": "Change current user password",
            "mutability": "writeOnly",
            "type": "complex",
            "caseExact": true,
            "multiValued": true,
            "required": false
        }
    ],
    "id": "urn:soffid:com.soffid.iam.api.User"
}

Full JSON example

Visit SCIM User examples page

Resource data model & schema

Group resource

/Group

Dictionary table

The diagram service model of the object: http://www.soffid.org/doc/console/latest/uml/com/soffid/iam/api/Group.html

Soffid allows you to add customized data to the group object. You can do that on metadata option:

Query Schema

It is allowed to consult all the Group definition using the Schema query:

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Group
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Group",
        "resourceType": "Schema"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Schema"
    ],
    "name": "Group",
    "description": "Group object",
    "attributes": [
        {
            "uniqueness": "none",
            "name": "name",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "description",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "driveLetter",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "parentGroup",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "type",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "driveServerName",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "obsolete",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        }
    ],
    "id": "urn:soffid:com.soffid.iam.api.Group"
}

Full JSON example

Visit SCIM Group examples page

Resource data model & schema

Account resource

/Account

Dictionary table

The diagram service model of the object: http://www.soffid.org/doc/console/latest/uml/com/soffid/iam/api/Account.html

Soffid allows you to add customized data to the Account object. You can do that on metadata option:

Query Schema

It is allowed to consult all the Account definition using the Schema query:

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Account
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Account",
        "resourceType": "Schema"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Schema"
    ],
    "name": "Account",
    "description": "Account object",
    "attributes": [
        {
            "uniqueness": "none",
            "name": "system",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "name",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "description",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "type",
            "canonicalValues": [
                "U",
                "S",
                "P",
                "I"
            ],
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "status",
            "canonicalValues": [
                "a",
                "d",
                "FA",
                "FD",
                "r",
                "l"
            ],
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "passwordPolicy",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "ownerGroups",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": true,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "ownerUsers",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": true,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "ownerRoles",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": true,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "managerGroups",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": true,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "managerUsers",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": true,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "managerRoles",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": true,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "grantedGroups",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": true,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "grantedUsers",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": true,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "grantedRoles",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": true,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "serverType",
            "canonicalValues": [
                "Windows",
                "Linux",
                "Database"
            ],
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "serverName",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "vaultFolderId",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "inheritNewPermissions",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "loginUrl",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "loginName",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "launchType",
            "canonicalValues": [
                "S",
                "W",
                "P"
            ],
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "jumpServerGroup",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "created",
            "mutability": "readOnly",
            "type": "dateTime",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "lastLogin",
            "mutability": "readOnly",
            "type": "dateTime",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "lastUpdated",
            "mutability": "readOnly",
            "type": "dateTime",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "lastPasswordSet",
            "mutability": "readOnly",
            "type": "dateTime",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "passwordExpiration",
            "mutability": "readOnly",
            "type": "dateTime",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "lockedBy",
            "mutability": "readOnly",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "passwordStatus",
            "mutability": "readOnly",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "subattributes": [
                {
                    "uniqueness": "none",
                    "name": "value",
                    "description": "The password itself, in  clear text",
                    "mutability": "writeOnly",
                    "type": "string",
                    "caseExact": true,
                    "multiValued": false,
                    "required": true
                },
                {
                    "uniqueness": "none",
                    "name": "expired",
                    "description": "If not set to false, the user will be prompted to change it on next logon",
                    "mutability": "readWrite",
                    "type": "boolean",
                    "caseExact": true,
                    "multiValued": false,
                    "required": false
                }
            ],
            "uniqueness": "none",
            "name": "password",
            "description": "Change current account password",
            "mutability": "writeOnly",
            "type": "complex",
            "caseExact": true,
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "attributes",
            "mutability": "readWrite",
            "type": "complex",
            "caseExact": true,
            "multiValued": false,
            "required": false
        }
    ],
    "id": "urn:soffid:com.soffid.iam.api.Account"
}

Full JSON example 

Visit SCIM Account examples page


Resource data model & schema

Application resource

/Application (addon version 1.2.0+)

Dictionary table

The diagram service model of the object: http://www.soffid.org/doc/console/latest/uml/com/soffid/iam/api/Application.html

Soffid allows you to add customized data to the Application object. You can do that on metadata option:

Query Schema

It is allowed to consult all the Application definition using the Schema query:

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Application
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Application",
        "resourceType": "Schema"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Schema"
    ],
    "name": "Application",
    "description": "Application object",
    "attributes": [
        {
            "uniqueness": "none",
            "name": "type",
            "canonicalValues": [
                "container",
                "application",
                "business"
            ],
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "parent",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "relativeName",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "description",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "source",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "owner",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "executable",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "database",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "ownerName",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "bpmEnabled",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "notificationEmails",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "approvalProcess",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "roleDefinitionProcess",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "singleRole",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        }
    ],
    "id": "urn:soffid:com.soffid.iam.api.Application"
}

Full JSON example

Visit SCIM Application examples page

Resource data model & schema

Role resource

/Role (addon version 1.2.0+)

Dictionary table

The diagram service model of the object: http://www.soffid.org/doc/console/latest/uml/com/soffid/iam/api/Role.html

Soffid allows you to add customized data to the Role object. You can do that on metadata option:


Query schema

It is allowed to consult all the Role definition using the Schema query:

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Role
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Role",
        "resourceType": "Schema"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Schema"
    ],
    "name": "Role",
    "description": "Role object",
    "attributes": [
        {
            "uniqueness": "none",
            "name": "name",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "description",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "system",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "category",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "informationSystemName",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "domain",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "bpmEnabled",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "approvalStart",
            "mutability": "readOnly",
            "type": "dateTime",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "approvalEnd",
            "mutability": "readOnly",
            "type": "dateTime",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        }
    ],
    "id": "urn:soffid:com.soffid.iam.api.Role"
}

Full JSON example

Visit SCIM Role examples page


Resource data model & schema

Group type resource

/OUType

Dictionary table

The diagram service model of the object: http://www.soffid.org/doc/console/latest/uml/com/soffid/iam/api/OUType.html

Query Schema

It is allowed to consult all the Group Type definition using the Schema query:

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.OUType
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.OUType",
        "resourceType": "Schema"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Schema"
    ],
    "name": "OUType",
    "description": "OUType object",
    "attributes": [
        {
            "uniqueness": "none",
            "name": "name",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "description",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "id",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "roleHolder",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        }
    ],
    "id": "urn:soffid:com.soffid.iam.api.OUType"
}

Full JSON example

Visit SCIM Group type examples page


Resource data model & schema

User type resource

/UserType

Dictionary table

The diagram service model of the object: http://www.soffid.org/doc/console/latest/uml/com/soffid/iam/api/UserType.html

Query Schema

It is allowed to consult all the User Type definition using the Schema query:

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.UserType
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.UserType",
        "resourceType": "Schema"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Schema"
    ],
    "name": "UserType",
    "description": "UserType object",
    "attributes": [
        {
            "uniqueness": "none",
            "name": "id",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "name",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "description",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "unmanaged",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        }
    ],
    "id": "urn:soffid:com.soffid.iam.api.UserType"
}

Full JSON example

Visit SCIM User type examples page


Resource data model & schema

GroupUser resource

/GroupUser

Dictionary table

The diagram service model of the object: http://www.soffid.org/doc/console/latest/uml/com/soffid/iam/api/GroupUser.html

Soffid allows you to add customized data to the GroupUser object. You can do that on metadata option:

Query Schema

It is allowed to consult all the GroupUser definition using the Schema query:

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.GroupUser
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.GroupUser",
        "resourceType": "Schema"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Schema"
    ],
    "name": "GroupUser",
    "description": "GroupUser object",
    "attributes": [
        {
            "subattributes": [
                {
                    "uniqueness": "none",
                    "name": "startDate",
                    "description": "Start date (2)",
                    "mutability": "readWrite",
                    "type": "dateTime",
                    "caseExact": true,
                    "returned": "default",
                    "multiValued": false,
                    "required": false
                },
                {
                    "uniqueness": "none",
                    "name": "comments",
                    "description": "Comments",
                    "mutability": "readWrite",
                    "type": "string",
                    "caseExact": true,
                    "returned": "default",
                    "multiValued": false,
                    "required": false
                }
            ],
            "uniqueness": "none",
            "name": "attributes",
            "description": "Custom attributes",
            "mutability": "readWrite",
            "type": "complex",
            "returned": "default",
            "multiValued": false
        },
        {
            "uniqueness": "none",
            "name": "user",
            "description": "User",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "group",
            "description": "Group",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        }
    ],
    "id": "urn:soffid:com.soffid.iam.api.GroupUser"
}

Full JSON example

Visit SCIM GroupUser examples page


Resource data model & schema

RoleAccount resource

/RoleAccount

Dictionary table

The diagram service model of the object: http://www.soffid.org/doc/console/latest/uml/com/soffid/iam/api/RoleAccount.html

Query Schema

It is allowed to consult all the RoleAccount definition using the Schema query:

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/ResourceTypes/RoleAccount
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.RoleAccount",
        "resourceType": "Schema"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Schema"
    ],
    "name": "RoleAccount",
    "description": "RoleAccount object",
    "attributes": [
        {
            "uniqueness": "none",
            "name": "accountId",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "accountName",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "accountSystem",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "roleName",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "roleCategory",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "informationSystemName",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "roleDescription",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "id",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "userFullName",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "groupDescription",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "domainValue",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "system",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "userGroupCode",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "bpmEnforced",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "userCode",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "ruleId",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "ruleDescription",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "sodRisk",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "sodRules",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "startDate",
            "mutability": "readWrite",
            "type": "dateTime",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "endDate",
            "mutability": "readWrite",
            "type": "dateTime",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "enabled",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "approvalPending",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "removalPending",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "holderGroup",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "approvalProcess",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "certificationDate",
            "mutability": "readWrite",
            "type": "dateTime",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "parentGrant",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "delegationStatus",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "ownerAccount",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "delegateAccount",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "delegateSince",
            "mutability": "readWrite",
            "type": "dateTime",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "delegateUntil",
            "mutability": "readWrite",
            "type": "dateTime",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        }
    ],
    "id": "urn:soffid:com.soffid.iam.api.RoleAccount"
}

Full JSON example

Visit SCIM RoleAccount examples page



Resource data model & schema

Host resource

/Host

Dictionary table

The diagram service model of the object: http://www.soffid.org/doc/console/latest/uml/com/soffid/iam/api/Host.html

Soffid allows you to add customized data to the user object. You can do that on metadata, on the proper object.

Query Schema

It is allowed to consult all the Host definition using the Schema query:

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Host
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Host",
        "resourceType": "Schema"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Schema"
    ],
    "name": "Host",
    "description": "Host object",
    "attributes": [
        {
            "uniqueness": "none",
            "name": "name",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "description",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "networkCode",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "dhcp",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "ip",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "os",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "mail",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "office",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "mac",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "hostAlias",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": true,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "printersServer",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "dynamicIp",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "serialNumber",
            "mutability": "readOnly",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "lastSeen",
            "mutability": "readOnly",
            "type": "dateTime",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        }
    ],
    "id": "urn:soffid:com.soffid.iam.api.Host"
}

Full JSON example

Visit SCIM Host examples page


Resource data model & schema

MailList resource

/MailList

Dictionary table

The diagram service model of the object: http://www.soffid.org/doc/console/latest/uml/com/soffid/iam/api/MailList.html

Soffid allows you to add customized data to the user object. You can do that on metadata, on the proper object.

Query Schema

It is allowed to consult all the MailList definition using the Schema query:

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.MailList
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.MailList",
        "resourceType": "Schema"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Schema"
    ],
    "name": "MailList",
    "description": "MailList object",
    "attributes": [
        {
            "uniqueness": "none",
            "name": "name",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "domainName",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "description",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "lists",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": true,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "externalList",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": true,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "roleMembers",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": true,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "groupMembers",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": true,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "usersList",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": true,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "listsBelong",
            "mutability": "readOnly",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "explodedUsersList",
            "mutability": "readOnly",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": true,
            "required": false
        }
    ],
    "id": "urn:soffid:com.soffid.iam.api.MailList"
}

Full JSON example

Visit SCIM MailList examples page.


Resource data model & schema

MailDomain resource

/MailDomain

Dictionary table

The diagram service model of the object: http://www.soffid.org/doc/console/latest/uml/com/soffid/iam/api/MailDomain.html

Query Schema

It is allowed to consult all the MailDomain definition using the Schema query:

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.MailDomain
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.MailDomain",
        "resourceType": "Schema"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Schema"
    ],
    "name": "MailDomain",
    "description": "MailDomain object",
    "attributes": [
        {
            "uniqueness": "none",
            "name": "name",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "description",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "id",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "obsolete",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        }
    ],
    "id": "urn:soffid:com.soffid.iam.api.MailDomain"
}

Full JSON example

Visit SCIM MailDomain examples page.



Resource data model & schema

Network resource

/Network

Dictionary table

The diagram service model of the object: http://www.soffid.org/doc/console/latest/uml/com/soffid/iam/api/Network.html

Query Schema

It is allowed to consult all the Network definition using the Schema query:

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Network
Response 200
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.Network",
        "resourceType": "Schema"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Schema"
    ],
    "name": "Network",
    "description": "Network object",
    "attributes": [
        {
            "uniqueness": "none",
            "name": "name",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "ip",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "description",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "mask",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "lanAccess",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "dhcp",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "id",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "dhcpSupport",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "loginRestriction",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        }
    ],
    "id": "urn:soffid:com.soffid.iam.api.Network"
}

Full JSON example

Visit SCIM Network examples page.



Resource data model & schema

DomainValue resource

/DomainValue

Dictionary table

The diagram service model of the object: http://www.soffid.org/doc/console/latest/uml/com/soffid/iam/api/DomainValue.html

Query Schema

It is allowed to consult all the DomainValue definition using the Schema query:

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.DomainValue
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.DomainValue",
        "resourceType": "Schema"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Schema"
    ],
    "name": "DomainValue",
    "description": "DomainValue object",
    "attributes": [
        {
            "uniqueness": "none",
            "name": "value",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "id",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "description",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "domainName",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "externalCodeDomain",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        }
    ],
    "id": "urn:soffid:com.soffid.iam.api.DomainValue"
}

Full JSON example

Visit SCIM DomainValue examples page.



Resource data model & schema

VaultFolder resource

/VaultFolder

Dictionary table

The diagram service model of the object: http://www.soffid.org/doc/console/latest/uml/com/soffid/iam/api/VaultFolder.html

Query Schema

It is allowed to consult all the VaultFolder definition using the Schema query:

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.VaultFolder
Response 200 OK


{
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.VaultFolder",
        "resourceType": "Schema"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Schema"
    ],
    "name": "VaultFolder",
    "description": "VaultFolder object",
    "attributes": [
        {
            "uniqueness": "none",
            "name": "name",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "personal",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "description",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "parentId",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "parentFolder",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "grantedGroups",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "grantedUsers",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "grantedRoles",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "managerGroups",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "managerUsers",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "managerRoles",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "ownerGroups",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "ownerUsers",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "ownerRoles",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "navigateGroups",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "navigateUsers",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "navigateRoles",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "accessLevel",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        }
    ],
    "id": "urn:soffid:com.soffid.iam.api.VaultFolder"
}

Full JSON example

Visit SCIM VaultFolder examples page.


Resource data model & schema

System resource

/System

Dictionary table

The diagram service model of the object: http://www.soffid.org/doc/console/latest/uml/com/soffid/iam/api/System.html

Query Schema

It is allowed to consult all the System definition using the Schema query:

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.System
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.System",
        "resourceType": "Schema"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Schema"
    ],
    "name": "System",
    "description": "System object",
    "attributes": [
        {
            "uniqueness": "none",
            "name": "name",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "description",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "className",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "url",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "url2",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "param0",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "param1",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "param2",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "param3",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "param4",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "param5",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "param6",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "param7",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "param8",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "param9",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "rolebased",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "trusted",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "userTypes",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "groups",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "groupsList",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "accessControl",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "passwordsDomainId",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "passwordsDomain",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "usersDomain",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "readOnly",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "fullReconciliation",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "generateTasksOnLoad",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "databaseReplicaId",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "authoritative",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "blobParam",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "timeStamp",
            "mutability": "readWrite",
            "type": "dateTime",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "authoritativeProcess",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "manualAccountCreation",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "sharedDispatcher",
            "mutability": "readWrite",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "threads",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "timeout",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "longTimeout",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "tenant",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        }
    ],
    "id": "urn:soffid:com.soffid.iam.api.System"
}

Full JSON example

Visit SCIM System examples page.




Resource data model & schema

CustomObject resource

/CustomObject

Dictionary table

The diagram service model of the object: http://www.soffid.org/doc/console/latest/uml/com/soffid/iam/api/CustomObject.html

Query Schema

It is allowed to consult all the CustomObject definition using the Schema query:

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.CustomObject
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.api.CustomObject",
        "resourceType": "Schema"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Schema"
    ],
    "name": "CustomObject",
    "description": "CustomObject object",
    "attributes": [
        {
            "uniqueness": "none",
            "name": "id",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "name",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "description",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "type",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": true
        },
        {
            "uniqueness": "none",
            "name": "attributes",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        }
    ],
    "id": "urn:soffid:com.soffid.iam.api.CustomObject"
}

Full JSON example

Visit SCIM CustomObject examples page.



Resource data model & schema

ProcessDefinition resource

/ProcessDefinition

Dictionary table

The diagram service model of the object: http://www.soffid.org/doc/console/latest/uml/com/soffid/iam/bpm/api/ProcessDefinition.html

Query Schema

It is allowed to consult all the ProcessDefinition definition using the Schema query:

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.bpm.api.ProcessDefinition
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.bpm.api.ProcessDefinition",
        "resourceType": "Schema"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Schema"
    ],
    "name": "ProcessDefinition",
    "description": "ProcessDefinition object",
    "attributes": [
        {
            "uniqueness": "none",
            "name": "version",
            "mutability": "readOnly",
            "type": "integer",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "tag",
            "mutability": "readOnly",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "name",
            "mutability": "readOnly",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "server",
            "name": "id",
            "mutability": "readOnly",
            "type": "integer",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "enabled",
            "mutability": "readOnly",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "appliesTo",
            "mutability": "readOnly",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "type",
            "mutability": "readOnly",
            "type": "complex",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "deployed",
            "mutability": "readOnly",
            "type": "complex",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "author",
            "mutability": "readOnly",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        }
    ],
    "id": "urn:soffid:com.soffid.iam.bpm.api.ProcessDefinition"
}

Full JSON example

Visit SCIM ProcessDefinition examples page.


Resource data model & schema

ProcessInstance resource

/ProcessInstance

Dictionary table

The diagram service model of the object: http://www.soffid.org/doc/console/latest/uml/com/soffid/iam/bpm/api/ProcessInstance.html

QUery Schema

It is allowed to consult all the ProcessInstance definition using the Schema query:

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.bpm.api.ProcessInstance
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.bpm.api.ProcessInstance",
        "resourceType": "Schema"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Schema"
    ],
    "name": "ProcessInstance",
    "description": "ProcessInstance object",
    "attributes": [
        {
            "uniqueness": "server",
            "name": "id",
            "mutability": "readOnly",
            "type": "integer",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "description",
            "mutability": "readOnly",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "start",
            "mutability": "readOnly",
            "type": "complex",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "end",
            "mutability": "readOnly",
            "type": "complex",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "variables",
            "mutability": "readWrite",
            "type": "complex",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "currentTask",
            "mutability": "readOnly",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "comments",
            "mutability": "readWrite",
            "type": "complex",
            "caseExact": true,
            "returned": "default",
            "multiValued": true,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "processDefinition",
            "mutability": "immutable",
            "type": "integer",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "dummyProcess",
            "mutability": "readOnly",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "transition",
            "mutability": "writeOnly",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": true,
            "required": false
        }
    ],
    "id": "urn:soffid:com.soffid.iam.bpm.api.ProcessInstance"
}

Full JSON example

Visit SCIM ProcessInstance examples page.


Resource data model & schema

TaskInstance resource

/TaskInstance

Dictionary table

The diagram service model of the object: http://www.soffid.org/doc/console/latest/uml/com/soffid/iam/bpm/api/TaskInstance.html

Query Schema

It is allowed to consult all the TaskInstance definition using the Schema query:

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.bpm.api.TaskInstance
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Schemas/urn:soffid:com.soffid.iam.bpm.api.TaskInstance",
        "resourceType": "Schema"
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Schema"
    ],
    "name": "TaskInstance",
    "description": "TaskInstance object",
    "attributes": [
        {
            "uniqueness": "server",
            "name": "id",
            "mutability": "readOnly",
            "type": "integer",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "processName",
            "mutability": "readOnly",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "server",
            "name": "processId",
            "mutability": "readOnly",
            "type": "integer",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "processDefinition",
            "mutability": "readOnly",
            "type": "integer",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "dummyTask",
            "mutability": "readOnly",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "name",
            "mutability": "readOnly",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "description",
            "mutability": "readOnly",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "actorId",
            "mutability": "readWrite",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "create",
            "mutability": "readOnly",
            "type": "complex",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "start",
            "mutability": "readOnly",
            "type": "complex",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "end",
            "mutability": "readOnly",
            "type": "complex",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "dueDate",
            "mutability": "readOnly",
            "type": "complex",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "priority",
            "mutability": "readOnly",
            "type": "integer",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "cancelled",
            "mutability": "readOnly",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "open",
            "mutability": "readOnly",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "signalling",
            "mutability": "readOnly",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "blocking",
            "mutability": "readOnly",
            "type": "boolean",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "swimlane",
            "mutability": "readOnly",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "pooledActors",
            "mutability": "readOnly",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": true,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "variables",
            "mutability": "readWrite",
            "type": "complex",
            "caseExact": true,
            "returned": "default",
            "multiValued": false,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "transitions",
            "mutability": "readOnly",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": true,
            "required": false
        },
        {
            "uniqueness": "none",
            "name": "transition",
            "mutability": "writeOnly",
            "type": "string",
            "caseExact": true,
            "returned": "default",
            "multiValued": true,
            "required": false
        }
    ],
    "id": "urn:soffid:com.soffid.iam.bpm.api.TaskInstance"
}

Full JSON example

Visit SCIM TaskInstance examples page.


SCIM full examples

SCIM full examples

Previous steps

Please note that the SCIM REST Web Service Add-on installed must be installed, please check this part in How to use SCIM in Soffid # Installation

Please note that a user with the authentication is required, please check this part in How to use SCIM in Soffid # Confirm authorization

Please note that is recommended to use a REST client, please see our example in Testing tool # RESTer

Please note that the correct header parameters must be used, please browse them in SCIM in Soffid # HTTP request


SCIM full examples

SCIM User examples

Operations

This page shows the operations that can be performed for the user object.

List all

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/User
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 64,
    "startIndex": 1,
    "Resources": [
        {
            "lastName": "Pig",
            "profileServer": "null",
            "createdByUser": "hrms",
            "fullName": "Dad Pig",
            "active": true,
            "userName": "1",
            "mailAlias": "",
            "mailServer": "null",
            "firstName": "Dad",
            "createdDate": "2021-02-16 13:38:26",
            "multiSession": false,
            "meta": {
                "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/User/1477909",
                "links": {
                    "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'1'+and+enabled+eq+true",
                    "groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'1'+and+disabled+eq+false",
                    "accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'1'"
                },
                "resourceType": "User"
            },
            "modifiedByUser": "admin",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.User"
            ],
            "modifiedDate": "2021-05-04 09:24:54",
            "attributes": {},
            "id": 1477909,
            "userType": "I",
            "homeServer": "null",
            "primaryGroupDescription": "World Original",
            "primaryGroup": "world"
        },
        {
            "lastName": "SUZY",
            "profileServer": "null",
            "createdByUser": "hrms",
            "fullName": "Suzy SUZY",
            "active": true,
            "userName": "10",
            "mailAlias": "",
            "mailServer": "null",
            "firstName": "Suzy",
            "createdDate": "2021-02-16 13:38:27",
            "multiSession": false,
            "meta": {
                "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/User/1477931",
                "links": {
                    "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'10'+and+enabled+eq+true",
                    "groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'10'+and+disabled+eq+false",
                    "accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'10'"
                },
                "resourceType": "User"
            },
            "modifiedByUser": "admin",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.User"
            ],
            "modifiedDate": "2021-05-05 14:11:37",
            "attributes": {},
            "id": 1477931,
            "userType": "I",
            "homeServer": "null",
            "primaryGroupDescription": "World Original",
            "primaryGroup": "world"
        },
        {
            "lastName": "Rabbit",
            "profileServer": "null",
            "createdByUser": "hrms",
            "fullName": "Ricchard Rabbit",
            "active": true,
            "userName": "11",
            "mailAlias": "",
            "mailServer": "null",
            "firstName": "Ricchard",
            "createdDate": "2021-02-16 13:38:27",
            "multiSession": false,
            "meta": {
                "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/User/1477953",
                "links": {
                    "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'11'+and+enabled+eq+true",
                    "groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'11'+and+disabled+eq+false",
                    "accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'11'"
                },
                "resourceType": "User"
            },
            "modifiedByUser": "admin",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.User"
            ],
            "modifiedDate": "2021-02-17 19:06:20",
            "attributes": {},
            "id": 1477953,
            "userType": "I",
            "homeServer": "null",
            "primaryGroupDescription": "World Original",
            "primaryGroup": "world"
        },
      .......
    ]
}

List by filter

List all users with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/User?filter=lastName co ada&sortOrder=descending&sortBy=userName
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 13,
    "startIndex": 1,
    "Resources": [
        {
            "lastName": "ADAMS",
            "comments": "Changed",
            "profileServer": "null",
            "createdByUser": "soffid.bubu.lab",
            "fullName": "Wally ADAMS",
            "active": true,
            "userName": "wally",
            "mailAlias": "",
            "mailServer": "null",
            "firstName": "Wally",
            "createdDate": "2020-12-11 11:23:58",
            "multiSession": false,
            "meta": {
                "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/User/1002599",
                "links": {
                    "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'wally'+and+enabled+eq+true",
                    "groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'wally'+and+disabled+eq+false",
                    "accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'wally'"
                },
                "resourceType": "User"
            },
            "modifiedByUser": "admin",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.User"
            ],
            "modifiedDate": "2021-04-22 19:31:01",
            "attributes": {
                "RegisterServiceProvider": "anonymous",
                "manager": "admin",
                "PHONE": "2",
                "EMAIL": "wally5@test.com",
            },
            "id": 1002599,
            "userType": "I",
            "homeServer": "null",
            "primaryGroupDescription": "Enterprise",
            "primaryGroup": "enterprise"
        },
        {
            "lastName": "ADAMS",
            "comments": "Changed",
            "profileServer": "null",
            "createdByUser": "soffid.bubu.lab",
            "fullName": "Tina ADAMS",
            "active": true,
            "userName": "tina",
            "mailAlias": "",
            "mailServer": "null",
            "firstName": "Tina",
            "createdDate": "2020-12-11 12:22:07",
            "multiSession": false,
            "meta": {
                "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/User/1004678",
                "links": {
                    "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'tina'+and+enabled+eq+true",
                    "groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'tina'+and+disabled+eq+false",
                    "accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'tina'"
                },
                "resourceType": "User"
            },
            "modifiedByUser": "admin",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.User"
            ],
            "modifiedDate": "2021-04-22 19:11:17",
            "attributes": {
                "RegisterServiceProvider": "anonymous",
                "manager": "admin",
                "PHONE": "1",
                "EMAIL": "tina11@test.com",
            },
            "id": 1004678,
            "userType": "I",
            "homeServer": "null",
            "primaryGroupDescription": "Enterprise",
            "primaryGroup": "enterprise"
        },
        {
            "lastName": "ADAMS",
            "comments": "Changed",
            "profileServer": "null",
            "createdByUser": "soffid.bubu.lab",
            "fullName": "Teodoro ADAMS",
            "active": true,
            "userName": "ted",
            "mailAlias": "",
            "mailServer": "null",
            "firstName": "Teodoro",
            "createdDate": "2020-12-11 09:18:42",
            "multiSession": false,
            "meta": {
                "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/User/1000190",
                "links": {
                    "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'ted'+and+enabled+eq+true",
                    "groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'ted'+and+disabled+eq+false",
                    "accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'ted'"
                },
                "resourceType": "User"
            },
            "modifiedByUser": "admin",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.User"
            ],
            "modifiedDate": "2021-02-04 15:44:42",
            "attributes": {
                "RegisterServiceProvider": "anonymous",
                "manager": "admin",
                "EMAIL": "test3@gmail.com",
            },
            "id": 1000190,
            "userType": "I",
            "homeServer": "null",
            "primaryGroupDescription": "Enterprise",
            "primaryGroup": "enterprise"
        },
      .........
    ]
}

Query by id

Query a user by its id (primary key). 

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/User/1057751
Response 200 OK
{
    "lastName": "Smith",
    "comments": "Changed",
    "createdByUser": "soffid.bubu.lab",
    "fullName": "John Smith",
    "active": true,
    "userName": "jsmith",
    "mailAlias": "",
    "firstName": "John",
    "createdDate": "2020-12-14 17:52:14",
    "multiSession": false,
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/User/1057751",
        "links": {
            "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'jsmith'+and+enabled+eq+true",
            "groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'jsmith'+and+disabled+eq+false",
            "accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'jsmith'"
        },
        "resourceType": "User"
    },
    "modifiedByUser": "admin",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.User"
    ],
    "modifiedDate": "2021-05-07 12:32:41",
    "attributes": {
        "RegisterServiceProvider": "anonymous",
        "manager": "admin",
        "EMAIL": "jsmith@test.com",
        "birthDate": "1970-05-26 00:00:00",
        "ActivationKey": "HPhl61lBlJ9fgcDtWyug0O15"
    },
    "id": 1057751,
    "userType": "I",
    "primaryGroupDescription": "Help desk support team",
    "primaryGroup": "it"
}

Create

Request

POST http://<your-domain>/soffid/webservice/scim2/v1/User

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.User"
    ],
    "userName": "ckelp",
    "firstName": "Cas",
    "lastName": "Kelp",
    "userType": "I",
    "primaryGroup": "world",
    "homeServer": "null",
    "mailServer": "null",
    "profileServer": "null",
    "active": true
}
Response 201 Created
{
    "lastName": "Kelp",
    "profileServer": "null",
    "createdByUser": "admin",
    "fullName": "Cas Kelp",
    "active": true,
    "userName": "ckelp",
    "mailAlias": "",
    "mailServer": "null",
    "firstName": "Cas",
    "createdDate": "2021-05-11 09:06:49",
    "multiSession": false,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User/1976665",
        "resourceType": "User"
    },
    "modifiedByUser": "admin",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.User"
    ],
    "modifiedDate": "2021-05-11 09:06:49",
    "attributes": {},
    "id": 1976665,
    "userType": "I",
    "homeServer": "null",
    "primaryGroupDescription": "World Original",
    "primaryGroup": "world"
}

Update partial

Only attributes with changes will be updated, the other will maintain the same value.

If you want to add users to a group, please visit SCIM GroupUser examples page

Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/User/1976665

JSON

{
    "Operations": [
        {
            "op": "replace",
            "path": "lastName",
            "value": "Casey"
        },
        {
            "op": "replace",
            "path": "middleName",
            "value": "XX"
        }
    ]
}
Response 200 OK
{
    "lastName": "Casey",
    "profileServer": "null",
    "createdByUser": "admin",
    "fullName": "Casey Casey XX",
    "active": true,
    "userName": "ckelp",
    "mailAlias": "",
    "mailServer": "null",
    "firstName": "Casey",
    "createdDate": "2021-05-11 09:06:49",
    "multiSession": false,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User/1976665",
        "links": {
            "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'ckelp'+and+enabled+eq+true",
            "groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'ckelp'+and+disabled+eq+false",
            "accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'ckelp'"
        },
        "resourceType": "User"
    },
    "modifiedByUser": "admin",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.User"
    ],
    "modifiedDate": "2021-05-11 09:33:35",
    "middleName": "XX",
    "attributes": {},
    "id": 1976665,
    "userType": "I",
    "homeServer": "null",
    "primaryGroupDescription": "World Original",
    "primaryGroup": "world"
}

Update all

This operation replaces all values in the user.

Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/Role/1976590

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.User"
    ],
    "id": 1976665,
    "userName": "ckelp",
    "firstName": "Casey",
    "lastName": "Kelp",
    "userType": "I",
    "primaryGroup": "world",
    "homeServer": "null",
    "mailServer": "null",
    "profileServer": "null",
    "active": true
}
Response 200 OK
{
    "lastName": "Kelp",
    "profileServer": "null",
    "createdByUser": "admin",
    "fullName": "Casey Kelp",
    "active": true,
    "userName": "ckelp",
    "mailAlias": "",
    "mailServer": "null",
    "firstName": "Casey",
    "createdDate": "2021-05-11 09:06:49",
    "multiSession": false,
    "meta": {
        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/User/1976665",
        "links": {
            "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=userCode+eq+'ckelp'+and+enabled+eq+true",
            "groupUsers": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser?filter=user+eq+'ckelp'+and+disabled+eq+false",
            "accounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account?filter=type+eq+U+and+users.user.userName+eq+'ckelp'"
        },
        "resourceType": "User"
    },
    "modifiedByUser": "admin",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.User"
    ],
    "modifiedDate": "2021-05-11 09:35:24",
    "attributes": {},
    "id": 1976665,
    "userType": "I",
    "homeServer": "null",
    "primaryGroupDescription": "World Original",
    "primaryGroup": "world"
}

Delete

Please note after this delete, the user has to be created again to use it in the next examples.

Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/User/1976665
Response 204 No Content
204 No Content

Error response

For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response


SCIM full examples

SCIM Group examples

Operations

This page shows the operations that can be performed for the group object.

List all

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Group
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 7,
    "startIndex": 1,
    "Resources": [
        {
            "organizational": false,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/83",
                "links": {
                    "members": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=primaryGroup+eq+'world'+or secondaryGroup.group.name+eq+'world'",
                    "administrators": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=group.name+eq+'world'"
                },
                "resourceType": "Group"
            },
            "quota": "0",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Group"
            ],
            "name": "world",
            "obsolete": false,
            "description": "World Original",
            "attributes": {},
            "id": 83
        },
        {
            "organizational": false,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/87",
                "links": {
                    "members": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=primaryGroup+eq+'enterprise'+or secondaryGroup.group.name+eq+'enterprise'",
                    "administrators": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=group.name+eq+'enterprise'"
                },
                "resourceType": "Group"
            },
            "quota": "0",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Group"
            ],
            "name": "enterprise",
            "obsolete": false,
            "description": "Enterprise",
            "parentGroup": "world",
            "attributes": {},
            "id": 87
        },
      ......
    ]
}

List by filter

List all groups with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.

Request

 

GET http://<your-domain>/soffid/webservice/scim2/v1/Group?filter=name co world
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 2,
    "startIndex": 1,
    "Resources": [
        {
            "organizational": false,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/83",
                "links": {
                    "members": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=primaryGroup+eq+'world'+or secondaryGroup.group.name+eq+'world'",
                    "administrators": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=group.name+eq+'world'"
                },
                "resourceType": "Group"
            },
            "quota": "0",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Group"
            ],
            "name": "world",
            "obsolete": false,
            "description": "World Original",
            "attributes": {},
            "id": 83
        },
        {
            "organizational": false,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/485118",
                "links": {
                    "members": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=primaryGroup+eq+'world2'+or secondaryGroup.group.name+eq+'world2'",
                    "administrators": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=group.name+eq+'world2'"
                },
                "resourceType": "Group"
            },
            "quota": "0",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Group"
            ],
            "name": "world2",
            "obsolete": false,
            "description": "World Modified",
            "attributes": {},
            "id": 485118
        }
    ]
}

Query by id

Retrieve a group by its id (primary key). 

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Group/83
Response 200 OK
{
    "organizational": false,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/83",
        "links": {
            "members": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=primaryGroup+eq+'world'+or secondaryGroup.group.name+eq+'world'",
            "administrators": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=group.name+eq+'world'"
        },
        "resourceType": "Group"
    },
    "quota": "0",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Group"
    ],
    "name": "world",
    "obsolete": false,
    "description": "World Original",
    "attributes": {},
    "id": 83
}

Create

Request
POST http://<your-domain>/soffid/webservice/scim2/v1/Group/

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Group"
    ],
    "name": "EngineeringTeam",
    "description": "Enterprise engineering team",
    "parentGroup": "world"
}
Response 201 Created
{
    "organizational": false,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/1976559",
        "resourceType": "Group"
    },
    "quota": "0",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Group"
    ],
    "name": "EngineeringTeam",
    "obsolete": false,
    "description": "Enterprise engineering team",
    "parentGroup": "world",
    "attributes": {},
    "id": 1976559
}

Update partial

Only attributes with changes will be updated, the other will maintain the same value.

If you want to add users to a group, please visit SCIM GroupUser examples page

Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/Group/1976559

JSON

{
    "Operations": [
        {
            "op": "replace",
            "path": "description",
            "value": "Enterprise Engineering Group"
        },
        {
            "op": "replace",
            "path": "type",
            "value": "CC"
        }
    ]
}
Response 200 OK
{
    "organizational": false,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/1976559",
        "links": {
            "members": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=primaryGroup+eq+'EngineeringTeam'+or secondaryGroup.group.name+eq+'EngineeringTeam'",
            "administrators": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=group.name+eq+'EngineeringTeam'"
        },
        "resourceType": "Group"
    },
    "quota": "0",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Group"
    ],
    "name": "EngineeringTeam",
    "obsolete": false,
    "description": "Enterprise Engineering Group",
    "parentGroup": "world",
    "attributes": {},
    "id": 1976559,
    "type": "CC"
}

Update all

This operation replaces all values in the group. 

Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/Group/1976559

JSON

{
    "schemas": ["urn:soffid:com.soffid.iam.api.Group"],
    "id": 1976559,
    "name": "EngineeringTeam",
    "description": "Enterprise engineering team",
    "parentGroup": "world"
}
Response 200 OK
{
    "organizational": false,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/1976559",
        "links": {
            "members": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=primaryGroup+eq+'EngineeringTeam'+or secondaryGroup.group.name+eq+'EngineeringTeam'",
            "administrators": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=group.name+eq+'EngineeringTeam'"
        },
        "resourceType": "Group"
    },
    "quota": "0",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Group"
    ],
    "name": "EngineeringTeam",
    "obsolete": false,
    "description": "Enterprise engineering team",
    "parentGroup": "world",
    "attributes": {},
    "id": 1976559
}

Delete

Please note that after this delete action, you will need to create again the group to use it in the next examples.

Request
DELETE http://<your-domain>/soffid/webservice/scim2/v1/Group/1976559
Response 204 No Content
204 No Content

Error response

For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response

 

SCIM full examples

SCIM Account examples

Operations

This page shows the operations that can be performed for the account object

List all

List all accounts, disabled or not.

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Account
Response 200 OK

For example, after the Soffid installation, these are the available account.

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 1,
    "startIndex": 1,
    "Resources": [
        {
            "lastLogin": "2021-05-10 13:00:40",
            "grantedRoles": [],
            "description": "Soffid Administrator",
            "type": "U",
            "ownerGroups": [],
            "oldName": "admin",
            "loginName": "admin",
            "inheritNewPermissions": false,
            "disabled": false,
            "id": 103,
            "managerGroups": [],
            "grantedGroups": [],
            "lastPasswordSet": "2021-05-05 11:32:14",
            "passwordExpiration": "2022-05-05 00:00:00",
            "passwordPolicy": "I",
            "accessLevel": "O",
            "managerRoles": [],
            "created": "2020-02-13 23:01:44",
            "system": "soffid",
            "ownerRoles": [],
            "meta": {
                "location": "http://<your-domain>/webservice/scim2/v1/Account/103",
                "links": {
                    "roleAccounts": "http://<your-domain>/webservice/scim2/v1/RoleAccount?filter=account.id+eq+103+and+enabled+eq+true",
                    "users": "http://<your-domain>/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+103+or+accounts.account.id+eq+103"
                },
                "resourceType": "Account"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Account"
            ],
            "name": "admin",
            "managerUsers": [],
            "attributes": {},
            "status": "a",
            "ownerUsers": [
                "admin"
            ],
            "grantedUsers": []
        }
    ]
}

List by filter

List all accounts with a filter expression. 

It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.

Request

 

GET http://<your-domain>/soffid/webservice/scim2/v1/Account?filter=name co "adm" and passwordPolicy  pr
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 3,
    "startIndex": 1,
    "Resources": [
        {
            "lastLogin": "2021-05-10 13:05:15",
            "grantedRoles": [],
            "description": "Soffid Administrator",
            "type": "U",
            "ownerGroups": [],
            "oldName": "admin2",
            "loginName": "admin",
            "inheritNewPermissions": false,
            "disabled": false,
            "id": 103,
            "managerGroups": [],
            "grantedGroups": [],
            "lastPasswordSet": "2021-05-05 11:32:14",
            "passwordExpiration": "2022-05-05 00:00:00",
            "passwordPolicy": "I",
            "accessLevel": "O",
            "managerRoles": [],
            "created": "2020-02-13 23:01:44",
            "system": "soffid",
            "ownerRoles": [],
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/103",
                "links": {
                    "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+103+and+enabled+eq+true",
                    "users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+103+or+accounts.account.id+eq+103"
                },
                "resourceType": "Account"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Account"
            ],
            "name": "admin",
            "managerUsers": [],
            "attributes": {},
            "status": "a",
            "ownerUsers": [
                "admin"
            ],
            "grantedUsers": []
        },
        {
            "passwordPolicy": "I",
            "grantedRoles": [],
            "accessLevel": "O",
            "managerRoles": [],
            "created": "2021-03-04 22:37:21",
            "description": "Soffid test account",
            "type": "I",
            "system": "soffid",
            "ownerGroups": [],
            "ownerRoles": [],
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1587766",
                "links": {
                    "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1587766+and+enabled+eq+true",
                    "users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1587766+or+accounts.account.id+eq+1587766"
                },
                "resourceType": "Account"
            },
            "loginName": "admintest",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Account"
            ],
            "name": "admintest",
            "inheritNewPermissions": false,
            "managerUsers": [
                "dilbert",
                "dogbert"
            ],
            "disabled": false,
            "attributes": {},
            "id": 1587766,
            "managerGroups": [],
            "grantedGroups": [],
            "status": "a",
            "ownerUsers": [
                "admin"
            ],
            "grantedUsers": []
        },
        {
            "passwordPolicy": "I",
            "grantedRoles": [],
            "accessLevel": "O",
            "managerRoles": [],
            "created": "2021-03-04 22:44:06",
            "description": "Soffid test account 2",
            "type": "I",
            "system": "soffid",
            "ownerGroups": [],
            "ownerRoles": [],
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1587776",
                "links": {
                    "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1587776+and+enabled+eq+true",
                    "users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1587776+or+accounts.account.id+eq+1587776"
                },
                "resourceType": "Account"
            },
            "loginName": "admintest2",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Account"
            ],
            "name": "admintest2",
            "inheritNewPermissions": false,
            "managerUsers": [
                "dilbert",
                "dogbert"
            ],
            "disabled": false,
            "attributes": {},
            "id": 1587776,
            "managerGroups": [],
            "grantedGroups": [],
            "status": "a",
            "ownerUsers": [
                "admin"
            ],
            "grantedUsers": []
        }
    ]
}

Query by id

Query an account by its id (primary key). 

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Account/1057754
Response 200 OK
{
    "passwordPolicy": "I",
    "grantedRoles": [],
    "accessLevel": "-",
    "managerRoles": [],
    "created": "2020-12-14 17:52:14",
    "description": "John Smith",
    "type": "U",
    "system": "idp",
    "ownerGroups": [],
    "ownerRoles": [],
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1057754",
        "links": {
            "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1057754+and+enabled+eq+true",
            "users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1057754+or+accounts.account.id+eq+1057754"
        },
        "resourceType": "Account"
    },
    "loginName": "jsmith",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Account"
    ],
    "name": "jsmith",
    "inheritNewPermissions": false,
    "managerUsers": [],
    "disabled": false,
    "attributes": {},
    "id": 1057754,
    "managerGroups": [],
    "grantedGroups": [],
    "status": "a",
    "ownerUsers": [
        "jsmith"
    ],
    "grantedUsers": []
}

Create

Request

POST http://<your-domain>/soffid/webservice/scim2/v1/Account

JSON

{ 
    "schemas": ["urn:soffid:com.soffid.iam.api.Account"],
    "name": "Guest",
    "type": "I",
    "system": "soffid",
    "passwordPolicy": "I",
    "description": "Guest user",
    "inheritNewPermissions": false,
    "disabled": false
}
Response 201 Created
{
    "passwordPolicy": "I",
    "grantedRoles": [],
    "managerRoles": [],
    "description": "Guest user",
    "type": "I",
    "system": "soffid",
    "ownerGroups": [],
    "ownerRoles": [],
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1976454",
        "resourceType": "Account"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Account"
    ],
    "name": "Guest",
    "inheritNewPermissions": false,
    "managerUsers": [],
    "disabled": false,
    "attributes": {},
    "id": 1976454,
    "managerGroups": [],
    "grantedGroups": [],
    "ownerUsers": [],
    "grantedUsers": []
}

Update partial

Only attributes with changes will be updated, the other will maintain the same value.

Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/Account/15455

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Account"
    ],
    "Operations": [
        {
            "op": "replace",
            "path": "description",
            "value": "Guest User"
        },
        {
            "op": "replace",
            "path": "ownerUsers",
            "value": [
                "admin"
            ]
        }
    ]
}
Response 200 OK
{
    "passwordPolicy": "I",
    "grantedRoles": [],
    "accessLevel": "-",
    "managerRoles": [],
    "created": "2021-05-10 13:08:05",
    "description": "Guest User",
    "type": "I",
    "system": "soffid",
    "ownerGroups": [],
    "ownerRoles": [],
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1976454",
        "links": {
            "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1976454+and+enabled+eq+true",
            "users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1976454+or+accounts.account.id+eq+1976454"
        },
        "resourceType": "Account"
    },
    "loginName": "Guest",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Account"
    ],
    "name": "Guest",
    "inheritNewPermissions": false,
    "managerUsers": [],
    "disabled": false,
    "attributes": {},
    "id": 1976454,
    "managerGroups": [],
    "grantedGroups": [],
    "status": "a",
    "ownerUsers": [
        "admin"
    ],
    "grantedUsers": []
}

Update all

This operation replaces all values in the account. For example, we will update the description.

Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/Account/1976454

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Account"
    ],
    "id": 1976454,
    "name": "Guest",
    "type": "I",
    "system": "soffid",
    "passwordPolicy": "I",
    "description": "Guest Guest",
    "inheritNewPermissions": false,
    "disabled": false
}
Response 200 OK
{
    "passwordPolicy": "I",
    "grantedRoles": [],
    "managerRoles": [],
    "description": "Guest Guest",
    "type": "I",
    "system": "soffid",
    "ownerGroups": [],
    "ownerRoles": [],
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1976454",
        "links": {
            "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1976454+and+enabled+eq+true",
            "users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1976454+or+accounts.account.id+eq+1976454"
        },
        "resourceType": "Account"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Account"
    ],
    "name": "Guest",
    "inheritNewPermissions": false,
    "managerUsers": [],
    "disabled": false,
    "attributes": {},
    "id": 1976454,
    "managerGroups": [],
    "grantedGroups": [],
    "status": "a",
    "ownerUsers": [],
    "grantedUsers": []
}

Delete

Please note after this delete, the account has to be created again to use it in the next examples.

Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/Account/1976454
Response 204 No Content
204 No Content

Note: use of roles with domain values

In case of granting roles with domain values, the optional attribute domain value contains the value for that domain. Here is a sample account with permissions for the role SOFFID_OU_DOMAIN and domains D2 and enterprise:

{
            "grantedRoles": [],
            "roles": [
                {
                    "informationSystemName": "SOFFID",
                    "roleName": "SOFFID_OU_MANAGER",
                    "id": 2236442,
                    "roleDescription": "Business unit manager",
                    "domainValue": "D2"
                },
                {
                    "informationSystemName": "SOFFID",
                    "roleName": "SOFFID_OU_MANAGER",
                    "id": 2236447,
                    "roleDescription": "Business unit manager",
                    "domainValue": "enterprise"
                }
            ],
            "description": "faith - faith MUYOYO",
            "type": {
                "value": "U"
            },
            "lastUpdated": "2019-07-16T10:35:01+02:00",
            "ownerGroups": [],
            "inheritNewPermissions": false,
            "disabled": false,
            "id": 1727122,
            "grantedGroups": [],
            "managerGroups": [],
            "passwordPolicy": "I",
            "managerRoles": [],
            "created": "2019-07-16T10:26:16+02:00",
            "system": "soffid",
            "ownerRoles": [],
            "meta": {
                "location": "http://bubu-thinkpad:8080/soffid/webservice/scim/Account/1727122",
                "resourceType": "Account"
            },
            "name": "faith",
            "managerUsers": [],
            "attributes": {},
            "grantedUsers": [],
            "ownerUsers": [
                {
                    "lastName": "Smith",
                    "createdByUser": "csv",
                    "mailServer": "null",
                    "nationalID": "",
                    "multiSession": false,
                    "modifiedByUser": "admin",
                    "id": 1727113,
                    "homeServer": "null",
                    "primaryGroupDescription": "Entrprise",
                    "primaryGroup": "enterprise",
                    "comments": "Loaded from CSV file on Mon Aug 05 22:00:00 CEST 2019",
                    "profileServer": "null",
                    "active": true,
                    "fullName": "faith MUYOYO",
                    "userName": "faith",
                    "mailAlias": "",
                    "firstName": "faith",
                    "createdDate": "2019-07-16T10:26:16+02:00",
                    "phoneNumber": "",
                    "modifiedDate": "2019-12-12T17:06:42+01:00",
                    "userType": "I"
                }
            ]
        }

Error response

For more infomation about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response

 

SCIM full examples

SCIM Application examples

Operations

This page shows the operations that can be performed for the application object (Information Systems from a functional point of view)

List all

Request
GET http://<your-domain>/webservice/scim2/v1/Application
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 2,
    "startIndex": 1,
    "Resources": [
        {
            "parent": "Operation/Business 2",
            "relativeName": "SOFFID",
            "database": "",
            "bpmEnabled": true,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application/41",
                "links": {
                    "children": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application?filter=parent.name+eq+'Operation/Business 2/SOFFID'",
                    "roles": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role?filter=informationSystemName+eq+'Operation/Business 2/SOFFID'"
                },
                "resourceType": "Application"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Application"
            ],
            "name": "Operation/Business 2/SOFFID",
            "description": "SOFFID Identity Manager",
            "singleRole": false,
            "attributes": {},
            "id": 41,
            "type": "application"
        },
        {
            "parent": "Operation/Business process",
            "relativeName": "ad",
            "database": "ad",
            "bpmEnabled": true,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application/391459",
                "links": {
                    "children": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application?filter=parent.name+eq+'Operation/Business process/ad'",
                    "roles": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role?filter=informationSystemName+eq+'Operation/Business process/ad'"
                },
                "resourceType": "Application"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Application"
            ],
            "name": "Operation/Business process/ad",
            "description": "Active Directory",
            "singleRole": false,
            "attributes": {},
            "id": 391459,
            "type": "application"
        }
    ]
}

List by filter

List all application with a filter expression. 

It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Application?filter=description co SOFFID
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 2,
    "startIndex": 1,
    "Resources": [
        {
            "parent": "Operation/Business 2",
            "relativeName": "SOFFID",
            "database": "",
            "bpmEnabled": true,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application/41",
                "links": {
                    "children": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application?filter=parent.name+eq+'Operation/Business 2/SOFFID'",
                    "roles": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role?filter=informationSystemName+eq+'Operation/Business 2/SOFFID'"
                },
                "resourceType": "Application"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Application"
            ],
            "name": "Operation/Business 2/SOFFID",
            "description": "SOFFID Identity Manager",
            "singleRole": false,
            "attributes": {},
            "id": 41,
            "type": "application"
        },
        {
            "parent": "Operation/Business 2",
            "relativeName": "iam.soffid.com",
            "database": "iam.soffid.com",
            "bpmEnabled": false,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application/1836136",
                "links": {
                    "children": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application?filter=parent.name+eq+'Operation/Business 2/iam.soffid.com'",
                    "roles": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role?filter=informationSystemName+eq+'Operation/Business 2/iam.soffid.com'"
                },
                "resourceType": "Application"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Application"
            ],
            "name": "Operation/Business 2/iam.soffid.com",
            "description": "Discovered host iam.soffid.com",
            "singleRole": false,
            "attributes": {},
            "id": 1836136,
            "type": "application"
        }
    ]
}

Query by id

Retrieve an application by its id (primary key). 

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Application/391459
Response 200 OK
{
    "parent": "Operation/Business process",
    "relativeName": "ad",
    "database": "ad",
    "bpmEnabled": true,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application/391459",
        "links": {
            "children": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application?filter=parent.name+eq+'Operation/Business process/ad'",
            "roles": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role?filter=informationSystemName+eq+'Operation/Business process/ad'"
        },
        "resourceType": "Application"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Application"
    ],
    "name": "Operation/Business process/ad",
    "description": "Active Directory",
    "singleRole": false,
    "attributes": {},
    "id": 391459,
    "type": "application"
}

Create

To create an application (Information System).

Request
POST http://<your-domain>/soffid/webservice/scim2/v1/Application/

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Application"
    ],
    "parent": "Operation/Business 2",
    "relativeName": "appBilling",
    "database": "",
    "bpmEnabled": false,
    "name": "Operation/Business 2/App Billing",
    "description": "Billing application",
    "singleRole": false,
    "attributes": {},
    "type": "application"
}
Response 201 Created
{
    "parent": "Operation/Business 2",
    "relativeName": "App Billing",
    "database": "",
    "bpmEnabled": false,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application/1976515",
        "resourceType": "Application"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Application"
    ],
    "name": "Operation/Business 2/App Billing",
    "description": "Billing application",
    "singleRole": false,
    "attributes": {},
    "id": 1976515,
    "type": "application"
}

Update partial

Only attributes with changes will be updated, the other will maintain the same value.

Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/Application/1976515

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Application"
    ],
    "Operations": [
        {
            "op": "replace",
            "path": "parent",
            "value": "Operation/Business process"
        },
        {
            "op": "replace",
            "path": "name",
            "value": "Operation/Business process/App Billing"
        },
        {
            "op": "replace",
            "path": "database",
            "value": "DDBBBilling"
        }
    ]
}
Response 200 OK
{
    "parent": "Operation/Business process",
    "relativeName": "App Billing",
    "database": "DDBBBilling",
    "bpmEnabled": false,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application/1976515",
        "links": {
            "children": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application?filter=parent.name+eq+'Operation/Business process/App Billing'",
            "roles": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role?filter=informationSystemName+eq+'Operation/Business process/App Billing'"
        },
        "resourceType": "Application"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Application"
    ],
    "name": "Operation/Business process/App Billing",
    "description": "Billing application",
    "singleRole": false,
    "attributes": {},
    "id": 1976515,
    "type": "application"
}

Update all

This operation replaces all values in the application.

Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/Application/1976515

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Application"
    ],
    "id": 1976515,
    "parent": "Operation/Business 2",
    "relativeName": "appBilling",
    "database": "",
    "bpmEnabled": false,
    "name": "Operation/Business 2/App Billing",
    "description": "Billing application",
    "singleRole": false,
    "attributes": {},
    "type": "application"
}
Response 200 OK
{
    "parent": "Operation/Business 2",
    "relativeName": "App Billing",
    "database": "",
    "bpmEnabled": false,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application/1976515",
        "links": {
            "children": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Application?filter=parent.name+eq+'Operation/Business 2/App Billing'",
            "roles": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role?filter=informationSystemName+eq+'Operation/Business 2/App Billing'"
        },
        "resourceType": "Application"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Application"
    ],
    "name": "Operation/Business 2/App Billing",
    "description": "Billing application",
    "singleRole": false,
    "attributes": {},
    "id": 1976515,
    "type": "application"
}

Delete

Please note that after this delete action, you will need to create again the application to use it in the next examples.

Request
DELETE http://<your-domain>/webservice/scim2/v1/Application/2236428
Response 204 No Content
204 No Content

Error response

For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response

 

SCIM full examples

SCIM Role examples

Operations

This page shows the operations that can be performed for the role object

List all

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Role
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 4,
    "startIndex": 1,
    "Resources": [
        {
            "approvalEnd": "2021-02-26 13:19:36",
            "ownedRoles": [
                {
                    "informationSystem": "Operation/Business process/ad",
                    "ownerRole": 63,
                    "ownerRoleDescription": "SOFFID Administrator",
                    "roleId": 393195,
                    "mandatory": true,
                    "enabled": true,
                    "ownerSystem": "soffid",
                    "system": "ad",
                    "meta": {
                        "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/RoleGrant/1563461",
                        "resourceType": "RoleGrant"
                    },
                    "schemas": [
                        "urn:soffid:com.soffid.iam.api.RoleGrant"
                    ],
                    "roleName": "AD role",
                    "hasDomain": false,
                    "id": 1563461,
                    "ownerRoleName": "SOFFID_ADMIN",
                    "roleDescription": "AD role",
                    "status": "A"
                },
                {
                    "informationSystem": "Operation/Business 2/SOFFID",
                    "ownerRole": 63,
                    "ownerRoleDescription": "SOFFID Administrator",
                    "roleId": 393447,
                    "mandatory": true,
                    "enabled": true,
                    "ownerSystem": "soffid",
                    "system": "ad",
                    "meta": {
                        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleGrant/501188",
                        "resourceType": "RoleGrant"
                    },
                    "schemas": [
                        "urn:soffid:com.soffid.iam.api.RoleGrant"
                    ],
                    "roleName": "accounting_mgr",
                    "hasDomain": false,
                    "id": 501188,
                    "ownerRoleName": "SOFFID_ADMIN",
                    "roleDescription": "Accounting Manager",
                    "status": "A"
                },
                {
                    "informationSystem": "Operation/Business process/ad",
                    "ownerRole": 63,
                    "ownerRoleDescription": "SOFFID Administrator",
                    "roleId": 391535,
                    "mandatory": true,
                    "enabled": true,
                    "ownerSystem": "soffid",
                    "system": "ad",
                    "meta": {
                        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleGrant/503759",
                        "resourceType": "RoleGrant"
                    },
                    "schemas": [
                        "urn:soffid:com.soffid.iam.api.RoleGrant"
                    ],
                    "roleName": "g100",
                    "hasDomain": false,
                    "id": 503759,
                    "ownerRoleName": "SOFFID_ADMIN",
                    "roleDescription": "Desarrollo Circuito",
                    "status": "A"
                },
                {
                    "informationSystem": "Operation/Business process/ad",
                    "ownerRole": 63,
                    "ownerRoleDescription": "SOFFID Administrator",
                    "roleId": 391480,
                    "mandatory": false,
                    "enabled": true,
                    "ownerSystem": "soffid",
                    "system": "ad",
                    "meta": {
                        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleGrant/501481",
                        "resourceType": "RoleGrant"
                    },
                    "schemas": [
                        "urn:soffid:com.soffid.iam.api.RoleGrant"
                    ],
                    "roleName": "Group Policy Creator Owners",
                    "hasDomain": false,
                    "id": 501481,
                    "ownerRoleName": "SOFFID_ADMIN",
                    "roleDescription": "Members in this group can modify group policy for the domain",
                    "status": "A"
                }
            ],
            "description": "SOFFID Administrator",
            "granteeGroups": [
                {
                    "system": "soffid",
                    "informationSystem": "Operation/Business 2/SOFFID",
                    "roleId": 63,
                    "meta": {
                        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleGrant/503848",
                        "resourceType": "RoleGrant"
                    },
                    "schemas": [
                        "urn:soffid:com.soffid.iam.api.RoleGrant"
                    ],
                    "roleName": "SOFFID_ADMIN",
                    "ownerGroup": "admingroup",
                    "hasDomain": false,
                    "id": 503848,
                    "roleDescription": "SOFFID Administrator",
                    "mandatory": true,
                    "enabled": true
                }
            ],
            "informationSystemName": "Operation/Business 2/SOFFID",
            "password": false,
            "system": "soffid",
            "ownerGroups": [
                {
                    "organizational": false,
                    "meta": {
                        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Group/91",
                        "resourceType": "Group"
                    },
                    "quota": "0",
                    "schemas": [
                        "urn:soffid:com.soffid.iam.api.Group"
                    ],
                    "name": "admingroup",
                    "obsolete": false,
                    "description": "Enterprise Administrators Group",
                    "parentGroup": "enterprise",
                    "attributes": {},
                    "id": 91
                }
            ],
            "ownerRoles": [
                {
                    "informationSystem": "Operation/Business 2/SOFFID",
                    "ownerRole": 392727,
                    "ownerRoleDescription": "Business Services",
                    "roleId": 63,
                    "mandatory": true,
                    "enabled": true,
                    "ownerSystem": "ad",
                    "system": "soffid",
                    "meta": {
                        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleGrant/501606",
                        "resourceType": "RoleGrant"
                    },
                    "schemas": [
                        "urn:soffid:com.soffid.iam.api.RoleGrant"
                    ],
                    "roleName": "SOFFID_ADMIN",
                    "hasDomain": false,
                    "id": 501606,
                    "ownerRoleName": "share-15000",
                    "roleDescription": "SOFFID Administrator",
                    "status": "A"
                }
            ],
            "bpmEnabled": true,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role/63",
                "resourceType": "Role"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Role"
            ],
            "name": "SOFFID_ADMIN",
            "approvalStart": "2021-02-26 13:19:36",
            "attributes": {},
            "id": 63,
            "enableByDefault": true
        },
        {
            "ownedRoles": [],
            "description": "Soffid vault owner",
            "granteeGroups": [],
            "informationSystemName": "Operation/Business 2/SOFFID",
            "password": false,
            "system": "soffid",
            "ownerGroups": [],
            "ownerRoles": [],
            "bpmEnabled": true,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role/790961",
                "resourceType": "Role"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Role"
            ],
            "name": "SOFFID_OWNER",
            "attributes": {},
            "id": 790961,
            "enableByDefault": false
        },
      .............
    ]
}

List by filter

List all roles with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Role?filter=ownerRoles.name eq SOFFID_ADMIN
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 4,
    "startIndex": 1,
    "Resources": [
        {
            "ownedRoles": [],
            "description": "Accounting Manager",
            "granteeGroups": [],
            "informationSystemName": "Operation/Business 2/SOFFID",
            "password": false,
            "system": "ad",
            "ownerGroups": [],
            "ownerRoles": [
                {
                    "informationSystem": "Operation/Business 2/SOFFID",
                    "ownerRole": 63,
                    "ownerRoleDescription": "SOFFID Administrator",
                    "roleId": 393447,
                    "mandatory": true,
                    "enabled": true,
                    "ownerSystem": "soffid",
                    "system": "ad",
                    "meta": {
                        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleGrant/501188",
                        "resourceType": "RoleGrant"
                    },
                    "schemas": [
                        "urn:soffid:com.soffid.iam.api.RoleGrant"
                    ],
                    "roleName": "accounting_mgr",
                    "hasDomain": false,
                    "id": 501188,
                    "ownerRoleName": "SOFFID_ADMIN",
                    "roleDescription": "Accounting Manager",
                    "status": "A"
                }
            ],
            "bpmEnabled": true,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role/393447",
                "resourceType": "Role"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Role"
            ],
            "name": "accounting_mgr",
            "attributes": {},
            "id": 393447,
            "enableByDefault": false
        },
        {
            "ownedRoles": [],
            "description": "Members in this group can modify group policy for the domain",
            "granteeGroups": [],
            "informationSystemName": "Operation/Business process/ad",
            "password": false,
            "system": "ad",
            "ownerGroups": [],
            "ownerRoles": [
                {
                    "informationSystem": "Operation/Business process/ad",
                    "ownerRole": 63,
                    "ownerRoleDescription": "SOFFID Administrator",
                    "roleId": 391480,
                    "mandatory": false,
                    "enabled": true,
                    "ownerSystem": "soffid",
                    "system": "ad",
                    "meta": {
                        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleGrant/501481",
                        "resourceType": "RoleGrant"
                    },
                    "schemas": [
                        "urn:soffid:com.soffid.iam.api.RoleGrant"
                    ],
                    "roleName": "Group Policy Creator Owners",
                    "hasDomain": false,
                    "id": 501481,
                    "ownerRoleName": "SOFFID_ADMIN",
                    "roleDescription": "Members in this group can modify group policy for the domain",
                    "status": "A"
                }
            ],
            "bpmEnabled": false,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role/391480",
                "resourceType": "Role"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Role"
            ],
            "name": "Group Policy Creator Owners",
            "attributes": {},
            "id": 391480,
            "enableByDefault": false
        },
      .............
    ]
}

Query by id

Query a role by its id (primary key). 

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Role/393195
Response 200 OK
{
    "approvalEnd": "2021-02-04 15:39:05",
    "ownedRoles": [],
    "description": "AD role",
    "granteeGroups": [],
    "informationSystemName": "Operation/Business process/ad",
    "password": false,
    "system": "ad",
    "ownerGroups": [],
    "ownerRoles": [
        {
            "informationSystem": "Operation/Business process/ad",
            "ownerRole": 63,
            "ownerRoleDescription": "SOFFID Administrator",
            "roleId": 393195,
            "mandatory": true,
            "enabled": true,
            "ownerSystem": "soffid",
            "system": "ad",
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleGrant/1563461",
                "resourceType": "RoleGrant"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.RoleGrant"
            ],
            "roleName": "AD role",
            "hasDomain": false,
            "id": 1563461,
            "ownerRoleName": "SOFFID_ADMIN",
            "roleDescription": "AD role",
            "status": "A"
        }
    ],
    "bpmEnabled": true,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role/393195",
        "resourceType": "Role"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Role"
    ],
    "name": "AD role",
    "approvalStart": "2021-02-04 15:39:05",
    "attributes": {},
    "id": 393195,
    "enableByDefault": false
}

Create

Request

POST http://<your-domain>/soffid/webservice/scim2/v1/Role

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Role"
    ],
    "name": "App Billing Role",
    "description": "Role Admin for Billing application",
    "informationSystemName": "Operation/Business 2/App Billing",
    "system": "test",
    "password": false,
    "bpmEnabled": false,
    "enableByDefault": false,
    "granteeGroups": [],
    "ownedRoles": [],
    "ownerGroups": [],
    "ownerRoles": []
}
Response 201 Created
{
    "ownedRoles": [],
    "description": "Role Admin for Billing application",
    "granteeGroups": [],
    "informationSystemName": "Operation/Business 2/App Billing",
    "password": false,
    "system": "test",
    "ownerGroups": [],
    "ownerRoles": [],
    "bpmEnabled": false,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role/1976590",
        "resourceType": "Role"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Role"
    ],
    "name": "App Billing Role",
    "attributes": {},
    "id": 1976590,
    "enableByDefault": false
}

Update partial

Only attributes with changes will be updated, the other will maintain the same value.

Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/Role/1976590

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Role"
    ],
    "Operations": [
        {
            "op": "replace",
            "path": "system",
            "value": "soffid"
        }
    ]
}
Response 200 OK
{
    "ownedRoles": [],
    "description": "Role Admin for Billing application",
    "granteeGroups": [],
    "informationSystemName": "Operation/Business 2/App Billing",
    "password": false,
    "system": "soffid",
    "ownerGroups": [],
    "ownerRoles": [],
    "bpmEnabled": false,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role/1976590",
        "resourceType": "Role"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Role"
    ],
    "name": "App Billing Role",
    "attributes": {},
    "id": 1976590,
    "enableByDefault": false
}

Update all

This operation replaces all values in the roole.

Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/Role/1976590

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Role"
    ],
    "id": 1976590,
    "name": "App Billing",
    "description": "Role Admin for Billing application",
    "informationSystemName": "Operation/Business 2/App Billing",
    "system": "test",
    "password": false,
    "bpmEnabled": false,
    "enableByDefault": false,
    "granteeGroups": [],
    "ownedRoles": [],
    "ownerGroups": [],
    "ownerRoles": []
}
Response 200 OK
{
    "ownedRoles": [],
    "description": "Role Admin for Billing application",
    "granteeGroups": [],
    "informationSystemName": "Operation/Business 2/App Billing",
    "password": false,
    "system": "test",
    "ownerGroups": [],
    "ownerRoles": [],
    "bpmEnabled": false,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Role/1976590",
        "resourceType": "Role"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Role"
    ],
    "name": "App Billing",
    "attributes": {},
    "id": 1976590,
    "enableByDefault": false
}

Delete

Please note after this delete, the role has to be created again to use it in the next examples.

Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/Role/1976590
Response 204 No Content
204 No Content

 

Error response

For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response

Notes

Note: use of roles with domain values

In case of granting roles with domain values, the optional attribute domain value contains the value for that domain. Here is a sample account with permissions for the role SOFFID_OU_DOMAIN and domains D2 and enterprise:

{
            "grantedRoles": [],
            "roles": [
                {
                    "informationSystemName": "SOFFID",
                    "roleName": "SOFFID_OU_MANAGER",
                    "id": 2236442,
                    "roleDescription": "Business unit manager",
                    "domainValue": "D2"
                },
                {
                    "informationSystemName": "SOFFID",
                    "roleName": "SOFFID_OU_MANAGER",
                    "id": 2236447,
                    "roleDescription": "Business unit manager",
                    "domainValue": "enterprise"
                }
            ],
            "description": "faith - faith MUYOYO",
            "type": {
                "value": "U"
            },
            "lastUpdated": "2019-07-16T10:35:01+02:00",
            "ownerGroups": [],
            "inheritNewPermissions": false,
            "disabled": false,
            "id": 1727122,
            "grantedGroups": [],
            "managerGroups": [],
            "passwordPolicy": "I",
            "managerRoles": [],
            "created": "2019-07-16T10:26:16+02:00",
            "system": "soffid",
            "ownerRoles": [],
            "meta": {
                "location": "http://bubu-thinkpad:8080/soffid/webservice/scim/Account/1727122",
                "resourceType": "Account"
            },
            "name": "faith",
            "managerUsers": [],
            "attributes": {},
            "grantedUsers": [],
            "ownerUsers": [
                {
                    "lastName": "Smith",
                    "createdByUser": "csv",
                    "mailServer": "null",
                    "nationalID": "",
                    "multiSession": false,
                    "modifiedByUser": "admin",
                    "id": 1727113,
                    "homeServer": "null",
                    "primaryGroupDescription": "Entrprise",
                    "primaryGroup": "enterprise",
                    "comments": "Loaded from CSV file on Mon Aug 05 22:00:00 CEST 2019",
                    "profileServer": "null",
                    "active": true,
                    "fullName": "faith MUYOYO",
                    "userName": "faith",
                    "mailAlias": "",
                    "firstName": "faith",
                    "createdDate": "2019-07-16T10:26:16+02:00",
                    "phoneNumber": "",
                    "modifiedDate": "2019-12-12T17:06:42+01:00",
                    "userType": "I"
                }
            ]
        }

Notes about role domains

By default, roles have no security domain (sometimes referred to as scope).  When a security domain is assigned to a role, each account-role object is tagged with the proper security domain value. It is allowed to assign one role multiple times to the same user, as long as each assignment is tagged with a different security domain value. For instance, one can create the SOFFID_OU_MANAGER role bound to the GROUPS security domain. Then, you can assign the role SOFFID_OU_MANAGER/Group1 to any user.

Four kind of security domains are available:

To set or modify the role domain for a role, one can use  the "domain" attribute. This attribute is a complex object composed of a name and a description. Only the name is mandatory.

Notes about role inheritance

Role inheritance is driven by the ownedRoles, ownerRoles and ownedGroups. Each of these attributes is an array of grants. Each grant has the following attributes:

The role inheritance can vary slightly depending on whether the owned role and the owner role are in the same domain or not:

Resulting domain value
Owner role has no domain
Owner role has a different domain
Same domain
Domain value not specified Blank Blank Owner role domain value
Domain value specified Specified value Specified value Specified value

 

SCIM full examples

SCIM Group type examples

Operations

This page shows the operations that can be performed for the Group Type object

List all

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/OUType
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 2,
    "startIndex": 1,
    "Resources": [
        {
            "roleHolder": false,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OUType/504761",
                "resourceType": "OUType"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.OUType"
            ],
            "name": "CC",
            "description": "Cost Center",
            "id": 504761
        },
        {
            "roleHolder": false,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OUType/504762",
                "resourceType": "OUType"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.OUType"
            ],
            "name": "PC",
            "description": "Productive center",
            "id": 504762
        }
    ]
}

List by filter

List all group types with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/OUType?filter=description co Cost
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 1,
    "startIndex": 1,
    "Resources": [
        {
            "roleHolder": false,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OUType/504761",
                "resourceType": "OUType"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.OUType"
            ],
            "name": "CC",
            "description": "Cost Center",
            "id": 504761
        }
    ]
}

Query by id

Query a group type by its id (primary key). 

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/OUType/504761
Response 200 OK
{
    "roleHolder": false,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OUType/504761",
        "resourceType": "OUType"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.OUType"
    ],
    "name": "CC",
    "description": "Cost Center",
    "id": 504761
}

Create

Request

POST http://<your-domain>/soffid/webservice/scim2/v1/OUType

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Role"
    ],
    "name": "App Billing Role",
    "description": "Role Admin for Billing application",
    "informationSystemName": "Operation/Business 2/App Billing",
    "system": "test",
    "password": false,
    "bpmEnabled": false,
    "enableByDefault": false,
    "granteeGroups": [],
    "ownedRoles": [],
    "ownerGroups": [],
    "ownerRoles": []
}
Response 201 Created
{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.OUType"
    ],
    "name": "NewOU",
    "description": "New OU"
}

Update partial

Only attributes with changes will be updated, the other will maintain the same value.

Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/OUType/1976710

JSON

{
    "Operations": [
        {
            "op": "replace",
            "path": "name",
            "value": "OU"
        }
    ]
}
Response 200 OK
{
    "roleHolder": false,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OUType/1976710",
        "resourceType": "OUType"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.OUType"
    ],
    "name": "OU",
    "description": "New OU",
    "id": 1976710
}

Update all

This operation replaces all values in the roole.

Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/Role/1976590

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.OUType"
    ],
    "id": 1976710,
    "name": "ChangeOU"
}
Response 200 OK
{
    "roleHolder": false,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OUType/1976710",
        "resourceType": "OUType"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.OUType"
    ],
    "name": "ChangeOU",
    "id": 1976710
}

Delete

Please note after this delete, the group type has to be created again to use it in the next examples.

Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/OUType/1976710
Response 204 No Content
204 No Content

Error response

For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response

 

SCIM full examples

SCIM User type examples

Operations

This page shows the operations that can be performed for the user type object

List all

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/UserType
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 3,
    "startIndex": 1,
    "Resources": [
        {
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/UserType/29",
                "resourceType": "UserType"
            },
            "unmanaged": false,
            "schemas": [
                "urn:soffid:com.soffid.iam.api.UserType"
            ],
            "name": "S",
            "description": "SSO account (USE IT)",
            "id": 29
        },
        {
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/UserType/31",
                "resourceType": "UserType"
            },
            "unmanaged": false,
            "schemas": [
                "urn:soffid:com.soffid.iam.api.UserType"
            ],
            "name": "E",
            "description": "External user",
            "id": 31
        },
        {
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/UserType/33",
                "resourceType": "UserType"
            },
            "unmanaged": false,
            "schemas": [
                "urn:soffid:com.soffid.iam.api.UserType"
            ],
            "name": "I",
            "description": "Internal user",
            "id": 33
        }
    ]
}

List by filter

List all user types with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/UserType?filter=description co sso
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 1,
    "startIndex": 1,
    "Resources": [
        {
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/UserType/29",
                "resourceType": "UserType"
            },
            "unmanaged": false,
            "schemas": [
                "urn:soffid:com.soffid.iam.api.UserType"
            ],
            "name": "S",
            "description": "SSO account (USE IT)",
            "id": 29
        }
    ]
}

Query by id

Query a user type by its id (primary key). 

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/UserType/33
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/UserType/33",
        "resourceType": "UserType"
    },
    "unmanaged": false,
    "schemas": [
        "urn:soffid:com.soffid.iam.api.UserType"
    ],
    "name": "I",
    "description": "Internal user",
    "id": 33
}

Create

Request

POST http://<your-domain>/soffid/webservice/scim2/v1/UserType

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.UserType"
    ],
    "name": "O",
    "description": "Other user",
    "unmanaged": false
}
Response 201 Created
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/UserType/1976718",
        "resourceType": "UserType"
    },
    "unmanaged": false,
    "schemas": [
        "urn:soffid:com.soffid.iam.api.UserType"
    ],
    "name": "O",
    "description": "Other user",
    "id": 1976718
}

Update partial

Only attributes with changes will be updated, the other will maintain the same value.

Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/UserType/1976718

JSON

{
    "Operations": [
        {
            "op": "replace",
            "path": "name",
            "value": "OT"
        }
    ]
}
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/UserType/1976718",
        "resourceType": "UserType"
    },
    "unmanaged": false,
    "schemas": [
        "urn:soffid:com.soffid.iam.api.UserType"
    ],
    "name": "OT",
    "description": "Other user",
    "id": 1976718
}

Update all

This operation replaces all values in the roole.

Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/UserType/1976718

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.OUType"
    ],
    "id": 1975535,
    "name": "OY"
}
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/UserType/1976718",
        "resourceType": "UserType"
    },
    "unmanaged": false,
    "schemas": [
        "urn:soffid:com.soffid.iam.api.UserType"
    ],
    "name": "OY",
    "id": 1976718
}

Delete

Please note after this delete, the user type has to be created again to use it in the next examples.

Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/UserType/1976718
Response 204 No Content
204 No Content

Error response

For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response

 

SCIM full examples

SCIM GroupUser examples

Operations

This page shows the operations that can be performed for the object that establishes the relationship between groups and users. You can add, delete and or modify users in a group.

List all

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/GroupUser
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 25,
    "startIndex": 1,
    "Resources": [
        {
            "groupDescription": "Enterprise",
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/480412",
                "resourceType": "GroupUser"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.GroupUser"
            ],
            "start": "2020-07-02 12:14:48",
            "fullName": "test User",
            "disabled": false,
            "attributes": {},
            "id": 480412,
            "user": "test2",
            "primaryGroup": false,
            "group": "enterprise"
        },
        {
            "groupDescription": "World Modified",
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/503629",
                "resourceType": "GroupUser"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.GroupUser"
            ],
            "start": "2020-08-06 15:52:12",
            "fullName": "test User",
            "end": "2021-02-26 13:05:44",
            "disabled": true,
            "attributes": {},
            "id": 503629,
            "user": "test2",
            "primaryGroup": false,
            "group": "world2"
        },
        {
            "groupDescription": "Enterprise Administrators Group",
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/1182887",
                "resourceType": "GroupUser"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.GroupUser"
            ],
            "start": "2020-12-31 16:48:58",
            "fullName": "John Smith",
            "disabled": false,
            "attributes": {
                "comments": "This is a test",
                "startDate": "2021-01-01 00:00:00"
            },
            "id": 1182887,
            "user": "jsmith",
            "primaryGroup": false,
            "group": "admingroup"
        },
      ...........
    ]
}

List by filter

List all GroupUsers with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/GroupUser?filter=groupDescription eq  "Help desk support team"
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 15,
    "startIndex": 1,
    "Resources": [
        {
            "groupDescription": "Help desk support team",
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/1519688",
                "resourceType": "GroupUser"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.GroupUser"
            ],
            "start": "2021-02-20 17:59:15",
            "fullName": "Dilbert ADAMS .",
            "end": "2021-03-12 10:38:42",
            "disabled": true,
            "attributes": {
                "comments": "Comments",
                "startDate": "2021-02-20 00:00:00"
            },
            "id": 1519688,
            "user": "dilbert",
            "primaryGroup": false,
            "group": "it"
        },
        {
            "groupDescription": "Help desk support team",
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/1974296",
                "resourceType": "GroupUser"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.GroupUser"
            ],
            "start": "2021-05-05 12:49:51",
            "fullName": "John Smith",
            "disabled": false,
            "attributes": {
                "startDate": "2021-05-04 00:00:00"
            },
            "id": 1974296,
            "user": "jsmith",
            "primaryGroup": false,
            "group": "it"
        },
      ...............
    ]
}

Query by id

Query a GroupUser by its id (primary key). 

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/GroupUser/1974296
Response 200 OK
{
    "groupDescription": "Help desk support team",
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/1974296",
        "resourceType": "GroupUser"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.GroupUser"
    ],
    "start": "2021-05-05 12:49:51",
    "fullName": "John Smith",
    "disabled": false,
    "attributes": {
        "startDate": "2021-05-04 00:00:00"
    },
    "id": 1974296,
    "user": "jsmith",
    "primaryGroup": false,
    "group": "it"
}

Create

This option allows you to add a user to a specific group.

Request

POST http://<your-domain>/soffid/webservice/scim2/v1/GroupUser

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.GroupUser"
    ],
    "group": "it",
    "groupDescription": "Help desk support team",
    "user": "ckelp",
    "fullName": "Casey Kelp",
    "primaryGroup": true,
    "attributes": {}
}
Response 201 Created
{
    "groupDescription": "Help desk support team",
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/1976741",
        "resourceType": "GroupUser"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.GroupUser"
    ],
    "start": "2021-05-11 10:39:23",
    "fullName": "Casey Kelp",
    "disabled": false,
    "attributes": {},
    "id": 1976741,
    "user": "ckelp",
    "primaryGroup": true,
    "group": "it"
}

Update partial

Only attributes with changes will be updated, the other will maintain the same value.

Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/GroupUser/1976741

JSON

{
    "Operations": [
        {
            "op": "replace",
            "path": "groupDescription",
            "value": "Enterprise engineering team"
        },
        {
            "op": "replace",
            "path": "group",
            "value": "EngineeringTeam"
        }
    ]
}
Response 200 OK
{
    "groupDescription": "Enterprise engineering team",
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/1976741",
        "resourceType": "GroupUser"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.GroupUser"
    ],
    "start": "2021-05-11 10:39:23",
    "fullName": "Casey Kelp",
    "disabled": false,
    "attributes": {},
    "id": 1976741,
    "user": "ckelp",
    "primaryGroup": true,
    "group": "EngineeringTeam"
}

Update all

This operation replaces all values in the GroupUser.

Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/GroupUser/1976741

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.GroupUser"
    ],
    "id": 1976741,
    "group": "it",
    "groupDescription": "Help desk support team",
     "user": "ckelp",
    "fullName": "Casey Kelp",
    "primaryGroup": true,
    "attributes": {}
}
Response 200 OK
{
    "groupDescription": "Help desk support team",
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/GroupUser/1976741",
        "resourceType": "GroupUser"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.GroupUser"
    ],
    "fullName": "Casey Kelp",
    "disabled": false,
    "attributes": {},
    "id": 1976741,
    "user": "ckelp",
    "primaryGroup": true,
    "group": "it"
}

Delete

This option allows you to remove a user from a specific group.

Please note after this delete, the group user has to be created again to use it in the next examples.

Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/GroupUser/1976741
Response 204 No Content
204 No Content

Error response

For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response

 

SCIM full examples

SCIM RoleAccount examples

Operations

This page shows the operations that can be performed for the object that establishes the relationship between roles and accounts. You can assign, revoke and or modify roles to an account.

List all

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/RoleAccount
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 3530,
    "startIndex": 1,
    "itemsPerPage": 100,
    "Resources": [
        {
            "certificationDate": "2020-02-13 23:01:44",
            "accountSystem": "soffid",
            "accountName": "admin",
            "userGroupCode": "admingroup",
            "approvalPending": false,
            "userFullName": "Soffid Administrator",
            "bpmEnforced": "S",
            "userCode": "admin",
            "enabled": true,
            "accountId": 103,
            "informationSystemName": "Operation/Business 2/SOFFID",
            "system": "soffid",
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount/110",
                "resourceType": "RoleAccount"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.RoleAccount"
            ],
            "roleName": "SOFFID_ADMIN",
            "removalPending": false,
            "id": 110,
            "roleDescription": "SOFFID Administrator",
            "startDate": "2020-02-13 12:00:00"
        },
        {
            "certificationDate": "2020-12-15 10:48:44",
            "accountSystem": "soffid",
            "accountName": "admin",
            "userGroupCode": "admingroup",
            "approvalPending": false,
            "userFullName": "Soffid Administrator",
            "bpmEnforced": "N",
            "userCode": "admin",
            "ruleDescription": "Grants soffid user role to everyone",
            "enabled": true,
            "accountId": 103,
            "informationSystemName": "Operation/Business 2/SOFFID",
            "system": "soffid",
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount/1059370",
                "resourceType": "RoleAccount"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.RoleAccount"
            ],
            "roleName": "SOFFID_USER",
            "removalPending": false,
            "id": 1059370,
            "ruleId": 1059365,
            "roleDescription": "Soffid user",
            "startDate": "2020-12-15 00:00:00"
        },
      ................
    ]
}

List by filter

List all RoleAccounts with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.

Request
GET http://<your-domain>/soffid/soffid/webservice/scim2/v1/RoleAccount?filter=enabled eq true  and system eq soffid
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 67,
    "startIndex": 1,
    "Resources": [
        {
            "certificationDate": "2020-02-13 23:01:44",
            "accountSystem": "soffid",
            "accountName": "admin",
            "userGroupCode": "admingroup",
            "approvalPending": false,
            "userFullName": "Soffid Administrator",
            "bpmEnforced": "S",
            "userCode": "admin",
            "enabled": true,
            "accountId": 103,
            "informationSystemName": "Operation/Business 2/SOFFID",
            "system": "soffid",
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount/110",
                "resourceType": "RoleAccount"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.RoleAccount"
            ],
            "roleName": "SOFFID_ADMIN",
            "removalPending": false,
            "id": 110,
            "roleDescription": "SOFFID Administrator",
            "startDate": "2020-02-13 12:00:00"
        },
        {
            "certificationDate": "2020-12-13 19:30:51",
            "accountSystem": "soffid",
            "accountName": "gbuades",
            "userGroupCode": "enterprise",
            "approvalPending": false,
            "userFullName": "Gabriel Buades ..",
            "bpmEnforced": "S",
            "userCode": "gbuades",
            "enabled": true,
            "accountId": 1039860,
            "informationSystemName": "Operation/Business 2/SOFFID",
            "system": "soffid",
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount/1039866",
                "resourceType": "RoleAccount"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.RoleAccount"
            ],
            "roleName": "SOFFID_ADMIN",
            "removalPending": false,
            "id": 1039866,
            "roleDescription": "SOFFID Administrator",
            "startDate": "2020-12-13 12:00:00"
        },
      ...................
    ]
}

Query by id

Query a RoleAccount by its id (primary key). 

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/RoleAccount/110
Response 200 OK
{
    "certificationDate": "2020-02-13 23:01:44",
    "accountSystem": "soffid",
    "accountName": "admin",
    "userGroupCode": "admingroup",
    "approvalPending": false,
    "userFullName": "Soffid Administrator",
    "bpmEnforced": "S",
    "userCode": "admin",
    "enabled": true,
    "accountId": 103,
    "informationSystemName": "Operation/Business 2/SOFFID",
    "system": "soffid",
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount/110",
        "resourceType": "RoleAccount"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.RoleAccount"
    ],
    "roleName": "SOFFID_ADMIN",
    "removalPending": false,
    "id": 110,
    "roleDescription": "SOFFID Administrator",
    "startDate": "2020-02-13 12:00:00"
}

Create

This option allows you to assign a role to a specific account.

Request

POST http://<your-domain>/soffid/webservice/scim2/v1/RoleAccount

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.RoleAccount"
    ],
    "accountName": "ckelp",
    "userFullName": "Casey Kelp",
    "informationSystemName": "Operation/Business 2/SOFFID",
    "system": "soffid",
    "roleName": "SOFFID_ADMIN",
    "roleDescription": "SOFFID Administrator",
    "bpmEnforced": "N",
    "enabled": true,
    "approvalPending": false,
    "certificationDate": "2021-05-10 12:00:00",
    "startDate": "2021-05-10 12:00:00"
}
Response 201 Created
{
    "certificationDate": "2021-05-12 07:20:36",
    "accountSystem": "soffid",
    "accountName": "ckelp",
    "userGroupCode": "it",
    "approvalPending": false,
    "userFullName": "Casey Kelp",
    "bpmEnforced": "S",
    "userCode": "ckelp",
    "enabled": true,
    "accountId": 1976677,
    "informationSystemName": "Operation/Business 2/SOFFID",
    "system": "soffid",
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount/1976862",
        "resourceType": "RoleAccount"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.RoleAccount"
    ],
    "roleName": "SOFFID_ADMIN",
    "removalPending": false,
    "id": 1976862,
    "roleDescription": "SOFFID Administrator",
    "startDate": "2021-05-10 12:00:00"
}

Update partial 

Only attributes with changes will be updated, the other will maintain the same value.

In this case, only attributes "startDate" and "endDate" can be modified.

Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/RoleAccount/1976862

JSON

{
    "Operations": [
        {
            "op": "replace",
            "path": "startDate",
            "value": "2021-05-14 12:00:00"
        }
    ]
}
Response 200 OK
{
    "certificationDate": "2021-05-12 07:20:36",
    "accountSystem": "soffid",
    "accountName": "ckelp",
    "userGroupCode": "it",
    "approvalPending": false,
    "userFullName": "Casey Kelp",
    "bpmEnforced": "S",
    "userCode": "ckelp",
    "enabled": true,
    "accountId": 1976677,
    "informationSystemName": "Operation/Business 2/SOFFID",
    "system": "soffid",
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount/1976862",
        "resourceType": "RoleAccount"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.RoleAccount"
    ],
    "roleName": "SOFFID_ADMIN",
    "removalPending": false,
    "id": 1976862,
    "roleDescription": "SOFFID Administrator",
    "startDate": "2021-05-14 12:00:00"
}

Delete

This option allows you to revoke a role to a specific account.

If you have installed the User snapshot backup addon when you delete a RoleAccount, it will be disabled, but never deleted from the database. If you don not have installed the User snapshot backup addon, when you delete the RoleAccount, it will be deleted from the database.

Please note after this delete, the RoleAccount has to be created again to use it in the next examples.

Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/RoleAccount/1976862
Response 204 No Content
204 No Content

Error response

For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response

 

SCIM full examples

SCIM Host examples

Operations

This page shows the operations that can be performed for the host object.

List all

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Host
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 12,
    "startIndex": 1,
    "Resources": [
        {
            "serialNumber": "soffid.bubu.lab:192.168.133.1",
            "os": "ALT",
            "mail": false,
            "ip": "192.168.133.1",
            "dynamicIp": true,
            "description": "Autocreated on  12/13/20 6:49:34 PM",
            "office": false,
            "lastSeen": "2020-12-13 18:49:34",
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Host/1039055",
                "resourceType": "Host"
            },
            "networkCode": "internal",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Host"
            ],
            "name": "soffid.bubu.lab",
            "id": 1039055,
            "hostAlias": [],
            "printersServer": false
        },
        {
            "os": "ALT",
            "mail": false,
            "ip": "10.129.120.4",
            "dynamicIp": false,
            "description": "Discovered host iam.soffid.com",
            "office": false,
            "lastSeen": "2021-04-05 20:06:19",
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Host/1793093",
                "resourceType": "Host"
            },
            "networkCode": "lab1",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Host"
            ],
            "name": "iam.soffid.com",
            "id": 1793093,
            "hostAlias": [],
            "printersServer": false
        },
      ........
    ]
}

List by filter

List all Hosts with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Host?filter=os eq LIN and name co archiva
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 1,
    "startIndex": 1,
    "Resources": [
        {
            "os": "LIN",
            "mail": false,
            "ip": "10.129.120.2",
            "dynamicIp": false,
            "description": "Discovered host archiva.dev.lab",
            "office": false,
            "lastSeen": "2021-04-05 20:04:49",
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Host/1793026",
                "resourceType": "Host"
            },
            "networkCode": "lab1",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Host"
            ],
            "name": "archiva.dev.lab",
            "id": 1793026,
            "hostAlias": [],
            "printersServer": false
        }
    ]
}

Query by id

Query a Host by its id (primary key). 

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Host/1793093
Response 200 OK
{
    "os": "ALT",
    "mail": false,
    "ip": "10.129.120.4",
    "dynamicIp": false,
    "description": "Discovered host iam.soffid.com",
    "office": false,
    "lastSeen": "2021-04-05 20:06:19",
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Host/1793093",
        "resourceType": "Host"
    },
    "networkCode": "lab1",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Host"
    ],
    "name": "iam.soffid.com",
    "id": 1793093,
    "hostAlias": [],
    "printersServer": false
}

Create

Request

POST http://<your-domain>/soffid/webservice/scim2/v1/Host

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Host"
    ],
    "name": "billing.dev.lab",
    "description": "Host billing.dev.lab",
    "os": "LIN",
    "mail": false,
    "dynamicIp": false,
    "networkCode": "internal",
    "hostAlias": [
        "aliasHost_1",
        "aliasHost_2"
    ],
    "serialNumber": "123456789",
    "printersServer": false
}
Response 201 Created
{
    "serialNumber": "123456789",
    "os": "LIN",
    "mail": false,
    "dynamicIp": false,
    "description": "Host billing.dev.lab",
    "office": false,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Host/1976899",
        "resourceType": "Host"
    },
    "networkCode": "internal",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Host"
    ],
    "name": "billing.dev.lab",
    "id": 1976899,
    "hostAlias": [
      "aliasHost_1",
      "aliasHost_2"
    ],
    "printersServer": false
}

Update partial

Only attributes with changes will be updated, the other will maintain the same value.

Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/Host/1976899

JSON

{
    "Operations": [
        {
            "op": "replace",
            "path": "networkCode",
            "value": "Lab1"
        },
        {
            "op": "add",
            "path": "hostAlias",
            "value": [
                "aliasHost_3",
                "aliasHost_4"
            ]
        }
    ]
}
Response 200 OK
{
    "serialNumber": "123456789",
    "os": "LIN",
    "mail": false,
    "dynamicIp": false,
    "description": "Host billing.dev.lab",
    "office": false,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Host/1976899",
        "resourceType": "Host"
    },
    "networkCode": "Lab1",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Host"
    ],
    "name": "billing.dev.lab",
    "id": 1976899,
    "hostAlias": [
        "aliasHost_1",
        "aliasHost_2",
        "aliasHost_3",
        "aliasHost_4"
    ],
    "printersServer": false
}

Update all

This operation replaces all values in the Hosts.

Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/Host/1976899

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Host"
    ],
    "id": 1976899,
    "name": "billing.dev.lab",
    "description": "Host billing.dev.lab",
    "os": "LIN",
    "mail": false,
    "dynamicIp": false,
    "networkCode": "internal",   
    "printersServer": false
}
Response 200 OK
{
    "os": "LIN",
    "mail": false,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Host/1976899",
        "resourceType": "Host"
    },
    "networkCode": "internal",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Host"
    ],
    "name": "billing.dev.lab",
    "dynamicIp": false,
    "description": "Host billing.dev.lab",
    "id": 1976899,
    "hostAlias": [],
    "printersServer": false
}

Delete

Please note after this delete, the host has to be created again to use it in the next examples.

Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/Host/1976899
Response 204 No Content
204 No Content

Error response

For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response

 

SCIM full examples

SCIM MailDomain examples

Operations

This page shows the operations that can be performed for the MailDomain object.

List all

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/MailDomain
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 2,
    "startIndex": 1,
    "Resources": [
        {
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailDomain/523263",
                "resourceType": "MailDomain"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.MailDomain"
            ],
            "name": "soffid.com",
            "obsolete": false,
            "description": "Soffid",
            "id": 523263
        },
        {
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailDomain/523265",
                "resourceType": "MailDomain"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.MailDomain"
            ],
            "name": "soffid.org",
            "obsolete": false,
            "description": "Old Domain",
            "id": 523265
        }
    ]
}

List by filter

List all Mail domain with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/MailDomain?filter=obsolete eq false and description co old
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 1,
    "startIndex": 1,
    "Resources": [
        {
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailDomain/523265",
                "resourceType": "MailDomain"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.MailDomain"
            ],
            "name": "soffid.org",
            "obsolete": false,
            "description": "Old Domain",
            "id": 523265
        }
    ]
}

Query by id

Query a Mail Domain by its id (primary key). 

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/MailDomain/523263
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailDomain/523263",
        "resourceType": "MailDomain"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.MailDomain"
    ],
    "name": "soffid.com",
    "obsolete": false,
    "description": "Soffid",
    "id": 523263
}

Create

Request

POST http://<your-domain>/soffid/webservice/scim2/v1/MailDomain

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.MailDomain"
    ],
    "name": "newdomain.com",
    "obsolete": false,
    "description": "New Domain"
}
Response 201 Created
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailDomain/1976941",
        "resourceType": "MailDomain"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.MailDomain"
    ],
    "name": "newdomain.com",
    "obsolete": false,
    "description": "New Domain",
    "id": 1976941
}

Update partial

Only attributes with changes will be updated, the other will maintain the same value.

Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/MailDomain/1976941

JSON

{
    "Operations": [
        {
            "op": "replace",
            "path": "description",
            "value": "New domain (xxx)"
        },
        {
            "op": "replace",
            "path": "obsolete",
            "value": "true"
        }
    ]
}
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailDomain/1976941",
        "resourceType": "MailDomain"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.MailDomain"
    ],
    "name": "newdomain.com",
    "obsolete": true,
    "description": "New domain (xxx)",
    "id": 1976941
}

Update all

This operation replaces all values in the Mail Domain.

Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/MailDomain/1976941

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.MailDomain"
    ],
    "id": 1976941,
    "name": "newdomain.com",
    "obsolete": false,
    "description": "New Domain"
}
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailDomain/1976941",
        "resourceType": "MailDomain"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.MailDomain"
    ],
    "name": "newdomain.com",
    "obsolete": false,
    "description": "New Domain",
    "id": 1976941
}

Delete

Please note after this delete, the mail domain has to be created again to use it in the next examples.

Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/MailDomain/1976941
Response 204 No Content
204 No Content

Error response

For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response

 

SCIM full examples

SCIM MailList examples

Operations

This page shows the operations that can be performed for the MailList object.

List all

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/MailList
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 3,
    "startIndex": 1,
    "Resources": [
        {
            "groupMembers": [],
            "usersList": [
                "admin",
                "test2"
            ],
            "description": "Test email",
            "externalList": [],
            "explodedUsersList": [
                "test2",
                "admin"
            ],
            "roleMembers": [],
            "lists": [
                "test@soffid.com"
            ],
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailList/524071",
                "resourceType": "MailList"
            },
            "domainName": "soffid.com",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.MailList"
            ],
            "name": "test",
            "attributes": {},
            "id": 524071,
            "listsBelong": "test@soffid.com"
        },
        {
            "groupMembers": [],
            "usersList": [],
            "externalList": [],
            "explodedUsersList": [],
            "roleMembers": [],
            "lists": [],
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailList/1976100",
                "resourceType": "MailList"
            },
            "domainName": "soffid.org",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.MailList"
            ],
            "name": "mailList",
            "attributes": {},
            "id": 1976100,
            "listsBelong": ""
        },
       ......
    ]
}

List by filter

List all MailList with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/MailList?filter=description co test
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 2,
    "startIndex": 1,
    "Resources": [
        {
            "groupMembers": [],
            "usersList": [
                "admin",
                "test2"
            ],
            "description": "Test email",
            "externalList": [],
            "explodedUsersList": [
                "test2",
                "admin"
            ],
            "roleMembers": [],
            "lists": [
                "test@soffid.com"
            ],
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailList/524071",
                "resourceType": "MailList"
            },
            "domainName": "soffid.com",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.MailList"
            ],
            "name": "test",
            "attributes": {},
            "id": 524071,
            "listsBelong": "test@soffid.com"
        },
        {
            "groupMembers": [],
            "usersList": [
                "dilbert",
                "admin"
            ],
            "description": "Test email mailList",
            "externalList": [],
            "explodedUsersList": [
                "dilbert",
                "admin"
            ],
            "roleMembers": [],
            "lists": [],
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailList/1976181",
                "resourceType": "MailList"
            },
            "domainName": "soffid.com",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.MailList"
            ],
            "name": "mailList2",
            "attributes": {},
            "id": 1976181,
            "listsBelong": ""
        }
    ]
}

Query by id

Query a MailList by its id (primary key). 

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/MailList/524071
Response 200 OK
{
    "groupMembers": [],
    "usersList": [
        "admin",
        "test2"
    ],
    "description": "Test email",
    "externalList": [],
    "explodedUsersList": [
        "test2",
        "admin"
    ],
    "roleMembers": [],
    "lists": [
        "test@soffid.com"
    ],
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailList/524071",
        "resourceType": "MailList"
    },
    "domainName": "soffid.com",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.MailList"
    ],
    "name": "test",
    "attributes": {},
    "id": 524071,
    "listsBelong": "test@soffid.com"
}

Create

Request

POST http://<your-domain>/soffid/webservice/scim2/v1/MailList

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.MailList"
    ],
    "name": "billingMailList",
    "domainName": "newdomain.com",
    "description": "Test email mailList",
    "usersList": [
        "admin",
        "dilbert"
    ]
}
Response 201 Created
{
    "groupMembers": [],
    "usersList": [
        "dilbert",
        "admin"
    ],
    "description": "Test email mailList",
    "externalList": [],
    "explodedUsersList": [
        "dilbert",
        "admin"
    ],
    "roleMembers": [],
    "lists": [],
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailList/1976957",
        "resourceType": "MailList"
    },
    "domainName": "newdomain.com",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.MailList"
    ],
    "name": "billingMailList",
    "attributes": {},
    "id": 1976957,
    "listsBelong": ""
}

Update partial

Only attributes with changes will be updated, the other will maintain the same value.

Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/GroupUser/1976741

JSON

{
    "Operations": [
        {
            "op": "remove",
            "path": "usersList",
            "value": [
                "admin",
                "dilbert"
            ]
        }
    ]
}
Response 200 OK
{
    "groupMembers": [],
    "description": "Test email mailList",
    "externalList": [],
    "explodedUsersList": [
        "dilbert",
        "admin"
    ],
    "roleMembers": [],
    "lists": [],
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailList/1976957",
        "resourceType": "MailList"
    },
    "domainName": "newdomain.com",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.MailList"
    ],
    "name": "billingMailList",
    "attributes": {},
    "id": 1976957,
    "listsBelong": ""
}

Update all

This operation replaces all values in the MailList.

Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/MailList/1976957

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.MailList"
    ],
    "id": 1976957,
    "name": "mailList",
    "domainName": "newdomain.com"
}
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/MailList/1976957",
        "resourceType": "MailList"
    },
    "domainName": "newdomain.com",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.MailList"
    ],
    "name": "mailList",
    "attributes": {},
    "id": 1976957
}

Delete

Please note after this delete, the mail list has to be created again to use it in the next examples.

Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/MailList/1976957
Response 204 No Content
204 No Content

Error response

For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response

 

SCIM full examples

SCIM Network examples

Operations

This page shows the operations that can be performed for the Network object.

List all

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Network
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 6,
    "startIndex": 1,
    "Resources": [
        {
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/67",
                "resourceType": "Network"
            },
            "ip": "127.0.0.0",
            "lanAccess": false,
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Network"
            ],
            "name": "loopback",
            "description": "Description",
            "id": 67,
            "mask": "255.255.255.128",
            "dhcpSupport": false
        },
        {
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/505167",
                "resourceType": "Network"
            },
            "ip": "172.0.0.0",
            "lanAccess": false,
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Network"
            ],
            "name": "int1",
            "description": "Internal network 1",
            "id": 505167,
            "mask": "255.240.0.0",
            "dhcpSupport": false
        },
      ...............
    ]
}

List by filter

List all Networks with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Network?filter=description co labora
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 3,
    "startIndex": 1,
    "Resources": [
        {
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/1790267",
                "resourceType": "Network"
            },
            "ip": "10.129.120.0",
            "lanAccess": false,
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Network"
            ],
            "name": "lab1",
            "description": "Laboratory network 1",
            "id": 1790267,
            "mask": "255.255.255.0",
            "dhcpSupport": false
        },
        {
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/1790319",
                "resourceType": "Network"
            },
            "ip": "10.129.121.0",
            "lanAccess": false,
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Network"
            ],
            "name": "lab2",
            "description": "Laboratory network 2",
            "id": 1790319,
            "mask": "255.255.255.0",
            "dhcpSupport": false
        },
        {
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/1858961",
                "resourceType": "Network"
            },
            "ip": "10.129.122.0",
            "lanAccess": true,
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Network"
            ],
            "name": "lab3",
            "description": "Laboratory network",
            "id": 1858961,
            "mask": "255.255.255.0",
            "dhcpSupport": false
        }
    ]
}

Query by id

Query a Network by its id (primary key). 

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Network/1038187
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/1038187",
        "resourceType": "Network"
    },
    "ip": "192.168.133.0",
    "lanAccess": true,
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Network"
    ],
    "name": "internal",
    "description": "Internal Network",
    "loginRestriction": false,
    "id": 1038187,
    "mask": "255.255.255.0",
    "dhcpSupport": true
}

Create

Request

POST http://<your-domain>/soffid/webservice/scim2/v1/Network

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Network"
    ],
    "name": "Laboratory",
    "description": "Laboratory Network",
    "ip": "192.168.123.0",
    "mask": "255.255.255.0",
    "loginRestriction": false,
    "lanAccess": true,
    "dhcpSupport": true
}
Response 201 Created
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/1977114",
        "resourceType": "Network"
    },
    "ip": "192.168.123.0",
    "lanAccess": true,
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Network"
    ],
    "name": "Laboratory",
    "description": "Laboratory Network",
    "loginRestriction": false,
    "id": 1977114,
    "mask": "255.255.255.0",
    "dhcpSupport": true
}

Update partial

Only attributes with changes will be updated, the other will maintain the same value.

Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/Network/1977114

JSON

{
    "Operations": [
        {
            "op": "replace",
            "path": "ip",
            "value": "192.168.125.0"
        }
    ]
}
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/1977114",
        "resourceType": "Network"
    },
    "ip": "192.168.123.0",
    "lanAccess": true,
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Network"
    ],
    "name": "Laboratory",
    "description": "Laboratory Network",
    "loginRestriction": false,
    "id": 1977114,
    "mask": "255.255.255.0",
    "dhcpSupport": true
}

Update all

This operation replaces all values in the Network.

Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/Network/1977114

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Network"
    ],
    "id": 1977114,
    "name": "Laboratory",
    "ip": "192.168.123.0",
    "mask": "255.255.255.0"
}
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Network/1977114",
        "resourceType": "Network"
    },
    "ip": "192.168.123.0",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Network"
    ],
    "name": "Laboratory",
    "id": 1977114,
    "mask": "255.255.255.0",
    "dhcpSupport": false
}

Delete

Please note after this delete, the network has to be created again to use it in the next examples.

Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/Network/1977114
Response 204 No Content
204 No Content

Error response

For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response

 

SCIM full examples

SCIM DomainValue examples

Operations

This page shows the operations that can be performed for the DomainValue object. The DomainValue is related to Information Systems.

Role scope or domains are properties that can be assigned to some entitlements, limiting the scope of that entitlement. This can be used to limit, for instance, the maximum amount allowed for a money transfer, or the commercial zones to manage.

List all

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/DomainValue
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 4,
    "startIndex": 1,
    "Resources": [
        {
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/DomainValue/499623",
                "resourceType": "DomainValue"
            },
            "domainName": "Zone",
            "externalCodeDomain": "Operation",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.DomainValue"
            ],
            "description": "Twenty",
            "id": 499623,
            "value": "20"
        },
        {
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/DomainValue/499629",
                "resourceType": "DomainValue"
            },
            "domainName": "Zone",
            "externalCodeDomain": "Operation",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.DomainValue"
            ],
            "description": "Eleven",
            "id": 499629,
            "value": "10"
        },
      .............
    ]
}

List by filter

List all DomainValues with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.

Request

 

GET http://<your-domain>/soffid/webservice/scim2/v1/DomainValue?filter=description co Tw
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 1,
    "startIndex": 1,
    "Resources": [
        {
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/DomainValue/499623",
                "resourceType": "DomainValue"
            },
            "domainName": "Zone",
            "externalCodeDomain": "Operation",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.DomainValue"
            ],
            "description": "Twenty",
            "id": 499623,
            "value": "20"
        }
    ]
}

Query by id

Query a DomainValue by its id (primary key). 

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/DomainValue/802012
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/DomainValue/802012",
        "resourceType": "DomainValue"
    },
    "domainName": "Company",
    "externalCodeDomain": "Operation/Business 2/SOFFID",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.DomainValue"
    ],
    "description": "Soffid",
    "id": 802012,
    "value": "Soffid"
}

Create

Request

POST http://<your-domain>/soffid/webservice/scim2/v1/DomainValue

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.DomainValue"
    ],
    "domainName": "Company",
    "externalCodeDomain": "Operation/Business 2/SOFFID",
    "description": "bubble",
    "value": "bubble"
}
Response 201 Created
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/DomainValue/1977131",
        "resourceType": "DomainValue"
    },
    "domainName": "Company",
    "externalCodeDomain": "Operation/Business 2/SOFFID",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.DomainValue"
    ],
    "description": "bubble",
    "id": 1977131,
    "value": "bubble"
}

Update partial

Only attributes with changes will be updated, the other will maintain the same value.

Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/GroupUser/1976741

JSON

{
    "Operations": [
        {
            "op": "replace",
            "path": "description",
            "value": "Bubble description"
        }
    ]
}
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/DomainValue/1977131",
        "resourceType": "DomainValue"
    },
    "domainName": "Company",
    "externalCodeDomain": "Operation/Business 2/SOFFID",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.DomainValue"
    ],
    "description": "Bubble description",
    "id": 1977131,
    "value": "bubble"
}

Update all

This operation replaces all values in the DomainValue.

Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/DomainValue/1977131

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.GroupUser"
    ],
    "id": 1976741,
    "group": "it",
    "groupDescription": "Help desk support team",
    "user": "ckelp",
    "fullName": "Casey Kelp",
    "primaryGroup": true,
    "attributes": {}
}
Response 200 OK
{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.DomainValue"
    ],
    "id": 1977131,
    "domainName": "Company",
    "externalCodeDomain": "Operation/Business 2/SOFFID",
    "description": "New bubble",
    "value": "Newbubble"
}

Delete

Please note after this delete, the DomainValue has to be created again to use it in the next examples.

Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/DomainValue/1977131
Response 204 No Content
204 No Content

Error response

For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response

 

SCIM full examples

SCIM VaultFolder examples

Operations

This page shows the operations that can be performed for the VaultFolder object

List all

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/VaultFolder/
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 4,
    "startIndex": 1,
    "Resources": [
        {
            "grantedRoles": [],
            "accessLevel": "O",
            "managerRoles": [],
            "navigateUsers": [],
            "navigateRoles": [],
            "description": "Accounts that won't be shared",
            "personal": true,
            "ownerGroups": [],
            "ownerRoles": [],
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/VaultFolder/368461",
                "resourceType": "VaultFolder"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.VaultFolder"
            ],
            "name": "Personal accounts",
            "managerUsers": [],
            "navigateGroups": [],
            "id": 368461,
            "grantedGroups": [],
            "managerGroups": [],
            "grantedUsers": [],
            "ownerUsers": [
                "admin"
            ]
        },
        {
            "grantedRoles": [],
            "accessLevel": "O",
            "managerRoles": [],
            "navigateUsers": [
                "test2",
                "admin"
            ],
            "navigateRoles": [],
            "description": "Password vault",
            "personal": false,
            "ownerGroups": [],
            "ownerRoles": [],
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/VaultFolder/515461",
                "resourceType": "VaultFolder"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.VaultFolder"
            ],
            "name": "vault",
            "managerUsers": [],
            "navigateGroups": [],
            "id": 515461,
            "grantedGroups": [],
            "managerGroups": [],
            "grantedUsers": [],
            "ownerUsers": [
                "admin"
            ]
        },
      ............
    ]
}

List by filter

List all VaultFolders with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/VaultFolder/?filter=personal eq true
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 1,
    "startIndex": 1,
    "Resources": [
        {
            "grantedRoles": [],
            "accessLevel": "O",
            "managerRoles": [],
            "navigateUsers": [],
            "navigateRoles": [],
            "description": "Accounts that won't be shared",
            "personal": true,
            "ownerGroups": [],
            "ownerRoles": [],
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/VaultFolder/368461",
                "resourceType": "VaultFolder"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.VaultFolder"
            ],
            "name": "Personal accounts",
            "managerUsers": [],
            "navigateGroups": [],
            "id": 368461,
            "grantedGroups": [],
            "managerGroups": [],
            "grantedUsers": [],
            "ownerUsers": [
                "admin"
            ]
        }
    ]
}

Query by id

Query a VaultFolder by its id (primary key). 

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/VaultFolder/515461
Response 200 OK
{
    "grantedRoles": [],
    "accessLevel": "O",
    "managerRoles": [],
    "navigateUsers": [
        "test2",
        "admin"
    ],
    "navigateRoles": [],
    "description": "Password vault",
    "personal": false,
    "ownerGroups": [],
    "ownerRoles": [],
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/VaultFolder/515461",
        "resourceType": "VaultFolder"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.VaultFolder"
    ],
    "name": "vault",
    "managerUsers": [],
    "navigateGroups": [],
    "id": 515461,
    "grantedGroups": [],
    "managerGroups": [],
    "grantedUsers": [],
    "ownerUsers": [
        "admin"
    ]
}

Create

Request

POST http://<your-domain>/soffid/webservice/scim2/v1/VaultFolder

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.VaultFolder"
    ],
    "name": "Folder Billing",
    "description": "Folder Billing",
    "parentFolder": "vault",
    "parentId": 515461,
    "personal": false,
    "accessLevel": "M",
    "ownerUsers": [
        "admin"
    ],
    "navigateUsers": [
        "admin"
    ]
}
Response 201 Created
{
    "grantedRoles": [],
    "accessLevel": "O",
    "managerRoles": [],
    "navigateUsers": [
        "admin"
    ],
    "navigateRoles": [],
    "description": "Folder Billing",
    "personal": false,
    "parentId": 515461,
    "parentFolder": "vault",
    "ownerGroups": [],
    "ownerRoles": [],
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/VaultFolder/1977703",
        "resourceType": "VaultFolder"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.VaultFolder"
    ],
    "name": "Folder Billing",
    "managerUsers": [],
    "navigateGroups": [],
    "id": 1977703,
    "grantedGroups": [],
    "managerGroups": [],
    "grantedUsers": [],
    "ownerUsers": [
        "admin"
    ]
}

Update partial

Only attributes with changes will be updated, the other will maintain the same value.

Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/VaultFolder/1977703

JSON

{
    "Operations": [
        {
            "op": "replace",
            "path": "description",
            "value": "Vault folder billing"
        },
        {
            "op": "add",
            "path": "navigateUsers",
            "value": [
                "dilbert",
                "asea"
            ]
        }
    ]
}
Response 200 OK
{
    "grantedRoles": [],
    "accessLevel": "O",
    "managerRoles": [],
    "navigateUsers": [
        "asea",
        "dilbert",
        "admin"
    ],
    "navigateRoles": [],
    "description": "Vault folder billing",
    "personal": false,
    "parentId": 515461,
    "parentFolder": "vault",
    "ownerGroups": [],
    "ownerRoles": [],
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/VaultFolder/1977703",
        "resourceType": "VaultFolder"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.VaultFolder"
    ],
    "name": "Folder Billing",
    "managerUsers": [],
    "navigateGroups": [],
    "id": 1977703,
    "grantedGroups": [],
    "managerGroups": [],
    "grantedUsers": [],
    "ownerUsers": [
        "admin"
    ]
}

Update all

This operation replaces all values in the VaultFolder.

Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/VaultFolder/1977703

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.VaultFolder"
    ],
    "id": 1977703,
    "name": "Folder Billing",
    "description": "Folder Billing",
    "parentFolder": "vault",
    "parentId": 515461,
    "personal": false,
    "accessLevel": "M",
    "ownerUsers": [
        "admin"
    ]
}
Response 200 OK
{
    "grantedRoles": [],
    "accessLevel": "O",
    "managerRoles": [],
    "navigateUsers": [],
    "navigateRoles": [],
    "description": "Folder Billing",
    "personal": false,
    "parentId": 515461,
    "parentFolder": "vault",
    "ownerGroups": [],
    "ownerRoles": [],
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/VaultFolder/1977703",
        "resourceType": "VaultFolder"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.VaultFolder"
    ],
    "name": "Folder Billing",
    "managerUsers": [],
    "navigateGroups": [],
    "id": 1977703,
    "grantedGroups": [],
    "managerGroups": [],
    "grantedUsers": [],
    "ownerUsers": [
        "admin"
    ]
}

Delete

Please note after this delete, the VaultFolder has to be created again to use it in the next examples.

Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/VaultFolder/1977703
Response 204 No Content
204 No Content

Error response

For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response

 

SCIM full examples

SCIM System examples

Operations

This page shows the operations that can be performed for the Systems object (Agents).

List all

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/System
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 16,
    "startIndex": 1,
    "Resources": [
        {
            "accessControl": false,
            "usersDomain": "DEFAULT",
            "fullReconciliation": false,
            "authoritative": false,
            "description": "Soffid system",
            "groups": "",
            "threads": 1,
            "className": "- no class -",
            "userTypes": "I",
            "groupsList": [],
            "readOnly": false,
            "passwordsDomain": "DEFAULT",
            "timeStamp": "2020-04-18 19:32:37",
            "rolebased": true,
            "trusted": false,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/System/44",
                "resourceType": "System"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.System"
            ],
            "name": "soffid",
            "id": 44,
            "passwordsDomainId": 27,
            "tenant": "master",
            "generateTasksOnLoad": true
        },
        {
            "accessControl": false,
            "usersDomain": "DEFAULT",
            "fullReconciliation": false,
            "authoritative": false,
            "description": "External SSO accounts",
            "groups": "admingroup,enterprise",
            "threads": 1,
            "className": "com.soffid.iam.sync.sso.agent.SSOAgent",
            "userTypes": "S,I",
            "groupsList": [
                "admingroup",
                "enterprise"
            ],
            "readOnly": false,
            "url": "local",
            "passwordsDomain": "DEFAULT",
            "timeStamp": "2020-09-21 10:17:38",
            "rolebased": false,
            "trusted": false,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/System/47",
                "resourceType": "System"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.System"
            ],
            "name": "SSO",
            "id": 47,
            "manualAccountCreation": true,
            "passwordsDomainId": 27,
            "tenant": "master",
            "generateTasksOnLoad": true
        },
      ................
    ]
}

List by filter

List all Systems with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/System?filter=description co 10.129.
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 2,
    "startIndex": 1,
    "Resources": [
        {
            "accessControl": false,
            "description": "Discovered host 10.129.122.22",
            "className": "com.soffid.iam.sync.agent.SimpleSSHAgent",
            "userTypes": "",
            "passwordsDomain": "DEFAULT",
            "rolebased": false,
            "id": 1885153,
            "manualAccountCreation": true,
            "tenant": "master",
            "generateTasksOnLoad": false,
            "param7": "false",
            "usersDomain": "DEFAULT",
            "param6": "UTF-8",
            "fullReconciliation": true,
            "authoritative": false,
            "sharedDispatcher": true,
            "param0": "soffid",
            "groups": "",
            "threads": 1,
            "groupsList": [],
            "readOnly": false,
            "param3": "10.129.122.22",
            "param4": "true",
            "url": "local",
            "param2": "517y1hF40k4=",
            "timeStamp": "2021-04-23 12:23:15",
            "trusted": false,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/System/1885153",
                "resourceType": "System"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.System"
            ],
            "name": "10.129.122.22",
            "passwordsDomainId": 27
        },
        {
            "accessControl": false,
            "description": "Discovered host 10.129.122.25",
            "className": "com.soffid.iam.sync.agent.SimpleWindowsAgent",
            "userTypes": "",
            "passwordsDomain": "DEFAULT",
            "rolebased": false,
            "id": 1890334,
            "manualAccountCreation": true,
            "tenant": "master",
            "generateTasksOnLoad": false,
            "param7": "false",
            "usersDomain": "DEFAULT",
            "fullReconciliation": true,
            "authoritative": false,
            "sharedDispatcher": true,
            "param0": "Administrador",
            "groups": "",
            "threads": 1,
            "groupsList": [],
            "readOnly": false,
            "param3": "10.129.122.25",
            "param4": "true",
            "url": "local",
            "param2": "VFJV1pSRfE7s",
            "timeStamp": "2021-04-23 20:00:34",
            "trusted": false,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/System/1890334",
                "resourceType": "System"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.System"
            ],
            "name": "10.129.122.25",
            "passwordsDomainId": 27
        }
    ]
}

Query by id

Query a System by its id (primary key). 

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/System/389082
Response 200 OK
{
    "accessControl": true,
    "description": "Active Directory.",
    "className": "com.soffid.iam.sync.agent2.CustomizableActiveDirectoryAgent",
    "userTypes": "I",
    "passwordsDomain": "DEFAULT",
    "rolebased": true,
    "id": 389082,
    "manualAccountCreation": false,
    "tenant": "master",
    "generateTasksOnLoad": true,
    "param7": "true",
    "param8": "true",
    "usersDomain": "DEFAULT",
    "fullReconciliation": false,
    "authoritative": true,
    "sharedDispatcher": false,
    "param0": "ad.bubu.lab",
    "groups": "",
    "threads": 1,
    "groupsList": [],
    "readOnly": false,
    "param3": "C27Nv4vjbIsI",
    "url": "https://soffid.bubu.lab:1760/",
    "param1": "dc=ad,dc=bubu,dc=lab",
    "param2": "ad\\Administrator",
    "timeStamp": "2021-04-07 09:31:59",
    "trusted": true,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/System/389082",
        "resourceType": "System"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.System"
    ],
    "name": "ad",
    "passwordsDomainId": 27
}

Create

Request

POST http://<your-domain>/soffid/webservice/scim2/v1/System

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.System"
    ],
    "name": "SQLRRHH",
    "description": "SQL RRHH test",
    "className": "com.soffid.iam.sync.agent.SQLAgent2",
    "userTypes": "E,I",
    "passwordsDomain": "DEFAULT",
    "usersDomain": "DEFAULT"
}
Response 201 Created
{
    "accessControl": false,
    "usersDomain": "DEFAULT",
    "fullReconciliation": false,
    "authoritative": false,
    "description": "SQL RRHH test",
    "groups": "",
    "threads": 1,
    "className": "com.soffid.iam.sync.agent.SQLAgent2",
    "userTypes": "I,E",
    "groupsList": [],
    "readOnly": false,
    "passwordsDomain": "DEFAULT",
    "timeStamp": "2021-05-12 10:58:35",
    "rolebased": false,
    "trusted": false,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/System/1977157",
        "resourceType": "System"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.System"
    ],
    "name": "SQLRRHH",
    "id": 1977157,
    "passwordsDomainId": 27,
    "tenant": "master",
    "generateTasksOnLoad": false
}

Update partial

Only attributes with changes will be updated, the other will maintain the same value.

Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/System/1977157

JSON

{
    "Operations": [
        {
            "op": "replace",
            "path": "param0",
            "value": "user"
        },
        {
            "op": "replace",
            "path": "param1",
            "value": "password"
        },
        {
            "op": "replace",
            "path": "param2",
            "value": "jdbc:mysql://localhost/personal"
        }
    ]
}
Response 200 OK
{
    "accessControl": false,
    "description": "SQL RRHH test",
    "className": "com.soffid.iam.sync.agent.SQLAgent2",
    "userTypes": "I,E",
    "passwordsDomain": "DEFAULT",
    "rolebased": false,
    "id": 1977157,
    "tenant": "master",
    "generateTasksOnLoad": false,
    "usersDomain": "DEFAULT",
    "fullReconciliation": false,
    "authoritative": false,
    "param0": "user",
    "groups": "",
    "threads": 1,
    "groupsList": [],
    "readOnly": false,
    "param1": "password",
    "param2": "jdbc:mysql://localhost/personal",
    "timeStamp": "2021-05-12 10:59:44",
    "trusted": false,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/System/1977157",
        "resourceType": "System"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.System"
    ],
    "name": "SQLRRHH",
    "passwordsDomainId": 27
}

Update all

This operation replace all values in the System.

Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/System/1977157

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.System"
    ],
    "id": 1977157,
    "name": "SQLRRHH",
    "description": "SQL RRHH test",
    "className": "com.soffid.iam.sync.agent.SQLAgent2",
    "userTypes": "E,I",
    "passwordsDomain": "DEFAULT",
    "usersDomain": "DEFAULT"
}
Response 200 OK
{
    "accessControl": false,
    "usersDomain": "DEFAULT",
    "fullReconciliation": false,
    "authoritative": false,
    "description": "SQL RRHH test",
    "groups": "",
    "threads": 1,
    "className": "com.soffid.iam.sync.agent.SQLAgent2",
    "userTypes": "I,E",
    "groupsList": [],
    "readOnly": false,
    "passwordsDomain": "DEFAULT",
    "timeStamp": "2021-05-12 11:02:49",
    "rolebased": false,
    "trusted": false,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/System/1977157",
        "resourceType": "System"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.System"
    ],
    "name": "SQLRRHH",
    "id": 1977157,
    "passwordsDomainId": 27,
    "tenant": "master",
    "generateTasksOnLoad": false
}

Delete

Please note after this delete, the System has to be created again to use it in the next examples.

Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/System/1977157
Response 204 No Content
204 No Content

Error response

For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response

 

SCIM full examples

SCIM CustomObject examples

Operations

This page shows the operations that can be performed for the CustomObjects object

List all

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/CustomObject
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 6,
    "startIndex": 1,
    "Resources": [
        {
            "meta": {
                "location": "http://soffid.pat.lab:8080/webservice/scim2/v1/CustomObject/848157",
                "resourceType": "CustomObject"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.CustomObject"
            ],
            "name": "aa",
            "description": "aaa",
            "attributes": {
                "address": "2"
            },
            "id": 848157,
            "type": "building"
        },
        {
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/CustomObject/1510208",
                "resourceType": "CustomObject"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.CustomObject"
            ],
            "name": "ES",
            "description": "Spain",
            "attributes": {
                "language": "English"
            },
            "id": 1510208,
            "type": "country"
        },
      ..........
    ]
}

List by filter

List all CustomObjects with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/CustomObject?filter=description eq Spain
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 1,
    "startIndex": 1,
    "Resources": [
        {
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/CustomObject/1510208",
                "resourceType": "CustomObject"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.CustomObject"
            ],
            "name": "ES",
            "description": "Spain",
            "attributes": {
                "language": "English"
            },
            "id": 1510208,
            "type": "country"
        }
    ]
}

Query by id

Query a CustomObject by its id (primary key). 

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/CustomObject/848062
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/CustomObject/848062",
        "resourceType": "CustomObject"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.CustomObject"
    ],
    "name": "HQ",
    "description": "Headquarters",
    "attributes": {
        "address": "1"
    },
    "id": 848062,
    "type": "building"
}

Create

Request

POST http://<your-domain>/soffid/webservice/scim2/v1/CustomObject

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.CustomObject"
    ],
    "name": "IT",
    "description": "Italy",
    "type": "country",
    "attributes": {
        "language": "English"
    }
}
Response 201 Created
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/CustomObject/1977187",
        "resourceType": "CustomObject"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.CustomObject"
    ],
    "name": "IT",
    "description": "Italy",
    "attributes": {
        "language": "English"
    },
    "id": 1977187,
    "type": "country"
}

Update partial

Only attributes with changes will be updated, the other will maintain the same value.

Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/CustomObject/1977187

JSON

{
    "Operations": [
        {
            "op": "replace",
            "path": "attributes",
            "value": {
                "language": "German"
            }
        }
    ]
}
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/CustomObject/1977187",
        "resourceType": "CustomObject"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.CustomObject"
    ],
    "name": "IT",
    "description": "Italy",
    "attributes": {
        "language": "German"
    },
    "id": 1977187,
    "type": "country"
}

Update all

This operation replaces all values in the CustomObject.

Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/CustomObject/1977187

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.CustomObject"
    ],
    "id": 1977187,
    "name": "IT",
    "description": "Italy",
    "type": "country",
    "attributes": {
        "language": "English"
    }
}
Response 200 OK
{
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/CustomObject/1977187",
        "resourceType": "CustomObject"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.CustomObject"
    ],
    "name": "IT",
    "description": "Italy",
    "attributes": {
        "language": "English"
    },
    "id": 1977187,
    "type": "country"
}

Delete

Please note after this delete, the CustomObject has to be created again to use it in the next examples.

Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/CustomObject/1977187
Response 204 No Content
204 No Content

Error response

For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response

 

SCIM full examples

SCIM ProcessDefinition examples

Operations

This page shows the operations that can be performed for the ProcessDefinitions object

List all

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/ProcessDefinition
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 8,
    "startIndex": 1,
    "Resources": [
        {
            "author": "admin",
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessDefinition/1474063",
                "resourceType": "ProcessDefinition"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.bpm.api.ProcessDefinition"
            ],
            "name": "User registration",
            "deployed": "2021-02-11 16:42:08",
            "tag": "27",
            "id": 1474063,
            "version": 27,
            "enabled": true
        },
        {
            "author": "admin",
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessDefinition/1857694",
                "resourceType": "ProcessDefinition"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.bpm.api.ProcessDefinition"
            ],
            "name": "User request",
            "deployed": "2021-04-15 16:10:11",
            "tag": "19",
            "id": 1857694,
            "version": 19,
            "enabled": true
        },
      .............
    ]
}

List by filter

List all ProcessDefinitions with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/ProcessDefinition?filter=name co request
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 2,
    "startIndex": 1,
    "Resources": [
        {
            "author": "admin",
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessDefinition/1946303",
                "resourceType": "ProcessDefinition"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.bpm.api.ProcessDefinition"
            ],
            "name": "Permissions request",
            "deployed": "2021-04-30 08:48:58",
            "tag": "23",
            "id": 1946303,
            "type": "RoleApproval",
            "version": 23,
            "enabled": true
        },
        {
            "author": "admin",
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessDefinition/1857694",
                "resourceType": "ProcessDefinition"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.bpm.api.ProcessDefinition"
            ],
            "name": "User request",
            "deployed": "2021-04-15 16:10:11",
            "tag": "19",
            "id": 1857694,
            "version": 19,
            "enabled": true
        }
    ]
}

Query by id

Query a ProcessDefinition by its id (primary key). 

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/ProcessDefinition/1857694
Response 200 OK
{
    "author": "admin",
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessDefinition/1857694",
        "resourceType": "ProcessDefinition"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.bpm.api.ProcessDefinition"
    ],
    "name": "User request",
    "deployed": "2021-04-15 16:10:11",
    "tag": "19",
    "id": 1857694,
    "version": 19,
    "enabled": true
}

Create

This operation is not allowed.

Update partial

This operation is not allowed.

Update all

This operation is not allowed.

Delete

This operation is not allowed.

Error response

For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response

 

SCIM full examples

SCIM ProcessInstance examples

Operations

This page shows the operations that can be performed for the ProcessInstances object.

List all

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/ProcessInstance
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 311,
    "startIndex": 1,
    "Resources": [
        {
            "dummyProcess": false,
            "variables": {},
            "comments": [
                {
                    "actor": "admin Soffid Administrator",
                    "schemas": [
                        "urn:soffid:com.soffid.iam.bpm.api.Comment"
                    ],
                    "time": "2020-09-30 09:57:15",
                    "message": "Comentario"
                }
            ],
            "processDefinition": 628635,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessInstance/626161",
                "resourceType": "ProcessInstance"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.bpm.api.ProcessInstance"
            ],
            "start": "2020-09-29 20:34:46",
            "currentTask": "Entrada de la consulta",
            "description": "Consultar la base de datos",
            "end": "2020-11-11 15:05:48",
            "id": 626161
        },
        {
            "dummyProcess": false,
            "variables": {},
            "comments": [],
            "processDefinition": 628635,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessInstance/626179",
                "resourceType": "ProcessInstance"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.bpm.api.ProcessInstance"
            ],
            "start": "2020-09-29 20:35:22",
            "currentTask": "Entrada de la consulta",
            "description": "Consultar la base de datos",
            "end": "2020-11-11 15:05:44",
            "id": 626179
        },
      ..........
    ]
}

List by filter

List all ProcessInstances with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/ProcessInstance?filter=description co Permission and currentTask eq Start
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 8,
    "startIndex": 1,
    "Resources": [
        {
            "dummyProcess": false,
            "variables": {
                "requester": "admin",
                "grants": [],
                "requesterName": "Soffid Administrator"
            },
            "comments": [],
            "processDefinition": 1054785,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessInstance/1053984",
                "resourceType": "ProcessInstance"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.bpm.api.ProcessInstance"
            ],
            "start": "2020-12-14 14:49:20",
            "currentTask": "Start",
            "description": "Permissions request",
            "end": "2021-01-29 08:25:28",
            "id": 1053984
        },
        {
            "dummyProcess": false,
            "variables": {
                "requester": "admin",
                "grants": [],
                "requesterName": "Soffid Administrator"
            },
            "comments": [],
            "processDefinition": 1946303,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessInstance/1378380",
                "resourceType": "ProcessInstance"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.bpm.api.ProcessInstance"
            ],
            "start": "2021-01-29 08:26:30",
            "currentTask": "Start",
            "description": "Permissions request",
            "id": 1378380
        },
        ...........
    ]
}
      

Query by id

Query a ProcessInstance by its id (primary key). 

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/ProcessInstance/1378380
Response 200 OK
{
    "dummyProcess": false,
    "variables": {
        "requester": "admin",
        "grants": [],
        "requesterName": "Soffid Administrator"
    },
    "comments": [],
    "processDefinition": 1946303,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessInstance/1378380",
        "resourceType": "ProcessInstance"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.bpm.api.ProcessInstance"
    ],
    "start": "2021-01-29 08:26:30",
    "currentTask": "Start",
    "description": "Permissions request",
    "id": 1378380
}

Create

Request

POST http://<your-domain>/soffid/webservice/scim2/v1/ProcessInstance

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.bpm.api.ProcessInstance"
    ],
    "dummyProcess": false,
    "variables": {
        "requester": "ckelp",
        "grants": [],
        "requesterName": "Casey Kelp"
    },
    "comments": [],
    "processDefinition": 1946303,
    "description": "Permissions request"
}
Response 201 Created
{
    "dummyProcess": false,
    "variables": {
        "requester": "ckelp",
        "grants": [],
        "requesterName": "Casey Kelp"
    },
    "comments": [],
    "processDefinition": 1946303,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessInstance/1378380",
        "resourceType": "ProcessInstance"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.bpm.api.ProcessInstance"
    ],
    "start": "2021-01-29 08:26:30",
    "currentTask": "Start",
    "description": "Permissions request",
    "id": 1378380
}

Update partial

Only attributes with changes will be updated, the other will maintain the same value.

Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/GroupUser/1976741

JSON

{
    "Operations": [
        {
            "op": "replace",
            "path": "start",
            "value": "2021-05-14 00:00:00"
        }
    ]
}
Response 200 OK
{
    "dummyProcess": false,
    "variables": {
        "requester": "admin",
        "grants": [],
        "requesterName": "Soffid Administrator"
    },
    "comments": [],
    "processDefinition": 1946303,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessInstance/1378380",
        "resourceType": "ProcessInstance"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.bpm.api.ProcessInstance"
    ],
    "start": "2021-05-14 00:00:00",
    "currentTask": "Start",
    "description": "Permissions request",
    "id": 1378380
}

Update all

This operation replaces all values in the ProcessInstance.

Request
PUT - http://<your-domain>/soffid/webservice/scim2/v1/ProcessInstance/1474138

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.bpm.api.ProcessInstance"
    ],
    "id": 1378380,
    "dummyProcess": false,
    "variables": {
        "requester": "ckelp",
        "grants": [],
        "requesterName": "Casey Kelp"
    },
    "comments": ["comments"],
    "processDefinition": 1946303,
    "start": "2021-05-14 00:00:00",
    "currentTask": "Start",
    "description": "Permissions request"
    
}
Response 200 OK
{
    "dummyProcess": false,
    "variables": {
        "requester": "ckelp",
        "grants": [],
        "requesterName": "Casey Kelp"
    },
    "comments": [
        "comments"
    ],
    "processDefinition": 1946303,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/ProcessInstance/1378380",
        "resourceType": "ProcessInstance"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.bpm.api.ProcessInstance"
    ],
    "start": "2021-05-14 00:00:00",
    "currentTask": "Start",
    "description": "Permissions request",
    "id": 1378380
}

Delete

When you delete a ProcessInstance, it will be disabled, but never deleted from the database, this ProcessInstance will have an end date.

Please note after this delete, the ProcessInstance has to be created again to use it in the next examples.

Request
DELETE - http://<your-domain>/webservice/scim2/v1/ProcessInstance/1977873
Response 204 No Content
204 No Content

Error response

For more infomation about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response

 

SCIM full examples

SCIM TaskInstance examples

Operations

This page shows the operations that can be performed for the TaskInstances object.

List all

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/TaskInstance
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 6,
    "startIndex": 1,
    "Resources": [
        {
            "variables": {
                "requester": "admin",
                "grants": [
                    {
                        "ownersString": "SOFFID_ADMIN ",
                        "comments": "",
                        "roleId": 393447,
                        "userFullName": "Soffid Administrator",
                        "owners": [
                            "SOFFID_ADMIN"
                        ],
                        "userName": "admin",
                        "approved": false,
                        "applicationDescription": "SOFFID Identity Manager",
                        "taskInstance": 1762656,
                        "schemas": [
                            "urn:soffid:com.soffid.iam.addons.bpm.common.RoleRequestInfo"
                        ],
                        "denied": false,
                        "roleDescription": "Accounting Manager",
                        "applicationName": "Container/Business 2/SOFFID"
                    }
                ],
                "requesterName": "Soffid Administrator"
            },
            "processDefinition": 1762352,
            "description": "Approve ",
            "pooledActors": [
                "SOFFID_ADMIN"
            ],
            "priority": 3,
            "transitions": [
                "Rechazar",
                "Aceptar"
            ],
            "dummyTask": false,
            "processName": "Modificar permisos",
            "processId": 1762544,
            "blocking": false,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/TaskInstance/1762656",
                "resourceType": "TaskInstance"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.bpm.api.TaskInstance"
            ],
            "name": "Approve",
            "create": "2021-03-30 19:57:35",
            "cancelled": false,
            "id": 1762656,
            "open": true,
            "signalling": true
        },
        {
            "variables": {
                "requester": "admin",
                "grants": [
                    {
                        "ownersString": "admin ",
                        "comments": "",
                        "roleId": 393447,
                        "userFullName": "Soffid Administrator",
                        "owners": [
                            "admin"
                        ],
                        "userName": "admin",
                        "approved": false,
                        "applicationDescription": "SOFFID Identity Manager",
                        "taskInstance": 1861549,
                        "schemas": [
                            "urn:soffid:com.soffid.iam.addons.bpm.common.RoleRequestInfo"
                        ],
                        "denied": false,
                        "roleDescription": "Accounting Manager",
                        "applicationName": "Operation/Business 2/SOFFID"
                    }
                ],
                "requesterName": "Soffid Administrator"
            },
            "processDefinition": 1946303,
            "description": "Approve pending permissions",
            "pooledActors": [
                "admin"
            ],
            "priority": 3,
            "transitions": [
                "Reject",
                "Approve"
            ],
            "dummyTask": false,
            "processName": "Permissions request",
            "processId": 1861537,
            "blocking": false,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/TaskInstance/1861549",
                "resourceType": "TaskInstance"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.bpm.api.TaskInstance"
            ],
            "name": "Approve",
            "create": "2021-04-17 21:00:46",
            "cancelled": false,
            "id": 1861549,
            "open": true,
            "signalling": true
        },
      ....................
    ]
}

List by filter

List all TaskInstances with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/TaskInstance?count=2&filter=processName eq "Permissions request" and name eq Approve
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 4,
    "startIndex": 1,
    "Resources": [
        {
            "variables": {
                "requester": "admin",
                "grants": [
                    {
                        "ownersString": "admin ",
                        "comments": "",
                        "roleId": 393447,
                        "userFullName": "Soffid Administrator",
                        "owners": [
                            "admin"
                        ],
                        "userName": "admin",
                        "approved": false,
                        "applicationDescription": "SOFFID Identity Manager",
                        "taskInstance": 1861549,
                        "schemas": [
                            "urn:soffid:com.soffid.iam.addons.bpm.common.RoleRequestInfo"
                        ],
                        "denied": false,
                        "roleDescription": "Accounting Manager",
                        "applicationName": "Operation/Business 2/SOFFID"
                    }
                ],
                "requesterName": "Soffid Administrator"
            },
            "processDefinition": 1946303,
            "description": "Approve pending permissions",
            "pooledActors": [
                "admin"
            ],
            "priority": 3,
            "transitions": [
                "Reject",
                "Approve"
            ],
            "dummyTask": false,
            "processName": "Permissions request",
            "processId": 1861537,
            "blocking": false,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/TaskInstance/1861549",
                "resourceType": "TaskInstance"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.bpm.api.TaskInstance"
            ],
            "name": "Approve",
            "create": "2021-04-17 21:00:46",
            "cancelled": false,
            "id": 1861549,
            "open": true,
            "signalling": true
        },
        {
            "variables": {
                "requester": "admin",
                "grants": [
                    {
                        "ownersString": "admin ",
                        "comments": "",
                        "roleId": 393103,
                        "userFullName": "Soffid Administrator",
                        "owners": [
                            "admin"
                        ],
                        "userName": "admin",
                        "approved": false,
                        "applicationDescription": "Active Directory",
                        "taskInstance": 1638273,
                        "schemas": [
                            "urn:soffid:com.soffid.iam.addons.bpm.common.RoleRequestInfo"
                        ],
                        "denied": false,
                        "roleDescription": "Enterprise Administrators",
                        "applicationName": "Container/Business process/ad"
                    }
                ],
                "requesterName": "Soffid Administrator"
            },
            "processDefinition": 1946303,
            "start": "2021-05-10 12:57:31",
            "description": "Approve pending permissions",
            "pooledActors": [
                "admin"
            ],
            "priority": 3,
            "transitions": [
                "Reject",
                "Approve"
            ],
            "dummyTask": false,
            "actorId": "admin",
            "processName": "Permissions request",
            "processId": 1638261,
            "blocking": false,
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/TaskInstance/1638273",
                "resourceType": "TaskInstance"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.bpm.api.TaskInstance"
            ],
            "name": "Approve",
            "create": "2021-03-11 16:33:41",
            "cancelled": false,
            "id": 1638273,
            "open": true,
            "signalling": true
        },
      ..............
    ]
}

Query by id

Query a TaskInstance by its id (primary key). 

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/TaskInstance/1861549
Response 200 OK
{
    "variables": {
        "requester": "admin",
        "grants": [
            {
                "ownersString": "admin ",
                "comments": "",
                "roleId": 393447,
                "userFullName": "Soffid Administrator",
                "owners": [
                    "admin"
                ],
                "userName": "admin",
                "approved": false,
                "applicationDescription": "SOFFID Identity Manager",
                "taskInstance": 1861549,
                "schemas": [
                    "urn:soffid:com.soffid.iam.addons.bpm.common.RoleRequestInfo"
                ],
                "denied": false,
                "roleDescription": "Accounting Manager",
                "applicationName": "Operation/Business 2/SOFFID"
            }
        ],
        "requesterName": "Soffid Administrator"
    },
    "processDefinition": 1946303,
    "description": "Approve pending permissions",
    "pooledActors": [
        "admin"
    ],
    "priority": 3,
    "transitions": [
        "Reject",
        "Approve"
    ],
    "dummyTask": false,
    "processName": "Permissions request",
    "processId": 1861537,
    "blocking": false,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/TaskInstance/1861549",
        "resourceType": "TaskInstance"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.bpm.api.TaskInstance"
    ],
    "name": "Approve",
    "create": "2021-04-17 21:00:46",
    "cancelled": false,
    "id": 1861549,
    "open": true,
    "signalling": true
}

Create

This operation is not allowed.

Update partial

Only attributes with changes will be updated, the other will mantain the same value.

Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/TaskInstance/1762656

JSON

{
    "Operations": [
        {
            "op": "replace",
            "path": "blocking",
            "value": true
        }
    ]
}
Response 200 OK
{
    "variables": {
        "requester": "admin",
        "grants": [
            {
                "ownersString": "SOFFID_ADMIN ",
                "comments": "",
                "roleId": 393447,
                "userFullName": "Soffid Administrator",
                "owners": [
                    "SOFFID_ADMIN"
                ],
                "userName": "admin",
                "approved": false,
                "applicationDescription": "SOFFID Identity Manager",
                "taskInstance": 1762656,
                "schemas": [
                    "urn:soffid:com.soffid.iam.addons.bpm.common.RoleRequestInfo"
                ],
                "denied": false,
                "roleDescription": "Accounting Manager",
                "applicationName": "Container/Business 2/SOFFID"
            }
        ],
        "requesterName": "Soffid Administrator"
    },
    "processDefinition": 1762352,
    "description": "Approve ",
    "pooledActors": [
        "SOFFID_ADMIN"
    ],
    "priority": 3,
    "transitions": [
        "Rechazar",
        "Aceptar"
    ],
    "dummyTask": false,
    "processName": "Modificar permisos",
    "processId": 1762544,
    "blocking": true,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/TaskInstance/1762656",
        "resourceType": "TaskInstance"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.bpm.api.TaskInstance"
    ],
    "name": "Approve",
    "create": "2021-03-30 19:57:35",
    "cancelled": false,
    "id": 1762656,
    "open": true,
    "signalling": true
}

Update all

This operation replaces all values in the GroupUser.

Request
PUT http://<your-domain>/webservice/scim2/v1/TaskInstance/1762656

JSON

{
    "variables": {
        "requester": "admin",
        "grants": [
            {
                "ownersString": "SOFFID_ADMIN ",
                "comments": "",
                "roleId": 393447,
                "userFullName": "Soffid Administrator",
                "owners": [
                    "SOFFID_ADMIN"
                ],
                "userName": "admin",
                "approved": false,
                "applicationDescription": "SOFFID Identity Manager",
                "taskInstance": 1762656,
                "schemas": [
                    "urn:soffid:com.soffid.iam.addons.bpm.common.RoleRequestInfo"
                ],
                "denied": false,
                "roleDescription": "Accounting Manager",
                "applicationName": "Container/Business 2/SOFFID"
            }
        ],
        "requesterName": "Soffid Administrator"
    },
    "processDefinition": 1762352,
    "description": "Approve ",
    "pooledActors": [
        "SOFFID_ADMIN"
    ],
    "priority": 3,
    "transitions": [
        "Rechazar",
        "Aceptar"
    ],
    "dummyTask": false,
    "processName": "Modificar permisos",
    "processId": 1762544,
    "blocking": true,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/TaskInstance/1762656",
        "resourceType": "TaskInstance"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.bpm.api.TaskInstance"
    ],
    "name": "Approve",
    "create": "2021-03-30 19:57:35",
    "cancelled": false,
    "id": 1762656,
    "open": true,
    "signalling": true
}
Response 200 OK
{
    "variables": {
        "requester": "admin",
        "grants": [
            {
                "ownersString": "SOFFID_ADMIN ",
                "comments": "",
                "roleId": 393447,
                "userFullName": "Soffid Administrator",
                "owners": [
                    "SOFFID_ADMIN"
                ],
                "userName": "admin",
                "approved": false,
                "applicationDescription": "SOFFID Identity Manager",
                "taskInstance": 1762656,
                "schemas": [
                    "urn:soffid:com.soffid.iam.addons.bpm.common.RoleRequestInfo"
                ],
                "denied": false,
                "roleDescription": "Accounting Manager",
                "applicationName": "Container/Business 2/SOFFID"
            }
        ],
        "requesterName": "Soffid Administrator"
    },
    "processDefinition": 1762352,
    "description": "Approve ",
    "pooledActors": [
        "SOFFID_ADMIN"
    ],
    "priority": 3,
    "transitions": [
        "Rechazar",
        "Aceptar"
    ],
    "dummyTask": false,
    "processName": "Modificar permisos",
    "processId": 1762544,
    "blocking": true,
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/TaskInstance/1762656",
        "resourceType": "TaskInstance"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.bpm.api.TaskInstance"
    ],
    "name": "Approve",
    "create": "2021-03-30 19:57:35",
    "cancelled": false,
    "id": 1762656,
    "open": true,
    "signalling": true
}

Delete

In this case, delete operation will cancel the TaskInstace, but does not be deleted form database.

Please note after this delete, the account has to be created again to use it in the next examples.

Request
DELETE - http://<your-domain>/soffid/webservice/scim2/v1/TaskInstance/1762656
Response 204 No Content
204 No Content

Error response

For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response

 

SCIM for OTP devices

SCIM for OTP devices

SCIM for OTP devices

⏰ Getting Started

Introduction

Soffid allows you to combine two of the most powerfull  addons that you can use into Soffid Console, SCIM and OTP

Please note that the SCIM REST Web Service Add-on installed must be installed, please check this part in How to use SCIM in Soffid # Installation

Please note that a user with the authentication is required, please check this part in How to use SCIM in Soffid # Confirm authorization

Please note that is recommended to use a REST client, please see our example in Testing tool # RESTer

Please note that the correct header parameters must be used, please browse them in SCIM in Soffid # HTTP request

Please note that OTP addon must be intalled and configured,  check it in OTP Settings

OTP Device Types

OTP device types available 

OTP Device Status

OTP device status available :

OTP Operations

Soffid provides an API that allows to connect to the OTP microservices.

The available operations are the following

You can visit the SCIM OTP devices examples page for more detailed information

Workflows

With the previous operations, using the SCIM OTP API, we can define some workflows.

You can visit the SCIM OTP devices Workflows examples page




SCIM for OTP devices

SCIM OTP devices examples

Operations

This page shows the operations that can be performed for the OTP devices object.

List all

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/OtpDevice
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 25,
    "startIndex": 1,
    "Resources": [
        {
            "lastUsed": "2021-10-14 06:57:00",
            "created": "2021-10-14 06:44:43",
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880",
                "links": {
                    "requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880/requestChallenge",
                    "responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880/responseChallenge"
                },
                "resourceType": "OtpDevice"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
            ],
            "name": "TOTP00000001",
            "id": 4022880,
            "type": "TOTP",
            "user": "franck",
            "fails": 0,
            "status": "D"
        },
        {
            "created": "2021-10-14 08:37:38",
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4024384",
                "links": {
                    "requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4024384/requestChallenge",
                    "responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4024384/responseChallenge"
                },
                "resourceType": "OtpDevice"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
            ],
            "name": "Email message to pg*****@so****.co*",
            "id": 4024384,
            "type": "EMAIL",
            "user": "patricia",
            "fails": 0,
            "email": "patricia@soffid.com",
            "status": "D"
        },
        {
            "created": "2021-10-14 11:17:52",
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4024416",
                "links": {
                    "requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4024416/requestChallenge",
                    "responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4024416/responseChallenge"
                },
                "resourceType": "OtpDevice"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
            ],
            "phone": "666555444",
            "name": "SMS message to 66*****44",
            "id": 4024416,
            "type": "SMS",
            "user": "agatha",
            "fails": 0,
            "status": "V"
        },
      .............
      .............
    ]
}

List by filter

List all the OTP devices with a filter expression.

It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/OtpDevice?filter=type eq "TOTP"
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 7,
    "startIndex": 1,
    "Resources": [
        {
            "lastUsed": "2021-10-14 06:57:00",
            "created": "2021-10-14 06:44:43",
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880",
                "links": {
                    "requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880/requestChallenge",
                    "responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880/responseChallenge"
                },
                "resourceType": "OtpDevice"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
            ],
            "name": "TOTP00000001",
            "id": 4022880,
            "type": "TOTP",
            "user": "franck",
            "fails": 0,
            "status": "D"
        },
      .............
      .............
    ]
}

Query by id

Query a OTP device by its id (primary key). 

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/OtpDevice/5007882
Response 200 OK
{
    "created": "2022-02-22 07:46:51",
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5007882",
        "links": {
            "requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5007882/requestChallenge",
            "responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5007882/responseChallenge"
        },
        "resourceType": "OtpDevice"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
    ],
    "name": "TOTP00000035",
    "id": 5007882,
    "type": "TOTP",
    "user": "admin",
    "fails": 0,
    "status": "C"
}

Create

Allows you to create a new OTP device. It is important the type of the OTP you want to create, and depending on this, it will be mandatory to add new attributes to the request.

Request
http://<your-domain>/soffid/webservice/scim2/v1/OtpDevice

JSON

{
    "meta": {
        "location": "http://<your-domain>/webservice/scim2/v1/OtpDevice",
        "resourceType": "OtpDevice"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
    ],
    "type": "TOTP",
    "user": "admin"
}
Response 200 OK
{
    "image": "iVBORw0KGgoAAAANSUhEUgAAAMgAAADIAQAAAACFI5MzAAAC3klEQVR4Xu2XP66jMBDGB7lwFy5gydeg40rkAoRcgFzJna+B5AtA58Ji9hueQvJWu8UbS6stMoqiwA9lrPn7Qfw3o99vnPYhHyL2L0mghhOz2Xue+tJGIltBIm9haQPdgufsButxp4LQlc1M+C5tSLt1TSWJyy26Jvipd2NfTTJPHU/kmlxariS8RX6w2fhwwt+i82OC/ER3fX2+Ze7HBJbp0iGieCQh54dpSaCBaOz8SmbukfY0C1STJAHIZkdQe947d6khkYau3KKZrNktzs77MwYawoTCuTFqEDytHY1PPxqSEQPPwY3WoOeu0WzPbGtIoNH6tTdzt1BX2ky3w7mSZAnkA95sQge3eRmfMdAQhh8pwLFL94ACR/9VkOzvbB5oX0LnuaEz9xoS/YORcNROGY7jn/nREE5bwCRwFwtveOQtBgoSJc9rnzggOWm27nUCBcnws1wI3OPgeOpVVQqCkdynqU+rLWQx+fwxEtTEEZXBLoO4KjcpzAqScZWQbczRNphZOq+CBHcNkuQmSs+hm4enHw1hXBWM9o39PS4XW161oyBhIZt2MishP/imy3kCDUEAyo3LpZe2m/BUDYlmtdjbUoDYtIQNyRUkLPj7jdNE5g4hIKVUQWK5BszRQh3PWBf0pncUJCAhRjJDGPZokbdtpiCMooYHs8rZ4WehKuIhnZqM0YIKSo+czsmnIRFKpxyyArfd8FY7GoKRzISg7gSInqsj2UwdYVZh+c+9jATMZj2J0rUi7ix0YsFsFt9qIrtR5PA9o10wYPx0nlpDjJRhD4Xi0MoP6NnTj4KEQ4WJFvNbXlDWZ+1oCCwujWhYg7S3sVQR0bDUYj3GI+3xpa81BPoah+3T/UvDygqqIShDNxIq2q8dftD7W4GGRLyBYT0ujdRRedOwOgKRgvMiS446z2JqwjKfMJUJextCm87dqCHIj+xGj0WxMbT/8v7G8mPyZ/uQDxH7n8kvJ2XgRr9Rxi0AAAAASUVORK5CYII=",
    "created": "2022-02-22 07:46:51",
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5007882",
        "resourceType": "OtpDevice"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
    ],
    "name": "TOTP00000035",
    "id": 5007882,
    "type": "TOTP",
    "user": "admin",
    "fails": 0,
    "status": "C"
}
Example JSON SMS
{
    "type": "EMAIL",
    "user": "dilbert",
    "phone": "6665552222"
}
Example JSON EMAIL
{
    "type": "EMAIL",
    "user": "dilbert",
    "email": "dilbert@soffid.com"
}
Example JSON PIN
{
    "type": "PIN",
    "user": "dilbert",
    "email": "123456789"
}

Update partial

Only attributes with changes will be updated, the other will mantain the same value. This example shows how  to enable an OTP device.

Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/OtpDevice/5007882

JSON

{
    "Operations": 
    [
        {
            "op": "replace",
            "path": "status",
            "value": "V"
        }
    ]
}
Response 200 OK
{
    "created": "2022-02-22 07:46:51",
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5007882",
        "links": {
            "requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5007882/requestChallenge",
            "responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5007882/responseChallenge"
        },
        "resourceType": "OtpDevice"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
    ],
    "name": "TOTP00000035",
    "id": 5007882,
    "type": "TOTP",
    "user": "admin",
    "fails": 0,
    "status": "V"
}

Request Challenge

This operation allows Soffid to obtain the PIN code for a specific OTP device. We can use this method to send an email or SMS, depending on the type of OTP device.

Request
GET http://<your-domain>//soffid/webservice/scim2/v1/OtpDevice/<OTP_ID>/requestChallenge
Response 200 OK
{
    "cell": "PIN",
    "cardNumber": "SMS message to 66*****22"
}

Response Challenge

This operation allows you to validate a PIN code for a specific OTP device.

Request
POST http://<your-domain>//soffid/webservice/scim2/v1/OtpDevice/<OTP_ID>/responseChallenge

JSON

{
    "pin": "12345678"
}
Response 200 OK
{
    "success": false,
    "locked": false
}

Delete

In this case, delete operation will cancel the TaskInstace, but does not be deleted form database.

Please note after this delete, the account has to be created again to use it in the next examples.

Request
DELETE - http://<your-domain>/soffid/webservice/scim2/v1/OtpDevice/5007967
Response 204 No Content
204 No Content

Error response

For more information about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response

 

SCIM for OTP devices

SCIM OTP devices Workflows examples

Workflow Examples

Workflow 1

1. Create Email OTP device

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/OtpDevice

JSON

{
    "type": "EMAIL",
    "user": "dilbert",
    "email": "dilbert@soffid.com"
}
Response 200 OK
{
    "created": "2022-03-09 13:39:52",
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5099461",
        "resourceType": "OtpDevice"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
    ],
    "name": "Email message to di*****@so****.co*",
    "id": 5099461,
    "type": "EMAIL",
    "user": "dilbert",
    "fails": 0,
    "email": "dilbert@soffid.com",
    "status": "C"
}

2. RequestChallenge to get the PIN code

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/OtpDevice/5099461/requestChallenge
Response 200 OK
{
    "cell": "PIN",
    "cardNumber": "Email message to di*****@so****.co*"
}

3. ResponseChallenge to validate the PIN code

Request
POST http://<your-domain>/soffid/webservice/scim2/v1/OtpDevice/5099461/responseChallenge

JSON

{
    "pin": "839231"
}
Response 200 OK
{
    "success": true,
    "locked": false
}

4. Enable OTP device

Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/OtpDevice/5099461

JSON

{
    "Operations": 
    [
        {
            "op": "replace",
            "path": "status",
            "value": "V"
        }
    ]
}
Response
{
    "created": "2022-03-09 13:39:52",
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5099461",
        "links": {
            "requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5099461/requestChallenge",
            "responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/5099461/responseChallenge"
        },
        "resourceType": "OtpDevice"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
    ],
    "name": "Email message to di*****@so****.co*",
    "id": 5099461,
    "type": "EMAIL",
    "user": "dilbert",
    "fails": 0,
    "email": "dilbert@soffid.com",
    "status": "V"
}

Workflow 2

1. Get TOTP devices

Obtain all unused OTP devices by 2022.

Request 
GET http://<your-domain>/soffid/webservice/scim2/v1/OtpDevice?filter=lastUsed le "2022-01-01"
Response 200 Ok
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 5,
    "startIndex": 1,
    "Resources": [
        {
            "lastUsed": "2021-10-14 06:57:00",
            "created": "2021-10-14 06:44:43",
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880",
                "links": {
                    "requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880/requestChallenge",
                    "responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880/responseChallenge"
                },
                "resourceType": "OtpDevice"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
            ],
            "name": "TOTP00000001",
            "id": 4022880,
            "type": "TOTP",
            "user": "admin",
            "fails": 0,
            "status": "E"
        },
        {
            "lastUsed": "2021-10-14 06:59:33",
            "created": "2021-10-14 06:58:05",
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022891",
                "links": {
                    "requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022891/requestChallenge",
                    "responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022891/responseChallenge"
                },
                "resourceType": "OtpDevice"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
            ],
            "name": "TOTP00000002",
            "id": 4022891,
            "type": "TOTP",
            "user": "ckelp",
            "fails": 0,
            "status": "C"
        },
        .....
    ]
}

2. Disable OTP device

Disble the OTP devices one by one

Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/OtpDevice/4022880

JSON

{
    "Operations": 
    [
        {
            "op": "replace",
            "path": "status",
            "value": "D"
        }
    ]
}
Response 200 Ok
{
    "lastUsed": "2021-10-14 06:57:00",
    "created": "2021-10-14 06:44:43",
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880",
        "links": {
            "requestChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880/requestChallenge",
            "responseChallenge": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/OtpDevice/4022880/responseChallenge"
        },
        "resourceType": "OtpDevice"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.addons.otp.common.OtpDevice"
    ],
    "name": "TOTP00000001",
    "id": 4022880,
    "type": "TOTP",
    "user": "admin",
    "fails": 0,
    "status": "D"
}