SCIM Account examples

Operations

This page shows the operations that can be performed for the account object

List all

List all accounts, disabled or not.

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Account
Response 200 OK

For example, after the Soffid installation, these are the available account.

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 1,
    "startIndex": 1,
    "Resources": [
        {
            "lastLogin": "2021-05-10 13:00:40",
            "grantedRoles": [],
            "description": "Soffid Administrator",
            "type": "U",
            "ownerGroups": [],
            "oldName": "admin",
            "loginName": "admin",
            "inheritNewPermissions": false,
            "disabled": false,
            "id": 103,
            "managerGroups": [],
            "grantedGroups": [],
            "lastPasswordSet": "2021-05-05 11:32:14",
            "passwordExpiration": "2022-05-05 00:00:00",
            "passwordPolicy": "I",
            "accessLevel": "O",
            "managerRoles": [],
            "created": "2020-02-13 23:01:44",
            "system": "soffid",
            "ownerRoles": [],
            "meta": {
                "location": "http://<your-domain>/webservice/scim2/v1/Account/103",
                "links": {
                    "roleAccounts": "http://<your-domain>/webservice/scim2/v1/RoleAccount?filter=account.id+eq+103+and+enabled+eq+true",
                    "users": "http://<your-domain>/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+103+or+accounts.account.id+eq+103"
                },
                "resourceType": "Account"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Account"
            ],
            "name": "admin",
            "managerUsers": [],
            "attributes": {},
            "status": "a",
            "ownerUsers": [
                "admin"
            ],
            "grantedUsers": []
        }
    ]
}

List by filter

List all accounts with a filter expression. 

It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.

Request


GET http://<your-domain>/soffid/webservice/scim2/v1/Account?filter=name co "adm" and passwordPolicy  pr
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 3,
    "startIndex": 1,
    "Resources": [
        {
            "lastLogin": "2021-05-10 13:05:15",
            "grantedRoles": [],
            "description": "Soffid Administrator",
            "type": "U",
            "ownerGroups": [],
            "oldName": "admin2",
            "loginName": "admin",
            "inheritNewPermissions": false,
            "disabled": false,
            "id": 103,
            "managerGroups": [],
            "grantedGroups": [],
            "lastPasswordSet": "2021-05-05 11:32:14",
            "passwordExpiration": "2022-05-05 00:00:00",
            "passwordPolicy": "I",
            "accessLevel": "O",
            "managerRoles": [],
            "created": "2020-02-13 23:01:44",
            "system": "soffid",
            "ownerRoles": [],
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/103",
                "links": {
                    "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+103+and+enabled+eq+true",
                    "users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+103+or+accounts.account.id+eq+103"
                },
                "resourceType": "Account"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Account"
            ],
            "name": "admin",
            "managerUsers": [],
            "attributes": {},
            "status": "a",
            "ownerUsers": [
                "admin"
            ],
            "grantedUsers": []
        },
        {
            "passwordPolicy": "I",
            "grantedRoles": [],
            "accessLevel": "O",
            "managerRoles": [],
            "created": "2021-03-04 22:37:21",
            "description": "Soffid test account",
            "type": "I",
            "system": "soffid",
            "ownerGroups": [],
            "ownerRoles": [],
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1587766",
                "links": {
                    "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1587766+and+enabled+eq+true",
                    "users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1587766+or+accounts.account.id+eq+1587766"
                },
                "resourceType": "Account"
            },
            "loginName": "admintest",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Account"
            ],
            "name": "admintest",
            "inheritNewPermissions": false,
            "managerUsers": [
                "dilbert",
                "dogbert"
            ],
            "disabled": false,
            "attributes": {},
            "id": 1587766,
            "managerGroups": [],
            "grantedGroups": [],
            "status": "a",
            "ownerUsers": [
                "admin"
            ],
            "grantedUsers": []
        },
        {
            "passwordPolicy": "I",
            "grantedRoles": [],
            "accessLevel": "O",
            "managerRoles": [],
            "created": "2021-03-04 22:44:06",
            "description": "Soffid test account 2",
            "type": "I",
            "system": "soffid",
            "ownerGroups": [],
            "ownerRoles": [],
            "meta": {
                "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1587776",
                "links": {
                    "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1587776+and+enabled+eq+true",
                    "users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1587776+or+accounts.account.id+eq+1587776"
                },
                "resourceType": "Account"
            },
            "loginName": "admintest2",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Account"
            ],
            "name": "admintest2",
            "inheritNewPermissions": false,
            "managerUsers": [
                "dilbert",
                "dogbert"
            ],
            "disabled": false,
            "attributes": {},
            "id": 1587776,
            "managerGroups": [],
            "grantedGroups": [],
            "status": "a",
            "ownerUsers": [
                "admin"
            ],
            "grantedUsers": []
        }
    ]
}

Query by id

Query an account by its id (primary key). 

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Account/1057754
Response 200 OK
{
    "passwordPolicy": "I",
    "grantedRoles": [],
    "accessLevel": "-",
    "managerRoles": [],
    "created": "2020-12-14 17:52:14",
    "description": "John Smith",
    "type": "U",
    "system": "idp",
    "ownerGroups": [],
    "ownerRoles": [],
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1057754",
        "links": {
            "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1057754+and+enabled+eq+true",
            "users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1057754+or+accounts.account.id+eq+1057754"
        },
        "resourceType": "Account"
    },
    "loginName": "jsmith",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Account"
    ],
    "name": "jsmith",
    "inheritNewPermissions": false,
    "managerUsers": [],
    "disabled": false,
    "attributes": {},
    "id": 1057754,
    "managerGroups": [],
    "grantedGroups": [],
    "status": "a",
    "ownerUsers": [
        "jsmith"
    ],
    "grantedUsers": []
}

Create

Request

POST http://<your-domain>/soffid/webservice/scim2/v1/Account

JSON

{ 
    "schemas": ["urn:soffid:com.soffid.iam.api.Account"],
    "name": "Guest",
    "type": "I",
    "system": "soffid",
    "passwordPolicy": "I",
    "description": "Guest user",
    "inheritNewPermissions": false,
    "disabled": false
}
Response 201 Created
{
    "passwordPolicy": "I",
    "grantedRoles": [],
    "managerRoles": [],
    "description": "Guest user",
    "type": "I",
    "system": "soffid",
    "ownerGroups": [],
    "ownerRoles": [],
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1976454",
        "resourceType": "Account"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Account"
    ],
    "name": "Guest",
    "inheritNewPermissions": false,
    "managerUsers": [],
    "disabled": false,
    "attributes": {},
    "id": 1976454,
    "managerGroups": [],
    "grantedGroups": [],
    "ownerUsers": [],
    "grantedUsers": []
}

Update partial

Only attributes with changes will be updated, the others will maintain the same value.

Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/Account/15455

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Account"
    ],
    "Operations": [
        {
            "op": "replace",
            "path": "description",
            "value": "Guest User"
        },
        {
            "op": "replace",
            "path": "ownerUsers",
            "value": [
                "admin"
            ]
        }
    ]
}
Response 200 OK
{
    "passwordPolicy": "I",
    "grantedRoles": [],
    "accessLevel": "-",
    "managerRoles": [],
    "created": "2021-05-10 13:08:05",
    "description": "Guest User",
    "type": "I",
    "system": "soffid",
    "ownerGroups": [],
    "ownerRoles": [],
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1976454",
        "links": {
            "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1976454+and+enabled+eq+true",
            "users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1976454+or+accounts.account.id+eq+1976454"
        },
        "resourceType": "Account"
    },
    "loginName": "Guest",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Account"
    ],
    "name": "Guest",
    "inheritNewPermissions": false,
    "managerUsers": [],
    "disabled": false,
    "attributes": {},
    "id": 1976454,
    "managerGroups": [],
    "grantedGroups": [],
    "status": "a",
    "ownerUsers": [
        "admin"
    ],
    "grantedUsers": []
}

Update partial (password update)

Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/Account/15455

JSON

Option 1

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Account"
    ],
     "Operations": [
        {
            "op": "replace",
            "path": "password.value",
            "value": "123123"
        },
        {
            "op": "replace",
            "path": "password.expired",
            "value": false
        }
    ]
}

Option 2

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Account"
    ],
     "Operations": [
        {
            "op": "replace",
            "path": "password",
            "value": {
                "value" : "123123",
                "expired" : false
                }
        }
    ]
}
Response 200 OK
{
    "lastLogin": "2023-06-29 14:30:29",
    "grantedRoles": [],
    "description": "Frankaaa Sinatra",
    "type": "U",
    "ownerGroups": [],
    "loginName": "frank",
    "inheritNewPermissions": false,
    "disabled": false,
    "id": 5366314,
    "managerGroups": [],
    "grantedGroups": [],
    "lastPasswordSet": "2023-06-29 14:30:37",
    "passwordExpiration": "2023-07-24 00:00:00",
    "passwordPolicy": "I",
    "accessLevel": "-",
    "managerRoles": [],
    "created": "2022-04-21 10:11:12",
    "hasSnapshot": false,
    "system": "soffid",
    "ownerRoles": [],
    "meta": {
        "location": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/5366314",
        "links": {
            "briefAudit": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/Audit?filter=searchIndex+eq+'ACC%235366314'",
            "roleAccounts": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+5366314+and+enabled+eq+true",
            "users": "http://demolab.soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+5366314+or+accounts.account.id+eq+5366314"
        },
        "resourceType": "Account"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Account"
    ],
    "name": "frank",
    "managerUsers": [],
    "lastChange": "2023-06-05 15:05:16",
    "attributes": {},
    "status": "a",
    "ownerUsers": [
        "frank"
    ],
    "grantedUsers": []
}

Update all

This operation replaces all values in the account. For example, we will update the description.

Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/Account/1976454

JSON

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Account"
    ],
    "id": 1976454,
    "name": "Guest",
    "type": "I",
    "system": "soffid",
    "passwordPolicy": "I",
    "description": "Guest Guest",
    "inheritNewPermissions": false,
    "disabled": false
}
Response 200 OK
{
    "passwordPolicy": "I",
    "grantedRoles": [],
    "managerRoles": [],
    "description": "Guest Guest",
    "type": "I",
    "system": "soffid",
    "ownerGroups": [],
    "ownerRoles": [],
    "meta": {
        "location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1976454",
        "links": {
            "roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1976454+and+enabled+eq+true",
            "users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1976454+or+accounts.account.id+eq+1976454"
        },
        "resourceType": "Account"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Account"
    ],
    "name": "Guest",
    "inheritNewPermissions": false,
    "managerUsers": [],
    "disabled": false,
    "attributes": {},
    "id": 1976454,
    "managerGroups": [],
    "grantedGroups": [],
    "status": "a",
    "ownerUsers": [],
    "grantedUsers": []
}

Delete

Please note after this delete, the account has to be created again to use it in the next examples.

Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/Account/1976454
Response 204 No Content
204 No Content

Note: use of roles with domain values

In case of granting roles with domain values, the optional attribute domain value contains the value for that domain. Here is a sample account with permissions for the role SOFFID_OU_DOMAIN and domains D2 and enterprise:

{
            "grantedRoles": [],
            "roles": [
                {
                    "informationSystemName": "SOFFID",
                    "roleName": "SOFFID_OU_MANAGER",
                    "id": 2236442,
                    "roleDescription": "Business unit manager",
                    "domainValue": "D2"
                },
                {
                    "informationSystemName": "SOFFID",
                    "roleName": "SOFFID_OU_MANAGER",
                    "id": 2236447,
                    "roleDescription": "Business unit manager",
                    "domainValue": "enterprise"
                }
            ],
            "description": "faith - faith MUYOYO",
            "type": {
                "value": "U"
            },
            "lastUpdated": "2019-07-16T10:35:01+02:00",
            "ownerGroups": [],
            "inheritNewPermissions": false,
            "disabled": false,
            "id": 1727122,
            "grantedGroups": [],
            "managerGroups": [],
            "passwordPolicy": "I",
            "managerRoles": [],
            "created": "2019-07-16T10:26:16+02:00",
            "system": "soffid",
            "ownerRoles": [],
            "meta": {
                "location": "http://bubu-thinkpad:8080/soffid/webservice/scim/Account/1727122",
                "resourceType": "Account"
            },
            "name": "faith",
            "managerUsers": [],
            "attributes": {},
            "grantedUsers": [],
            "ownerUsers": [
                {
                    "lastName": "Smith",
                    "createdByUser": "csv",
                    "mailServer": "null",
                    "nationalID": "",
                    "multiSession": false,
                    "modifiedByUser": "admin",
                    "id": 1727113,
                    "homeServer": "null",
                    "primaryGroupDescription": "Entrprise",
                    "primaryGroup": "enterprise",
                    "comments": "Loaded from CSV file on Mon Aug 05 22:00:00 CEST 2019",
                    "profileServer": "null",
                    "active": true,
                    "fullName": "faith MUYOYO",
                    "userName": "faith",
                    "mailAlias": "",
                    "firstName": "faith",
                    "createdDate": "2019-07-16T10:26:16+02:00",
                    "phoneNumber": "",
                    "modifiedDate": "2019-12-12T17:06:42+01:00",
                    "userType": "I"
                }
            ]
        }

Error response

For more infomation about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response



Revision #30
Created 4 May 2021 09:13:38 by pgarcia@soffid.com
Updated 29 June 2023 14:36:07 by pgarcia@soffid.com