SCIM Account examples
Operations
This page shows the operations that can be performed for the account object
List all
List all accounts, disabled or not.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Account
Response 200 OK
For example, after the Soffid installation, these are the available account.
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"startIndex": 1,
"Resources": [
{
"lastLogin": "2021-05-10 13:00:40",
"grantedRoles": [],
"description": "Soffid Administrator",
"type": "U",
"ownerGroups": [],
"oldName": "admin",
"loginName": "admin",
"inheritNewPermissions": false,
"disabled": false,
"id": 103,
"managerGroups": [],
"grantedGroups": [],
"lastPasswordSet": "2021-05-05 11:32:14",
"passwordExpiration": "2022-05-05 00:00:00",
"passwordPolicy": "I",
"accessLevel": "O",
"managerRoles": [],
"created": "2020-02-13 23:01:44",
"system": "soffid",
"ownerRoles": [],
"meta": {
"location": "http://<your-domain>/webservice/scim2/v1/Account/103",
"links": {
"roleAccounts": "http://<your-domain>/webservice/scim2/v1/RoleAccount?filter=account.id+eq+103+and+enabled+eq+true",
"users": "http://<your-domain>/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+103+or+accounts.account.id+eq+103"
},
"resourceType": "Account"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "admin",
"managerUsers": [],
"attributes": {},
"status": "a",
"ownerUsers": [
"admin"
],
"grantedUsers": []
}
]
}
List by filter
List all accounts with a filter expression.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Account?filter=name co "adm" and passwordPolicy pr
Response 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 3,
"startIndex": 1,
"Resources": [
{
"lastLogin": "2021-05-10 13:05:15",
"grantedRoles": [],
"description": "Soffid Administrator",
"type": "U",
"ownerGroups": [],
"oldName": "admin2",
"loginName": "admin",
"inheritNewPermissions": false,
"disabled": false,
"id": 103,
"managerGroups": [],
"grantedGroups": [],
"lastPasswordSet": "2021-05-05 11:32:14",
"passwordExpiration": "2022-05-05 00:00:00",
"passwordPolicy": "I",
"accessLevel": "O",
"managerRoles": [],
"created": "2020-02-13 23:01:44",
"system": "soffid",
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/103",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+103+and+enabled+eq+true",
"users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+103+or+accounts.account.id+eq+103"
},
"resourceType": "Account"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "admin",
"managerUsers": [],
"attributes": {},
"status": "a",
"ownerUsers": [
"admin"
],
"grantedUsers": []
},
{
"passwordPolicy": "I",
"grantedRoles": [],
"accessLevel": "O",
"managerRoles": [],
"created": "2021-03-04 22:37:21",
"description": "Soffid test account",
"type": "I",
"system": "soffid",
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1587766",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1587766+and+enabled+eq+true",
"users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1587766+or+accounts.account.id+eq+1587766"
},
"resourceType": "Account"
},
"loginName": "admintest",
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "admintest",
"inheritNewPermissions": false,
"managerUsers": [
"dilbert",
"dogbert"
],
"disabled": false,
"attributes": {},
"id": 1587766,
"managerGroups": [],
"grantedGroups": [],
"status": "a",
"ownerUsers": [
"admin"
],
"grantedUsers": []
},
{
"passwordPolicy": "I",
"grantedRoles": [],
"accessLevel": "O",
"managerRoles": [],
"created": "2021-03-04 22:44:06",
"description": "Soffid test account 2",
"type": "I",
"system": "soffid",
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1587776",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1587776+and+enabled+eq+true",
"users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1587776+or+accounts.account.id+eq+1587776"
},
"resourceType": "Account"
},
"loginName": "admintest2",
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "admintest2",
"inheritNewPermissions": false,
"managerUsers": [
"dilbert",
"dogbert"
],
"disabled": false,
"attributes": {},
"id": 1587776,
"managerGroups": [],
"grantedGroups": [],
"status": "a",
"ownerUsers": [
"admin"
],
"grantedUsers": []
}
]
}
Query by id
Query an account by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Account/1057754
Response 200 OK
{
"passwordPolicy": "I",
"grantedRoles": [],
"accessLevel": "-",
"managerRoles": [],
"created": "2020-12-14 17:52:14",
"description": "John Smith",
"type": "U",
"system": "idp",
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1057754",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1057754+and+enabled+eq+true",
"users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1057754+or+accounts.account.id+eq+1057754"
},
"resourceType": "Account"
},
"loginName": "jsmith",
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "jsmith",
"inheritNewPermissions": false,
"managerUsers": [],
"disabled": false,
"attributes": {},
"id": 1057754,
"managerGroups": [],
"grantedGroups": [],
"status": "a",
"ownerUsers": [
"jsmith"
],
"grantedUsers": []
}
Create
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/Account
JSON
{
"schemas": ["urn:soffid:com.soffid.iam.api.Account"],
"name": "Guest",
"type": "I",
"system": "soffid",
"passwordPolicy": "I",
"description": "Guest user",
"inheritNewPermissions": false,
"disabled": false
}
Response 201 Created
{
"passwordPolicy": "I",
"grantedRoles": [],
"managerRoles": [],
"description": "Guest user",
"type": "I",
"system": "soffid",
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1976454",
"resourceType": "Account"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "Guest",
"inheritNewPermissions": false,
"managerUsers": [],
"disabled": false,
"attributes": {},
"id": 1976454,
"managerGroups": [],
"grantedGroups": [],
"ownerUsers": [],
"grantedUsers": []
}
Update partial
Only attributes with changes will be updated, the other will maintain the same value.
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/Account/15455
JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"Operations": [
{
"op": "replace",
"path": "description",
"value": "Guest User"
},
{
"op": "replace",
"path": "ownerUsers",
"value": [
"admin"
]
}
]
}
Response 200 OK
{
"passwordPolicy": "I",
"grantedRoles": [],
"accessLevel": "-",
"managerRoles": [],
"created": "2021-05-10 13:08:05",
"description": "Guest User",
"type": "I",
"system": "soffid",
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1976454",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1976454+and+enabled+eq+true",
"users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1976454+or+accounts.account.id+eq+1976454"
},
"resourceType": "Account"
},
"loginName": "Guest",
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "Guest",
"inheritNewPermissions": false,
"managerUsers": [],
"disabled": false,
"attributes": {},
"id": 1976454,
"managerGroups": [],
"grantedGroups": [],
"status": "a",
"ownerUsers": [
"admin"
],
"grantedUsers": []
}
Update all
This operation replaces all values in the account. For example, we will update the description.
- Note that the attribute id is required to confirm that the resource "...Account/<id>" is the same that the JSON account.
- Note that all the attributes not included in the request will be cleared in the account and their data will be lost.
- Note that not all the attributes are updatable, for example, tag meta, avoid these tags. For more information see Resource data model page
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/Account/1976454
JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"id": 1976454,
"name": "Guest",
"type": "I",
"system": "soffid",
"passwordPolicy": "I",
"description": "Guest Guest",
"inheritNewPermissions": false,
"disabled": false
}
Response 200 OK
{
"passwordPolicy": "I",
"grantedRoles": [],
"managerRoles": [],
"description": "Guest Guest",
"type": "I",
"system": "soffid",
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/Account/1976454",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1976454+and+enabled+eq+true",
"users": "http://soffid.pat.lab:8080/soffid/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1976454+or+accounts.account.id+eq+1976454"
},
"resourceType": "Account"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "Guest",
"inheritNewPermissions": false,
"managerUsers": [],
"disabled": false,
"attributes": {},
"id": 1976454,
"managerGroups": [],
"grantedGroups": [],
"status": "a",
"ownerUsers": [],
"grantedUsers": []
}
Delete
Please note after this delete, the account has to be created again to use it in the next examples.
Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/Account/1976454
Response 204 No Content
204 No Content
Note: use of roles with domain values
In case of granting roles with domain values, the optional attribute domain value contains the value for that domain. Here is a sample account with permissions for the role SOFFID_OU_DOMAIN and domains D2 and enterprise:
{
"grantedRoles": [],
"roles": [
{
"informationSystemName": "SOFFID",
"roleName": "SOFFID_OU_MANAGER",
"id": 2236442,
"roleDescription": "Business unit manager",
"domainValue": "D2"
},
{
"informationSystemName": "SOFFID",
"roleName": "SOFFID_OU_MANAGER",
"id": 2236447,
"roleDescription": "Business unit manager",
"domainValue": "enterprise"
}
],
"description": "faith - faith MUYOYO",
"type": {
"value": "U"
},
"lastUpdated": "2019-07-16T10:35:01+02:00",
"ownerGroups": [],
"inheritNewPermissions": false,
"disabled": false,
"id": 1727122,
"grantedGroups": [],
"managerGroups": [],
"passwordPolicy": "I",
"managerRoles": [],
"created": "2019-07-16T10:26:16+02:00",
"system": "soffid",
"ownerRoles": [],
"meta": {
"location": "http://bubu-thinkpad:8080/soffid/webservice/scim/Account/1727122",
"resourceType": "Account"
},
"name": "faith",
"managerUsers": [],
"attributes": {},
"grantedUsers": [],
"ownerUsers": [
{
"lastName": "Smith",
"createdByUser": "csv",
"mailServer": "null",
"nationalID": "",
"multiSession": false,
"modifiedByUser": "admin",
"id": 1727113,
"homeServer": "null",
"primaryGroupDescription": "Entrprise",
"primaryGroup": "enterprise",
"comments": "Loaded from CSV file on Mon Aug 05 22:00:00 CEST 2019",
"profileServer": "null",
"active": true,
"fullName": "faith MUYOYO",
"userName": "faith",
"mailAlias": "",
"firstName": "faith",
"createdDate": "2019-07-16T10:26:16+02:00",
"phoneNumber": "",
"modifiedDate": "2019-12-12T17:06:42+01:00",
"userType": "I"
}
]
}
Error response
For more infomation about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response