Skip to main content

SCIM Account examples

Operations

List all

List all accounts, disabled or not.

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/AccounAccount

 

Response 200 OK

For example, after the Soffid installation, these are the available account.

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 1,
    "startIndex": 1,
    "Resources": [
        {
            "lastLogin": "2021-05-0610 12:16:32"13:00:40",
            "grantedRoles": [],
            "description": "Soffid Administrator",
            "type": "U",
            "ownerGroups": [],
            "oldName": "admin2"admin",
            "loginName": "admin",
            "inheritNewPermissions": false,
            "disabled": false,
            "id": 103,
            "managerGroups": [],
            "grantedGroups": [],
            "lastPasswordSet": "2021-05-05 11:32:14",
            "passwordExpiration": "2022-05-05 00:00:00",
            "passwordPolicy": "I",
            "accessLevel": "O",
            "managerRoles": [],
            "created": "2020-02-13 23:01:44",
            "system": "soffid",
            "ownerRoles": [],
            "meta": {
                "location": "http://<your-domain>/webservice/scim2/v1/Account/103",
                "links": {
                    "roleAccounts": "http://<your-domain>/webservice/scim2/v1/RoleAccount?filter=account.id+eq+103+and+enabled+eq+true",
                    "users": "http://<your-domain>/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+103+or+accounts.account.id+eq+103"
                },
                "resourceType": "Account"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Account"
            ],
            "name": "admin",
            "managerUsers": [],
            "attributes": {},
            "status": "a",
            "ownerUsers": [
                "admin"
            ],
            "grantedUsers": []
        }
    ]
}

List by filter

List all accounts with a filter expression. For example, one can search the account with different operators. It is allowed to use pagination and sort the information.

Request

List all accounts with a filter expression. For example, one can search the account with different operators.

GET http://<your-domain>/soffid/webservice/scim2/v1/Account?filter=name co "adm" and passwordPolicy  pr
Response 200 OK
{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 3,
    "startIndex": 1,
    "Resources": [
        {
            "lastLogin": "2021-05-0610 12:28:26"13:05:15",
            "grantedRoles": [],
            "description": "Soffid Administrator",
            "type": "U",
            "ownerGroups": [],
            "oldName": "admin2",
            "loginName": "admin",
            "inheritNewPermissions": false,
            "disabled": false,
            "id": 103,
            "managerGroups": [],
            "grantedGroups": [],
            "lastPasswordSet": "2021-05-05 11:32:14",
            "passwordExpiration": "2022-05-05 00:00:00",
            "passwordPolicy": "I",
            "accessLevel": "O",
            "managerRoles": [],
            "created": "2020-02-13 23:01:44",
            "system": "soffid",
            "ownerRoles": [],
            "meta": {
                "location": "http://<your-domain>/soffid.pat.lab:8080/webservice/scim2/v1/Account/103",
                "links": {
                    "roleAccounts": "http://<your-domain>/soffid.pat.lab:8080/webservice/scim2/v1/RoleAccount?filter=account.id+eq+103+and+enabled+eq+true",
                    "users": "http://<your-domain>/soffid.pat.lab:8080/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+103+or+accounts.account.id+eq+103"
                },
                "resourceType": "Account"
            },
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Account"
            ],
            "name": "admin",
            "managerUsers": [],
            "attributes": {},
            "status": "a",
            "ownerUsers": [
                "admin"
            ],
            "grantedUsers": []
        },
        {
            "passwordPolicy": "I",
            "grantedRoles": [],
            "accessLevel": "O",
            "managerRoles": [],
            "created": "2021-03-04 22:37:21",
            "description": "Soffid test account",
            "type": "I",
            "system": "soffid",
            "ownerGroups": [],
            "ownerRoles": [],
            "meta": {
                "location": "http://<your-domain>/soffid.pat.lab:8080/webservice/scim2/v1/Account/1587766",
                "links": {
                    "roleAccounts": "http://<your-domain>/soffid.pat.lab:8080/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1587766+and+enabled+eq+true",
                    "users": "http://<your-domain>/soffid.pat.lab:8080/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1587766+or+accounts.account.id+eq+1587766"
                },
                "resourceType": "Account"
            },
            "loginName": "admintest",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Account"
            ],
            "name": "admintest",
            "inheritNewPermissions": false,
            "managerUsers": [
                "dilbert",
                "dogbert"
            ],
            "disabled": false,
            "attributes": {},
            "id": 1587766,
            "managerGroups": [],
            "grantedGroups": [],
            "status": "a",
            "ownerUsers": [
                "admin"
            ],
            "grantedUsers": []
        },
        {
            "passwordPolicy": "I",
            "grantedRoles": [],
            "accessLevel": "O",
            "managerRoles": [],
            "created": "2021-03-04 22:44:06",
            "description": "Soffid test account 2",
            "type": "I",
            "system": "soffid",
            "ownerGroups": [],
            "ownerRoles": [],
            "meta": {
                "location": "http://<your-domain>/soffid.pat.lab:8080/webservice/scim2/v1/Account/1587776",
                "links": {
                    "roleAccounts": "http://<your-domain>/soffid.pat.lab:8080/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1587776+and+enabled+eq+true",
                    "users": "http://<your-domain>/soffid.pat.lab:8080/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1587776+or+accounts.account.id+eq+1587776"
                },
                "resourceType": "Account"
            },
            "loginName": "admintest2",
            "schemas": [
                "urn:soffid:com.soffid.iam.api.Account"
            ],
            "name": "admintest2",
            "inheritNewPermissions": false,
            "managerUsers": [
                "dilbert",
                "dogbert"
            ],
            "disabled": false,
            "attributes": {},
            "id": 1587776,
            "managerGroups": [],
            "grantedGroups": [],
            "status": "a",
            "ownerUsers": [
                "admin"
            ],
            "grantedUsers": []
        }
    ]
}

Query by id

Query an account by its id (primary key). 

Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Account/1057754
Response 200 OK
{
    "passwordPolicy": "I",
    "grantedRoles": [],
    "accessLevel": "-",
    "managerRoles": [],
    "created": "2020-12-14 17:52:14",
    "description": "John Smith",
    "type": "U",
    "system": "idp",
    "ownerGroups": [],
    "ownerRoles": [],
    "meta": {
        "location": "http://<your-domain>/soffid.pat.lab:8080/webservice/scim2/v1/Account/1057754",
        "links": {
            "roleAccounts": "http://<your-domain>/soffid.pat.lab:8080/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1057754+and+enabled+eq+true",
            "users": "http://<your-domain>/soffid.pat.lab:8080/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1057754+or+accounts.account.id+eq+1057754"
        },
        "resourceType": "Account"
    },
    "loginName": "jsmith",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Account"
    ],
    "name": "jsmith",
    "inheritNewPermissions": false,
    "managerUsers": [],
    "disabled": false,
    "attributes": {},
    "id": 1057754,
    "managerGroups": [],
    "grantedGroups": [],
    "status": "a",
    "ownerUsers": [
        "jsmith"
    ],
    "grantedUsers": []
}

Create

One can create an account . We will use this account for the following examples.

Request
POST http://<your-domain>/soffid/webservice/scim2/v1/Account
-------------------------------------------------------

Put thethis JSON in the Body of the Request:

{ 
    "schemas": ["urn:soffid:com.soffid.iam.api.Account"],
    "name": "Guest",
    "type": "I",
    "system": "soffid",
    "passwordPolicy": "I",
    "description": "Guest user",
    "inheritNewPermissions": false,
    "disabled": false
}
Response 200201 OKCreated

 

POST http://<domain>/webservice/scim2/v1/Account
 
Put the user JSON in the body of the request:
{
    "name": "Guest",
    "type": "I",
    "system": "soffid",
    "passwordPolicy": "I",
    "description": "Guest user",
    "inheritNewPermissions": false,
    "disabled": false
}
 
HTTP 201
{
    "grantedRoles": [],
    "roles"managerRoles": [],
    "description": "Guest user",
    "type": "I",
    "system": "soffid",
    "ownerGroups": [],
    "inheritNewPermissions": false,
    "disabled": false,
    "id": 15455,
    "grantedGroups": [],
    "managerGroups": [],
    "passwordPolicy": "I",
    "managerRoles": [],
    "system": "soffid",
    "ownerRoles": [],
    "meta": {
        "location": "http://<domain>/soffid.pat.lab:8080/webservice/scim2/v1/Account/15455"1976454",
        "resourceType": "Account"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Account"
    ],
    "name": "Guest",
    "inheritNewPermissions": false,
    "managerUsers": [],
    "grantedUsers"disabled": false,
    "attributes": {},
    "id": 1976454,
    "managerGroups": [],
    "grantedGroups": [],
    "ownerUsers": [],
    "grantedUsers": []
}

Update partial

Update only of the attributes with changes, only these atrributes will be updated in the account, the rest will maintain the same value.

Request

For example we will update the description.description and the owner users.

PATCH http://<your-domain>/soffid/webservice/scim2/v1/Account/15455

Put the userthis JSON in the bodyBody of the request:Request:

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Account"
    ],
    "Operations": [
        {
            "op": "replace",
            "path": "description",
            "value": "Guest userUser"
        account"},
        {
            "op": "replace",
            "path": "ownerUsers",
            "value": [
                "admin"
            ]
        }
    HTTP]
200}
Response
{
    "passwordPolicy": "I",
    "grantedRoles": [],
    "roles"accessLevel": "-",
    "managerRoles": [],
    "created": "2021-05-10 13:08:05",
    "description": "Guest user account"User",
    "type": "I",
    "system": "soffid",
    "ownerGroups": [],
    "inheritNewPermissions": false,
    "disabled": false,
    "id": 15455,
    "grantedGroups": [],
    "managerGroups": [],
    "passwordPolicy": "I",
    "managerRoles": [],
    "system": "soffid",
    "ownerRoles": [],
    "meta": {
        "location": "<domain>http://soffid.pat.lab:8080/webservice/scim2/v1/Account/15455"1976454",
        "links": {
            "roleAccounts": "http://soffid.pat.lab:8080/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1976454+and+enabled+eq+true",
            "users": "http://soffid.pat.lab:8080/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1976454+or+accounts.account.id+eq+1976454"
        },
        "resourceType": "Account"
    },
    "loginName": "Guest",
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Account"
    ],
    "name": "Guest",
    "inheritNewPermissions": false,
    "managerUsers": [],
    "disabled": false,
    "attributes": {},
    "grantedUsers"id": 1976454,
    "managerGroups": [],
    "grantedGroups": [],
    "status": "a",
    "ownerUsers": [
        "admin"
    ],
    "grantedUsers": []
}

Update all

This operation replace all values in the account. For example we will update the description.

  • Note that the attribute id is required to confirm that the resource "...Account/<id>" is the same that the JSON account.
  • Note that all the attributes not included in the request will be cleared in the account and their data will be lost.
  • Note that not all the attributes are updatable, for example tag meta, avoid these tags. For more information see Resource data model page
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/Account/154551976454

Put the userthis JSON in the bodyBody of the request:Request:

{
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Account"
    ],
    "id": 15455,1976454,
    "description"name": "Guest user account all updated"Guest",
    "type": "I",
    "inheritNewPermissions": false,
    "disabled": false,
    "passwordPolicy": "I",
    "system": "soffid",
    "name"passwordPolicy": "I",
    "description": "Guest Guest",
    "inheritNewPermissions": false,
    "disabled": false
}
HTTP
Response 200 OK
{
    "passwordPolicy": "I",
    "grantedRoles": [],
    "roles"managerRoles": [],
    "description": "Guest user account all updated"Guest",
    "type": "I",
    "system": "soffid",
    "ownerGroups": [],
    "inheritNewPermissions": false,
    "disabled": false,
    "id": 15455,
    "grantedGroups": [],
    "managerGroups": [],
    "passwordPolicy": "I",
    "managerRoles": [],
    "system": "soffid",
    "ownerRoles": [],
    "meta": {
        "location": "http://<domain>/soffid.pat.lab:8080/webservice/scim2/v1/Account/15455"1976454",
        "links": {
            "roleAccounts": "http://soffid.pat.lab:8080/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1976454+and+enabled+eq+true",
            "users": "http://soffid.pat.lab:8080/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1976454+or+accounts.account.id+eq+1976454"
        },
        "resourceType": "Account"
    },
    "schemas": [
        "urn:soffid:com.soffid.iam.api.Account"
    ],
    "name": "Guest",
    "inheritNewPermissions": false,
    "managerUsers": [],
    "grantedUsers"disabled": false,
    "attributes": {},
    "id": 1976454,
    "managerGroups": [],
    "grantedGroups": [],
    "status": "a",
    "ownerUsers": [],
    "grantedUsers": []
}

Delete

Delete an account.

  • Please note after this delete, the account has to be created again to use it in the next examples.
Request
DELETE http://<domainyour-omain>/soffid/webservice/scim2/v1/Account/154551976454
HTTP
Response 204 No Content
204 No Content

Note: use of roles with domain values

In case of granting roles with domain values, the optional attribute domain value contains the value for that domain. Here is a sample account with permissions for the role SOFFID_OU_DOMAIN and domains D2 and enterprise:

{
            "grantedRoles": [],
            "roles": [
                {
                    "informationSystemName": "SOFFID",
                    "roleName": "SOFFID_OU_MANAGER",
                    "id": 2236442,
                    "roleDescription": "Business unit manager",
                    "domainValue": "D2"
                },
                {
                    "informationSystemName": "SOFFID",
                    "roleName": "SOFFID_OU_MANAGER",
                    "id": 2236447,
                    "roleDescription": "Business unit manager",
                    "domainValue": "enterprise"
                }
            ],
            "description": "faith - faith MUYOYO",
            "type": {
                "value": "U"
            },
            "lastUpdated": "2019-07-16T10:35:01+02:00",
            "ownerGroups": [],
            "inheritNewPermissions": false,
            "disabled": false,
            "id": 1727122,
            "grantedGroups": [],
            "managerGroups": [],
            "passwordPolicy": "I",
            "managerRoles": [],
            "created": "2019-07-16T10:26:16+02:00",
            "system": "soffid",
            "ownerRoles": [],
            "meta": {
                "location": "http://bubu-thinkpad:8080/webservice/scim/Account/1727122",
                "resourceType": "Account"
            },
            "name": "faith",
            "managerUsers": [],
            "attributes": {},
            "grantedUsers": [],
            "ownerUsers": [
                {
                    "lastName": "Smith",
                    "createdByUser": "csv",
                    "mailServer": "null",
                    "nationalID": "",
                    "multiSession": false,
                    "modifiedByUser": "admin",
                    "id": 1727113,
                    "homeServer": "null",
                    "primaryGroupDescription": "Entrprise",
                    "primaryGroup": "enterprise",
                    "comments": "Loaded from CSV file on Mon Aug 05 22:00:00 CEST 2019",
                    "profileServer": "null",
                    "active": true,
                    "fullName": "faith MUYOYO",
                    "userName": "faith",
                    "mailAlias": "",
                    "firstName": "faith",
                    "createdDate": "2019-07-16T10:26:16+02:00",
                    "phoneNumber": "",
                    "modifiedDate": "2019-12-12T17:06:42+01:00",
                    "userType": "I"
                }
            ]
        }