SCIM Account examples
Operations
This page shows the operations that can be performed for the account object
List all
List all accounts, disabled or not.
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Account
Response 200 OK
For example, after the Soffid installation, these are the available account.
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"startIndex": 1,
"Resources": [
{
"lastLogin": "2021-05-10 13:00:40",
"grantedRoles": [],
"description": "Soffid Administrator",
"type": "U",
"ownerGroups": [],
"oldName": "admin",
"loginName": "admin",
"inheritNewPermissions": false,
"disabled": false,
"id": 103,
"managerGroups": [],
"grantedGroups": [],
"lastPasswordSet": "2021-05-05 11:32:14",
"passwordExpiration": "2022-05-05 00:00:00",
"passwordPolicy": "I",
"accessLevel": "O",
"managerRoles": [],
"created": "2020-02-13 23:01:44",
"system": "soffid",
"ownerRoles": [],
"meta": {
"location": "http://<your-domain>/webservice/scim2/v1/Account/103",
"links": {
"roleAccounts": "http://<your-domain>/webservice/scim2/v1/RoleAccount?filter=account.id+eq+103+and+enabled+eq+true",
"users": "http://<your-domain>/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+103+or+accounts.account.id+eq+103"
},
"resourceType": "Account"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "admin",
"managerUsers": [],
"attributes": {},
"status": "a",
"ownerUsers": [
"admin"
],
"grantedUsers": []
}
]
}
List by filter
List all accounts with a filter expression. For example, one can search the account with different operators.
It is allowed to use pagination and sort the information, for more information visit the Sorting and Pagination information.
Request
List all accounts with a filter expression. For example, one can search the account with different operators.
GET http://<your-domain>/soffid/webservice/scim2/v1/Account?filter=name co "adm" and passwordPolicy pr
Response 200 OK
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 3,
"startIndex": 1,
"Resources": [
{
"lastLogin": "2021-05-10 13:05:15",
"grantedRoles": [],
"description": "Soffid Administrator",
"type": "U",
"ownerGroups": [],
"oldName": "admin2",
"loginName": "admin",
"inheritNewPermissions": false,
"disabled": false,
"id": 103,
"managerGroups": [],
"grantedGroups": [],
"lastPasswordSet": "2021-05-05 11:32:14",
"passwordExpiration": "2022-05-05 00:00:00",
"passwordPolicy": "I",
"accessLevel": "O",
"managerRoles": [],
"created": "2020-02-13 23:01:44",
"system": "soffid",
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Account/103",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/webservice/scim2/v1/RoleAccount?filter=account.id+eq+103+and+enabled+eq+true",
"users": "http://soffid.pat.lab:8080/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+103+or+accounts.account.id+eq+103"
},
"resourceType": "Account"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "admin",
"managerUsers": [],
"attributes": {},
"status": "a",
"ownerUsers": [
"admin"
],
"grantedUsers": []
},
{
"passwordPolicy": "I",
"grantedRoles": [],
"accessLevel": "O",
"managerRoles": [],
"created": "2021-03-04 22:37:21",
"description": "Soffid test account",
"type": "I",
"system": "soffid",
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Account/1587766",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1587766+and+enabled+eq+true",
"users": "http://soffid.pat.lab:8080/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1587766+or+accounts.account.id+eq+1587766"
},
"resourceType": "Account"
},
"loginName": "admintest",
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "admintest",
"inheritNewPermissions": false,
"managerUsers": [
"dilbert",
"dogbert"
],
"disabled": false,
"attributes": {},
"id": 1587766,
"managerGroups": [],
"grantedGroups": [],
"status": "a",
"ownerUsers": [
"admin"
],
"grantedUsers": []
},
{
"passwordPolicy": "I",
"grantedRoles": [],
"accessLevel": "O",
"managerRoles": [],
"created": "2021-03-04 22:44:06",
"description": "Soffid test account 2",
"type": "I",
"system": "soffid",
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Account/1587776",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1587776+and+enabled+eq+true",
"users": "http://soffid.pat.lab:8080/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1587776+or+accounts.account.id+eq+1587776"
},
"resourceType": "Account"
},
"loginName": "admintest2",
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "admintest2",
"inheritNewPermissions": false,
"managerUsers": [
"dilbert",
"dogbert"
],
"disabled": false,
"attributes": {},
"id": 1587776,
"managerGroups": [],
"grantedGroups": [],
"status": "a",
"ownerUsers": [
"admin"
],
"grantedUsers": []
}
]
}
Query by id
Query an account by its id (primary key).
Request
GET http://<your-domain>/soffid/webservice/scim2/v1/Account/1057754
Response 200 OK
{
"passwordPolicy": "I",
"grantedRoles": [],
"accessLevel": "-",
"managerRoles": [],
"created": "2020-12-14 17:52:14",
"description": "John Smith",
"type": "U",
"system": "idp",
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Account/1057754",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1057754+and+enabled+eq+true",
"users": "http://soffid.pat.lab:8080/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1057754+or+accounts.account.id+eq+1057754"
},
"resourceType": "Account"
},
"loginName": "jsmith",
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "jsmith",
"inheritNewPermissions": false,
"managerUsers": [],
"disabled": false,
"attributes": {},
"id": 1057754,
"managerGroups": [],
"grantedGroups": [],
"status": "a",
"ownerUsers": [
"jsmith"
],
"grantedUsers": []
}
Create
To create an account .
Request
POST http://<your-domain>/soffid/webservice/scim2/v1/Account
JSON
{
"schemas": ["urn:soffid:com.soffid.iam.api.Account"],
"name": "Guest",
"type": "I",
"system": "soffid",
"passwordPolicy": "I",
"description": "Guest user",
"inheritNewPermissions": false,
"disabled": false
}
Response 201 Created
{
"passwordPolicy": "I",
"grantedRoles": [],
"managerRoles": [],
"description": "Guest user",
"type": "I",
"system": "soffid",
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Account/1976454",
"resourceType": "Account"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "Guest",
"inheritNewPermissions": false,
"managerUsers": [],
"disabled": false,
"attributes": {},
"id": 1976454,
"managerGroups": [],
"grantedGroups": [],
"ownerUsers": [],
"grantedUsers": []
}
Update partial
Only attributes with changes will be updated, the other will maintain the same value.
Request
PATCH http://<your-domain>/soffid/webservice/scim2/v1/Account/15455
JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"Operations": [
{
"op": "replace",
"path": "description",
"value": "Guest User"
},
{
"op": "replace",
"path": "ownerUsers",
"value": [
"admin"
]
}
]
}
Response 200 OK
{
"passwordPolicy": "I",
"grantedRoles": [],
"accessLevel": "-",
"managerRoles": [],
"created": "2021-05-10 13:08:05",
"description": "Guest User",
"type": "I",
"system": "soffid",
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Account/1976454",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1976454+and+enabled+eq+true",
"users": "http://soffid.pat.lab:8080/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1976454+or+accounts.account.id+eq+1976454"
},
"resourceType": "Account"
},
"loginName": "Guest",
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "Guest",
"inheritNewPermissions": false,
"managerUsers": [],
"disabled": false,
"attributes": {},
"id": 1976454,
"managerGroups": [],
"grantedGroups": [],
"status": "a",
"ownerUsers": [
"admin"
],
"grantedUsers": []
}
Update all
This operation replaces all values in the account. For example, we will update the description.
- Note that the attribute id is required to confirm that the resource "...Account/<id>" is the same that the JSON account.
- Note that all the attributes not included in the request will be cleared in the account and their data will be lost.
- Note that not all the attributes are updatable, for example tag meta, avoid these tags. For more information see Resource data model page
Request
PUT http://<your-domain>/soffid/webservice/scim2/v1/Account/1976454
JSON
{
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"id": 1976454,
"name": "Guest",
"type": "I",
"system": "soffid",
"passwordPolicy": "I",
"description": "Guest Guest",
"inheritNewPermissions": false,
"disabled": false
}
Response 200 OK
{
"passwordPolicy": "I",
"grantedRoles": [],
"managerRoles": [],
"description": "Guest Guest",
"type": "I",
"system": "soffid",
"ownerGroups": [],
"ownerRoles": [],
"meta": {
"location": "http://soffid.pat.lab:8080/webservice/scim2/v1/Account/1976454",
"links": {
"roleAccounts": "http://soffid.pat.lab:8080/webservice/scim2/v1/RoleAccount?filter=account.id+eq+1976454+and+enabled+eq+true",
"users": "http://soffid.pat.lab:8080/webservice/scim2/v1/User?filter=accountAccess.account.id+eq+1976454+or+accounts.account.id+eq+1976454"
},
"resourceType": "Account"
},
"schemas": [
"urn:soffid:com.soffid.iam.api.Account"
],
"name": "Guest",
"inheritNewPermissions": false,
"managerUsers": [],
"disabled": false,
"attributes": {},
"id": 1976454,
"managerGroups": [],
"grantedGroups": [],
"status": "a",
"ownerUsers": [],
"grantedUsers": []
}
Delete
Delete an account.
Please note after this delete, the account has to be created again to use it in the next examples.
Request
DELETE http://<your-omain>/soffid/webservice/scim2/v1/Account/1976454
Response 204 No Content
204 No Content
Note: use of roles with domain values
In case of granting roles with domain values, the optional attribute domain value contains the value for that domain. Here is a sample account with permissions for the role SOFFID_OU_DOMAIN and domains D2 and enterprise:
{
"grantedRoles": [],
"roles": [
{
"informationSystemName": "SOFFID",
"roleName": "SOFFID_OU_MANAGER",
"id": 2236442,
"roleDescription": "Business unit manager",
"domainValue": "D2"
},
{
"informationSystemName": "SOFFID",
"roleName": "SOFFID_OU_MANAGER",
"id": 2236447,
"roleDescription": "Business unit manager",
"domainValue": "enterprise"
}
],
"description": "faith - faith MUYOYO",
"type": {
"value": "U"
},
"lastUpdated": "2019-07-16T10:35:01+02:00",
"ownerGroups": [],
"inheritNewPermissions": false,
"disabled": false,
"id": 1727122,
"grantedGroups": [],
"managerGroups": [],
"passwordPolicy": "I",
"managerRoles": [],
"created": "2019-07-16T10:26:16+02:00",
"system": "soffid",
"ownerRoles": [],
"meta": {
"location": "http://bubu-thinkpad:8080/webservice/scim/Account/1727122",
"resourceType": "Account"
},
"name": "faith",
"managerUsers": [],
"attributes": {},
"grantedUsers": [],
"ownerUsers": [
{
"lastName": "Smith",
"createdByUser": "csv",
"mailServer": "null",
"nationalID": "",
"multiSession": false,
"modifiedByUser": "admin",
"id": 1727113,
"homeServer": "null",
"primaryGroupDescription": "Entrprise",
"primaryGroup": "enterprise",
"comments": "Loaded from CSV file on Mon Aug 05 22:00:00 CEST 2019",
"profileServer": "null",
"active": true,
"fullName": "faith MUYOYO",
"userName": "faith",
"mailAlias": "",
"firstName": "faith",
"createdDate": "2019-07-16T10:26:16+02:00",
"phoneNumber": "",
"modifiedDate": "2019-12-12T17:06:42+01:00",
"userType": "I"
}
]
}
Error response
For more infomation about error response visit https://bookstack.soffid.com/link/116#bkmrk-error-response