Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
redocly logoAPI docs by Redocly

SCIM API v1.1 protected with OAuth2 scopes (v1.1)

Download OpenAPI specification:Download

License: OneWelcome License Terms of Service

The SCIM Protocol is an application-level, REST protocol for provisioning and managing identity data on the web. The protocol supports creation, modification, retrieval, and discovery of core identity resources. This version of SCIM API is protected with OAuth2 scopes and for certain actions must be sent an access token containing the necessary scopes. For the GET, POST, PUT, and PATCH operations we are checking for the existence of scopes that allow you to perform operations on the user. To retrieve or change user attributes, you must have the OAuth2 scopes needed for that specific operation (SCIM:user:get, SCIM:user:query, SCIM:user:post, SCIM:user:put, SCIM:user:patch, SCIM:user:delete) For more comprehensive information and illustrative examples, we highly recommend visiting the following page: https://developer.onewelcome.com/documentation/scim-example-messages

Users

SCIM Users

Retrieve users

The endpoint is protected and allows user to get multiple users by filtering with optional paging and sorting. The provided access token must include 'SCIM:user:query' scope to be able to operate.

Authorizations:
OAuth2
query Parameters
filter
string

Specifies the filter used to search users matching a specific criteria. There are multiple operators that can be used for filtering, such as binary operators, logical operators, grouping operators, and unary operators.

Binary operators:

Operator Description Behavior
eq equal The attribute and operator values must be identical for a match.
co contains The entire operator value must be a substring of the attribute value for a match.
sw starts with The entire operator value must be a substring of the attribute value, starting at the beginning of the attribute value.
gt greater than (>) If the attribute value is greater than operator value, there is a match.
ge greater than or equal (>=) If the attribute value is greater than or equal to the operator value, there is a match.
lt less than (<) If the attribute value is less than operator value, there is a match.
le less than or equal (<=) If the attribute value is less than or equal to the operator value, there is a match.

Logical operators:

Operator Description Behavior
and Logical and The filter is only a match if both expressions evaluate to true.
or Logical or The filter is a match if either expression evaluates to true.

Unary operators:

Operator Description Behavior
pr present (has value) If the attribute has a non-empty value, or if it contains a non-empty node for complex attributes there is a match.
npr not present

Grouping operators:

Operator Description Behavior
() Precedence grouping Boolean expressions may be grouped using parentheses to change the standard order of operations; i.e., evaluate OR logical operators before logical AND operators.

Multiple filter criteria can be used, an example of such a filter being:

  • filter=username co "username_value"&sortBy=username&sortOrder=ascending
  • filter=emails.value co "email" or username eq "username" and name.familyName eq "User_Family_Name" or name.middle eq "User_Middle_Name" and (age gt "16" and age lt "50")

In case there are multiple attributes with the same name in different schemas (core and extension), and the attribute from the filter does not contain the schema in the name, then the filtering will be executed on the attribute from core schema, if any, otherwise an error will be thrown. Assuming the above, if it is required to filter the attribute from the extension schema the attribute name should contain the extension schema as well. Considering an example in which groups attribute is present in both core schema urn:scim:schemas:core:1.0 and extension schema urn:scim:schemas:extension:onewelcome:1.0, the filtering would look as follows:

  • filter core schema attribute: filter = groups EQ "group1"
  • filter extension schema attribute: filter = urn:scim:schemas:extension:onewelcome:1.0:groups EQ "someOtherGroup"
startIndex
integer <int32>

Index of the first search result.

count
integer <int32>

Specifies the desired maximum number of search results per page.

sortBy
string

The sortBy parameter specifies the attribute whose value shall be used to order the returned responses.

sortOrder
string

The order in which the sortBy parameter is applied. Allowed values are: asc, desc, ascending and descending.

Responses

Response samples

Content type
application/vnd.iwelcome-v2.0+json
{
  • "users": [
    ],
  • "itemsPerPage": 0,
  • "schemas": [
    ],
  • "startIndex": 0,
  • "totalResults": 0
}

Create a new user

The endpoint is used to create a new user. To be able to call this endpoint, an access token having the scope 'SCIM:user:post' is required.

Authorizations:
OAuth2
query Parameters
typeOfCreation
string

The type of user creation.

Request Body schema: application/vnd.iwelcome-v2.0+json

The user to be created

property name*
additional property
object

Responses

Request samples

Content type
application/vnd.iwelcome-v2.0+json
{
  • "property1": { },
  • "property2": { }
}

Response samples

Content type
application/vnd.iwelcome-v2.0+json
{
  • "property1": { },
  • "property2": { }
}

Retrieve a specific user

The endpoint is used to retrieve an user identified by the userId path parameter. In order to be able to call this endpoint, an access token having the scope 'SCIM:user:get' is required.

Authorizations:
OAuth2
path Parameters
userId
required
string

Unique identifier of the user

Responses

Response samples

Content type
application/vnd.iwelcome-v2.0+json
{
  • "property1": { },
  • "property2": { }
}

Update a specific user (full update)

This endpoint is used to update a user identified by the userId path parameter. To call this endpoint, an access token having the scope 'SCIM:user:put' is required.

Authorizations:
OAuth2
path Parameters
userId
required
string

Identifier of the user to update

Request Body schema: application/vnd.iwelcome-v2.0+json

Object with patch attribute names and values

property name*
additional property
object

Responses

Request samples

Content type
application/vnd.iwelcome-v2.0+json
{
  • "property1": { },
  • "property2": { }
}

Response samples

Content type
application/vnd.iwelcome-v2.0+json
{
  • "property1": { },
  • "property2": { }
}

Delete user

This endpoint is used to delete a user identified by the userId path parameter. To be able to call this endpoint, an access token having the scope 'SCIM:user:delete' is required.

Authorizations:
OAuth2
path Parameters
userId
required
string

The unique identifier of the user to be removed

Responses

Response samples

Content type
application/vnd.iwelcome-v2.0+json
{
  • "errorCode": "string",
  • "message": "string",
  • "description": "string"
}

Update a specific user (partial update)

The endpoint is used to partially update a user identified by the userId path parameter. In order to be able to call this endpoint, an access token having the scope 'SCIM:user:patch' is required.

Authorizations:
OAuth2
path Parameters
userId
required
string

Identifider of the user to update

Request Body schema: application/vnd.iwelcome-v2.0+json

Object with patch attribute names and values

property name*
additional property
object

Responses

Request samples

Content type
application/vnd.iwelcome-v2.0+json
{
  • "property1": { },
  • "property2": { }
}

Response samples

Content type
application/vnd.iwelcome-v2.0+json
{
  • "property1": { },
  • "property2": { }
}