SCIM attribute reference

In the SCIM API for STA, the allowable contents of resources are defined by a set of schemas and a resource type, such as user or group. Each SCIM schema is a collection of attribute definitions that describe the contents of your user and group resources. The attribute definitions specify the attribute name and metadata, such as type (string, binary) and cardinality (singular, multi, complex).

The STA SCIM API maps the user attributes from the SCIM schema to the STA schema. It includes the following types of attributes:

SCIM common attributes
SCIM core user attributes
STA custom user attributes
SCIM core group attributes
STA custom group attributes

SCIM common attributes

The SCIM common attributes are defined in STA for all resources, including any custom STA resource types, except the ServiceProviderConfig and ResourceType server discovery endpoints and their associated resources. Common attributes are not defined in any particular schema.

For more information about the SCIM common attributes, see https://tools.ietf.org/html/rfc7643#section-3.1.

Each SCIM resource, such as a user or group, includes the following common attributes.

SCIM attribute		Description	Attribute type	Required	Supports filters
id		A unique identifier for a SCIM resource, such as a user, that is defined by STA.	String	True Read-only	False
externalId		An identifier for a SCIM resource, such as a user, that is defined by the provisioning client.	String Min: 0 Max: 128	False Read-write	True
meta		A complex attribute containing resource metadata. All meta sub-attributes are assigned by STA and have a returned characteristic of default. The meta attribute contains the following sub-attributes:	Multi-valued	True Read-only	False
	resourceType	The name of the resource type of the resource.	String	True Read-only	False
	created	The DateTime when the resource was added to STA. This attribute must be a DateTime.	DateTime	True Read-only	False
	lastModified	The most recent DateTime when the details of this resource were updated in STA. If this resource has never been modified, the value is the same as the value of created.	DateTime	True Read-only	False
	location	The URI of the resource being returned.	String	True Read-only	False
	version	The version of the resource being returned.	String	True Read-only	False

SCIM core user attributes

Schema ID: urn:ietf:params:scim:schemas:core:2.0:User

Core attributes are listed in the resource type's schema.

For the complete description of the core attributes in the SCIM user schema, see https://tools.ietf.org/html/rfc7643#section-4.1.

See also the attribute limitations.

Each core user attribute corresponds to a user field in STA.

STA user field	SCIM attribute	Description	Attribute type	Required	Supports filters
userName	userName	A unique identifier for the user.	String Min: 0 Max: 64	True	True
	name	The components of the user's real name.	Multi-valued	True	False
firstname	name.givenName	The given name, or first name, of the user, such as Barbara in the full name Barbara Jensen.	String Min: 0 Max: 64	True	True
lastname	name.familyName	The family name, or last name, of the user, such as Jensen in the full name Barbara Jensen.	String Min: 0 Max: 64	True	True
	name.formatted	The full name, including first and last name, formatted for display, such as Barbara Jensen.	String READONLY (returned in response)	False	False
user ID	displayName	The name of the user, suitable for display to end-users. This is mapped to the STA User ID.	String READONLY (returned in response) Min: 0 Max: 64	False	True
email	emails[0]['value']	The email address includes these sub-attributes: Primary is a Boolean that identifies the preferred email address. Only one email address can be the primary. The value is canonicalized, such as bjensen@example.com instead of bjensen@EXAMPLE.COM. Only a single email address is stored. If a request is made to POST or PUT, and the data contains a list of email addresses, the following logic is used: The first email that has the primary attribute set to true is stored. If the primary attribute is not set to true, the first email address in the list is stored. For PATCH, the email address is updated as long as the format is valid.	Multi-valued Min: 0 Max: 96	True	True
PhoneNumber MobileNumber	phoneNumbers['type']['value']	Phone numbers include these sub-attributes: type: Either work or mobile (default) value: Canonicalized according to the format specified in RFC 3966: tel:+1-201-555-0123 For PATCH operations, both the work and mobile phone number types are supported. The primary phone number is the mobile number. For GET requests, both the work and mobile numbers are returned, if they exist.	Multi-valued	False	True
isActive	active	Identifies whether the user's account is active or suspended. Default is True. When the user is suspended (isActive=false), the resulting suspension is displayed in the Account State. You can manually override the API lock from the consoles as described in Unlock account.	Boolean	False	False
	addresses	A physical mailing address for this user.	Multi-valued	False	False
address	addresses[0]['streetAddress']	The full street address, which may include house number, street name, P.O. box, and multi-line extended street address information. This attribute may contain newlines.	String Min: 0 Max: 64	False	True
city	addresses[0]['locality']	The city or locality	String Min: 0 Max: 64	False	True
state	addresses[0]['region']	The state or region	String Min: 0 Max: 64	False	True
country	addresses[0]['country']	The country name	String Min: 0 Max: 64	False	True
postalCode	addresses[0]['postalCode']	The zip code or postal code	String Min: 0 Max: 64	False	True
	groups	A list of groups to which the user belongs.	Multi-valued READONLY (returned in response)	False	False
	value	The ID	String	False	False
name	display	The name of the group	String	False	True
	$ref	The URI of the corresponding group resources to which the user belongs.	String	False	True

Unsupported core user attributes

The STA API does not support the following SCIM core user attributes:

name.middleName
name.honorificPrefix
name.honorificSuffix
nickName
profileUrl
title
userType
preferredLanguage
locale
timezone
password
ims
photos
groups are returned as read-only
entitlements
roles
x509Certificates

STA custom user attributes

Schema ID: urn:ietf:params:scim:schemas:extension:stauserextension:2.0:User

The STA SCIM API includes extensions to the user schema. These attributes correspond to custom fields in STA:

STA user field	SCIM attribute	Description	Attribute type	Required	Supports filters
alias1	None	Aliases can be used as alternative user IDs, allowing the user to log on using their user ID or aliases and any of their assigned tokens. A common application of aliases is a user with two domain user IDs and two roles. For example, Bob and bob-sysadmin, the former being a standard user account, the latter being an account with elevated privileges. In this example, either ID can use the same token.	String Min: 0 Max: 64	False	True
alias2	None		String Min: 0 Max: 64	False	True
alias3	None		String, READONLY Min: 0 Max: 64	False	True
alias4	None		String, READONLY Min: 0 Max: 64	False	True
custom1	None	These are optional fields that can be used to store additional data about the user. The Custom #1 field is displayed in the user list. The Custom labels can be changed from the Branding module.	String Min: 0 Max: 64	False	True
custom2	None		String Min: 0 Max: 64	False	True
custom3	None		String Min: 0 Max: 64	False	True
isSynchronized	None	Identifies whether the user is synchronized from an external source. Set on resource creation and cannot be updated. The default value is false if not provided. By default, users that are created with the SCIM API are internal users, unless they are specified as synced users in the request.	Boolean	False	False
immutableId	None	The immutableId attribute uniquely identifies a user in Microsoft Entra ID. It must be synchronized between Microsoft Entra ID and STA, and it must be returned in the authentication request response.	String Min: 0 Max: 128	False	True
userPrincipleName	None	The user principal name (UPN) of the user in the following format: userName@domain.name	String Min: 0 Max: 256	False	True

SCIM user object

The following example of a user object includes the custom user attributes:

{
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User",
        "urn:ietf:params:scim:schemas:extension:stauserextension:2.0:User"
    ],
    "id": "88DB21A2ECB28E6BE962FF05BB4C0000000E",
    "userName": "apascal",
    "name": {
        "formatted": "Anna Pascal",
        "familyName": "Pascal",
        "givenName": "Anna"
    },
    "displayName": "apascal",
    "emails": [
        {
            "value": "apascal@yandex.com",
            "type": "work",
            "primary": true
        }
    ],
    "addresses": [
        {
            "streetAddress": "Knorrstraße 24",
            "locality": "Wels",
            "region": "Upper Austria",
            "postalCode": "4600",
            "country": "Austria",
            "type": "work",
            "primary": true
        }
    ],
    "phoneNumbers": [
        {
            "value": "+43724253019",
            "type": "mobile",
            "primary": true
        },
        {
            "value": "+31644815518",
            "type": "work",
            "primary": false
        }
    ],
    "active": true,
    "urn:ietf:params:scim:schemas:extension:stauserextension:2.0:User": {
        "alias1": "apascal-alias1",
        "alias2": "apascal-alias2",
        "custom1": "apascal-custom1",
        "custom2": "apascal-custom2",
        "custom3": "apascal-custom3",
        "isSynchronized": false,
        "immutableId": "9Iu9yr40rpkro340",
        "userPrincipalName": "anna.pascal@thalesgroup.com"
    },
    "groups": [
        {
            "value": "50331650",
            "$ref": "https://api.sta.test.gemalto.com/tenants/K8WQQJOQWG/scim/v2/groups/50331650",
            "display": "Fiction",
            "type": "direct"
        }
    ],
    "meta": {
        "resourceType": "User",
        "created": "2023-03-10T20:06:24.26Z",
        "lastModified": "2023-03-10T20:06:24.26Z",
        "location": "https://api.sta.test.gemalto.com/tenants/K8WQQJOQWG/scim/v2/users/88DB21A2ECB28E6BE962FF05BB4C0000000E"
    }
}

Core group attributes

Schema ID: urn:ietf:params:scim:schemas:core:2.0:Group

Core attributes are listed in the resource type's schema.

For the complete description of the core attributes in the SCIM group schema, see https://tools.ietf.org/html/rfc7643#section-4.2.

Each SCIM core group attribute corresponds to a field in STA.

| STA group field | SCIM attribute | Description | Attribute type | Required | Supports filters | |-----------------|----------------|--------------------------------------|----------------|----------| | name | displayName | A human-readable name for the group. | String, Min: 0, Max: 64 | True | False | | | members | A list of group members. | Multi-Valued | False | False | | id | value | STA user ID for a user in the group. | String | True | True | | type | type | The type is Group. | String | True | False | | name | displayName | The name of a user in the group. | String | True | False |

STA custom group attributes

Schema ID: urn:ietf:params:scim:schemas:extension:stagroupextension:2.0:Group

The STA SCIM API includes extensions to the group schema for group fields in STA.

STA group field	SCIM attribute	Description	Attribute type	Required	Supports filters
description	None	A description of the group.	String Min: 0 Max: 256	False	True
isSynchronized	None	Set when the group is created and cannot be updated. The default value is false if it is not provided.	Boolean, READONLY	False	True

STA group field

SCIM attribute

Description

Attribute type

Required

Supports filters

description

None

A description of the group.

String

Min: 0

Max: 256

False

True

isSynchronized

None

Set when the group is created and cannot be updated.

The default value is false if it is not provided.

Boolean, READONLY

False

True

SCIM group object

The following example shows a group object:

!#text
{
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Group",
        "urn:ietf:params:scim:schemas:extension:stagroupextension:2.0:Group"
    ],
    "id": "50331650",
    "displayName": "Fiction",
    "urn:ietf:params:scim:schemas:extension:stagroupextension:2.0:Group": {
        "isSynchronized": false
    },
    "members": [
        {
            "value": "88DB21A2ECB28E6BE962FF05BB4C0000000E",
            "$ref": "https://api.sta.test.gemalto.com/tenants/K8WQQJOQWG/scim/v2/users/88DB21A2ECB28E6BE962FF05BB4C0000000E",
            "display": "apascal"
        }
    ],
    "meta": {
        "resourceType": "Group",
        "location": "https://api.sta.test.gemalto.com/tenants/K8WQQJOQWG/scim/v2/groups/50331650"
    }
}

SCIM attribute reference

SCIM common attributes

SCIM core user attributes

Unsupported core user attributes

STA custom user attributes

SCIM user object

Core group attributes

STA custom group attributes

SCIM group object

On this page

Suggest A Change