SCIM APIs Overview
¶ Scopes
SCIM APIs require access to the below scopes
scim.users
,scim.groups
scope for read-write accessscim.users.readonly
,scim.groups.readonly
if you only need readonly access
¶ Authentication
All SCIM APIs require authentication using OAuth 2.0 access. The given developer account that is chosen to be used for your company will be granted access to provision/de-provision your company’s users. Visit the Authentication section for more information.
¶ API Endpoints
Below SCIM APIs are supported as of now. Refer to the SCIM RFC and JSON template below for API definitions
¶ User API Endpoints
Endpoint | Method | URI |
---|---|---|
Create User | POST | https://api.uber.com/v1/scim/organizations/{org_id}/v2/Users |
Update User | PUT | https://api.uber.com/v1/scim/organizations/{org_id}/v2/Users/{user_id} |
Update User | PATCH | https://api.uber.com/v1/scim/organizations/{org_id}/v2/Users/{user_id} |
Get User | GET | https://api.uber.com/v1/scim/organizations/{org_id}/v2/Users/{user_id} |
Delete User | DELETE | https://api.uber.com/v1/scim/organizations/{org_id}/v2/Users/{user_id} |
List Users | GET | https://api.uber.com/v1/scim/organizations/{org_id}/v2/Users |
¶ Group API Endpoints
Endpoint | Method | URI |
---|---|---|
Create Group | POST | https://api.uber.com/v1/scim/organizations/{org_id}/v2/Groups |
Update Group | PATCH | https://api.uber.com/v1/scim/organizations/{org_id}/v2/Groups/{group_id} |
Get Group | GET | https://api.uber.com/v1/scim/organizations/{org_id}/v2/Groups/{group_id} |
Delete User | DELETE | https://api.uber.com/v1/scim/organizations/{org_id}/v2/Groups/{group_id} |
List Groups | GET | https://api.uber.com/v1/scim/organizations/{org_id}/v2/Groups |
¶ SCIM JSON Template
¶ User Template
If your IDP’s user object is user
, below is how to map the same to Uber’s SCIM APIs
{
"schemas":[
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"id":"{$user.id}",
"userName":"{$user.email}",
"name":{
"givenName":"{$user.firstname}",
"familyName":"{$user.lastname}"
},
"active":"{$user.status}",
"externalId":"{$user.external_id}",
"phoneNumbers":[
{
"value":"{$user.phone}",
"type":"mobile"
}
],
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"employeeNumber": "{$user.employee_number}",
"manager": {
"id": "{$user.manager_email}"
}
}
}
Required Fields: schemas, id, username, givenName, familyName
Optional Fields active, externalId, phoneNumbers, employeeNumber, manager
¶ Group Template
If your IDP’s group object is group
, below is how to map the same to Uber’s SCIM APIs
{
"schemas":[
"urn:ietf:params:scim:schemas:core:2.0:Group",
],
"id":"{$group.id}",
"displayName":"{$group.display}",
"members":[
{
{
"value": "{$user.id}",
"display": "{$user.userName}"
}
}
]
}
Required Fields: schemas, id, displayName
Optional Fields: members