¶ Scopes

SCIM APIs require access to the below scopes

• scim.users, scim.groups scope for read-write access
• scim.users.readonly, scim.groups.readonly if you only need readonly access

¶ Authentication

All SCIM APIs require authentication using OAuth 2.0 access. The given developer account that is chosen to be used for your company will be granted access to provision/de-provision your company’s users. Visit the Authentication section for more information.

¶ API Endpoints

Below SCIM APIs are supported as of now. Refer to the SCIM RFC and JSON template below for API definitions

¶ User API Endpoints

¶ Group API Endpoints

¶ SCIM JSON Template

¶ User Template

If your IDP’s user object is user, below is how to map the same to Uber’s SCIM APIs

{
  "schemas":[
    "urn:ietf:params:scim:schemas:core:2.0:User",
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
  ],
  "id":"{$user.id}",
  "userName":"{$user.email}",
  "name":{
    "givenName":"{$user.firstname}",
    "familyName":"{$user.lastname}"
  },
  "active":"{$user.status}",
  "externalId":"{$user.external_id}",
  "phoneNumbers":[
    {
      "value":"{$user.phone}",
      "type":"mobile"
    }
  ],
  "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
    "employeeNumber": "{$user.employee_number}",
    "manager": {
      "id": "{$user.manager_email}"
    }
  }
}

Required Fields: schemas, id, username, givenName, familyName

Optional Fields active, externalId, phoneNumbers, employeeNumber, manager

¶ Group Template

If your IDP’s group object is group, below is how to map the same to Uber’s SCIM APIs

{
  "schemas":[
    "urn:ietf:params:scim:schemas:core:2.0:Group",
  ],
  "id":"{$group.id}",
  "displayName":"{$group.display}",
  "members":[
    {
      {
        "value": "{$user.id}",
        "display": "{$user.userName}"
      }
    }
  ]
}

Required Fields: schemas, id, displayName

Optional Fields: members