Discover SCIM server implementation details

This topic describes how to discover our SCIM server configuration schemas and resource types.

You can use the following endpoints to discover the implementation details of CyberArk's SCIM server.

Endpoint

SCIM spec

{{baseUrl}}/scim/ServiceProviderConfig

https://tools.ietf.org/html/rfc7643#section-5

{{baseUrl}}/scim/ResourceTypes

https://tools.ietf.org/html/rfc7643#section-6

{{baseUrl}}/scim/Schemas

https://tools.ietf.org/html/rfc7643#section-7

Remember to include the bearer token in the header for authorization when making requests to SCIM endpoints.

Example - ServiceProviderConfig

The following example is a GET request to the /scim/ServiceProviderConfig endpoint.

GET https://{{tenant_url}}/scim/ServiceProviderConfig

{
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"
    ],
    "patch": {
        "supported": true
    },
    "bulk": {
        "supported": false,
        "maxOperations": 1,
        "maxPayloadSize": 0
    },
    "filter": {
        "supported": true,
        "maxResults": 1000
    },
    "changePassword": {
        "supported": false
    },
    "sort": {
        "supported": false
    },
    "etag": {
        "supported": false
    },
    "authenticationSchemes": [
        {
            "type": "oauthbearertoken",
            "name": "OAuth Bearer Token",
            "description": "Authentication scheme using the OAuth Bearer Token Standard"
        }
    ],
    "meta": {
        "resourceType": "ServiceProviderConfig",
        "created": "2021-01-22T03:33:22.5622118Z",
        "lastModified": "2021-01-22T03:33:22.5622118Z",
        "location": "https://techpubs.my.idaptive.qa/Scim/ServiceProviderConfig"
    }
}

Example - ResourceTypes

The following example is a GET request to the /scim/ResourceTypes endpoint. This request returns the endpoint of each resource type. In the example below you can see the endpoint for the User resource is /Users. You could then send requests to https://{{tenant_url}}/scim/Users to manage users.

GET https://{{tenant_url}}/scim/ResourceTypes

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 6,
    "itemsPerPage": 6,
    "startIndex": 1,
    "Resources": [
        {
            "name": "User",
            "endpoint": "/Users",
            "schema": "urn:ietf:params:scim:schemas:core:2.0:User",
            "schemaExtensions": [
                {
                    "schema": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
                    "required": false
                },
                {
                    "schema": "urn:scim:schemas:extension:custom:2.0",
                    "required": false
                }
            ],
            "schemas": [
                "urn:ietf:params:scim:schemas:core:2.0:ResourceType"
            ],
            "id": "User",
            "meta": {
                "resourceType": "ResourceType",
                "created": "2021-01-22T03:55:26.2935973Z",
                "lastModified": "2021-01-22T03:55:26.2935973Z",
                "location": "https://techpubs.my.idaptive.qa/Scim/ResourceTypes/User"
            }
        },
        {
            "name": "Group",
            "endpoint": "/Groups",
            "schema": "urn:ietf:params:scim:schemas:core:2.0:Group",
            "schemas": [
                "urn:ietf:params:scim:schemas:core:2.0:ResourceType"
            ],
            "id": "Group",
            "meta": {
                "resourceType": "ResourceType",
                "created": "2021-01-22T03:55:26.2935973Z",
                "lastModified": "2021-01-22T03:55:26.2935973Z",
                "location": "https://techpubs.my.idaptive.qa/Scim/ResourceTypes/Group"
            }
        },
        {
            "name": "Container",
            "endpoint": "/Containers",
            "schema": "urn:ietf:params:scim:schemas:pam:1.0:Container",
            "schemaExtensions": [
                {
                    "schema": "urn:ietf:params:scim:schemas:cyberark:1.0:Safe",
                    "required": false
                }
            ],
            "schemas": [
                "urn:ietf:params:scim:schemas:core:2.0:ResourceType"
            ],
            "id": "Container",
            "meta": {
                "resourceType": "ResourceType",
                "created": "2021-01-22T03:55:26.2935973Z",
                "lastModified": "2021-01-22T03:55:26.2935973Z",
                "location": "https://techpubs.my.idaptive.qa/Scim/ResourceTypes/Container"
            }
        },
        {
            "name": "ContainerPermission",
            "endpoint": "/ContainerPermissions",
            "schema": "urn:ietf:params:scim:schemas:pam:1.0:ContainerPermission",
            "schemas": [
                "urn:ietf:params:scim:schemas:core:2.0:ResourceType"
            ],
            "id": "ContainerPermission",
            "meta": {
                "resourceType": "ResourceType",
                "created": "2021-01-22T03:55:26.2935973Z",
                "lastModified": "2021-01-22T03:55:26.2935973Z",
                "location": "https://techpubs.my.idaptive.qa/Scim/ResourceTypes/ContainerPermission"
            }
        },
        {
            "name": "PrivilegedData",
            "endpoint": "/PrivilegedData",
            "schema": "urn:ietf:params:scim:schemas:pam:1.0:PrivilegedData",
            "schemaExtensions": [
                {
                    "schema": "urn:ietf:params:scim:schemas:cyberark:1.0:PrivilegedData",
                    "required": false
                }
            ],
            "schemas": [
                "urn:ietf:params:scim:schemas:core:2.0:ResourceType"
            ],
            "id": "PrivilegedData",
            "meta": {
                "resourceType": "ResourceType",
                "created": "2021-01-22T03:55:26.2935973Z",
                "lastModified": "2021-01-22T03:55:26.2935973Z",
                "location": "https://techpubs.my.idaptive.qa/Scim/ResourceTypes/PrivilegedData"
            }
        },
        {
            "name": "PrivilegedDataPermission",
            "endpoint": "/PrivilegedDataPermissions",
            "schema": "urn:ietf:params:scim:schemas:pam:1.0:PrivilegedDataPermission",
            "schemas": [
                "urn:ietf:params:scim:schemas:core:2.0:ResourceType"
            ],
            "id": "PrivilegedDataPermission",
            "meta": {
                "resourceType": "ResourceType",
                "created": "2021-01-22T03:55:26.2935973Z",
                "lastModified": "2021-01-22T03:55:26.2935973Z",
                "location": "https://techpubs.my.idaptive.qa/Scim/ResourceTypes/PrivilegedDataPermission"
            }
        }
    ]
}

Example - Schemas

The following example is a GET request to the /scim/Schemas endpoint. A GET request to this endpoint returns attributes for all objects.

For details on only one object, use /scim/Schemas/{{object}}.

The example response is abbreviated, showing the attributes for only the User resource. The schema URI is in the response as the value for the id attribute.

GET https://{{tenant_url}}/scim/Schemas

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:ListResponse"
    ],
    "totalResults": 10,
    "itemsPerPage": 10,
    "startIndex": 1,
    "Resources": [
        {
            "name": "User",
            "description": "User Account",
            "attributes": [
                {
                    "name": "userName",
                    "type": "string",
                    "multiValued": false,
                    "required": true,
                    "caseExact": true
                },
                {
                    "name": "name",
                    "type": "complex",
                    "subAttributes": [
                        {
                            "name": "formatted",
                            "type": "string",
                            "multiValued": false,
                            "required": false,
                            "caseExact": false
                        },
                        {
                            "name": "familyName",
                            "type": "string",
                            "multiValued": false,
                            "required": false,
                            "caseExact": false
                        },
                        {
                            "name": "givenName",
                            "type": "string",
                            "multiValued": false,
                            "required": false,
                            "caseExact": false
                        },
                        {
                            "name": "middleName",
                            "type": "string",
                            "multiValued": false,
                            "required": false,
                            "caseExact": false
                        },
                        {
                            "name": "honorificPrefix",
                            "type": "string",
                            "multiValued": false,
                            "required": false,
                            "caseExact": false
                        },
                        {
                            "name": "honorificSuffix",
                            "type": "string",
                            "multiValued": false,
                            "required": false,
                            "caseExact": false
                        }
                    ],
                    "multiValued": false,
                    "required": false
                },
            ],
            "id": "urn:ietf:params:scim:schemas:core:2.0:User",
            "meta": {
                "resourceType": "Schema",
                "created": "2021-01-22T03:59:22.3406896Z",
                "lastModified": "2021-01-22T03:59:22.3406896Z",
                "location": "https://techpubs.my.idaptive.qa/Scim/Schemas/urn:ietf:params:scim:schemas:core:2.0:User"
            }
        },
    ]
}