The Idaptive Developer Program

Manage Groups with SCIM Endpoints

This topic describes how to manage groups with SCIM endpoints.

API-Testing applications can edit roles in the Idaptive Directory through SCIM role endpoints. This includes:
-GET: access role information
-POST: add new roles
-PUT/PATCH: update roles or assign users to roles
-DELETE: delete roles


The terms "Groups" and "Roles" are interchangeable. Idaptive uses the term "role" when describing how users are categorized in the Idaptive Directory. The term "group" describes role provisioning through endpoints.

Role Endpoints

GET all groups


This endpoint returns the information of all the roles of the application. Role names, users involved in the role, and role specifications are outlined in the response.

All group provisioning endpoints use a header with bearer token and a tenant ID to navigate to the correct endpoint. The bearer token is listed in Actions in your SCIM App Settings, or you can use the same bearer token as the one used in the User Provisioning section.

This request might return a large number of results. If you want to limit the results, you could use ?startIndex={{integer}}&count={{integer}} to control pagination. For example:


GET one group


Just like user IDs, each role has a unique corresponding role ID. This request navigates to the endpoint with a role ID and returns all information regarding that role. Examples include involved users, role display name, user display names, user IDs, and role administrative rights.

To collect the correct role ID, you can run the GET all groups request.

POST one group


This request creates a role and optionally adds a user to that role. More than one user can be added to a created role as long as all of the user IDs are listed as members of the role. You can change information about the created role such as administrative privileges and assigned applications. No configuration is needed aside from the header, which includes the bearer token and tenant ID.

POST one group navigates to the Roles endpoint in the Admin Portal. After running, a newly created role appears there.

PUT one group


This request navigates to a specific role endpoint through the role ID and changes an informational aspect about the role or user associated with the role. The PUT one group method replaces an existing role with an updated version, or creates a new role entirely.

PUT requests edit the same amount of information as POST requests. Additional information can be listed, but it will not appear in the Admin Portal.

PATCH one group


The PATCH method allows you to make a minor change to either a role or a user inside of the role. PATCH updates a part of the role without including the entire role information. A role ID is needed when calling uon the https://{{tenant_id}}{{role_id}} endpoint.

DELETE one group


DELETE one group deletes a role. The request uses a role ID to locate the role endpoint. DELETE one group is the only request that returns no information. Requesting DELETE twice will yield an error, since the role ID no longer exists.

Deleting a role will not delete the users involved, but will delete the connections the users have to the nonexistent role.

Updated 3 days ago

Manage Groups with SCIM Endpoints

This topic describes how to manage groups with SCIM endpoints.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.