Workspace ONE Access User and Groups APIs Provisioned Users

Download

Embed

Workspace ONE Access Users and Groups: SCIM APIs for Provisioned Users


The following SCIM APIs have been made available to IdP partners and select customers to allow for local user management for users provisioned by the third-party.


Workspace ONE Access User and Groups APIs Provisioned-Users

Author(s): Jiaqi Gao (jiaqig@vmware.com)

Date Created: Jul 7th, 2022

The following SCIM1.1 APIs have been made available to select IdP partners and customers for local user management of users provisioned by the third-party IdP.

Create a provisioned user in other directory

It allows to create the provisioned users in the other directory when InternalUserType is specified as PROVISIONED and domain is specified, which is used to infer the directory.

The required attributes are: userName, name.givenName, name.familyName, emails (containing one and only one email address), internalUserType, domain and externalId.

POST /SAAS/jersey/manager/api/scim/Users
Host: sva.eng.vmware.com
Accept: application/json
Authorization: Bearer h480djs93hd8

{
"schemas": [
"urn:scim:schemas:core:1.0",
"urn:scim:schemas:extension:workspace:1.0" 
],
"userName": "cuser1",
"name": {
"givenName": "firstName",
"familyName": "lastName"
},
"displayName": "firstName lastName",
"emails": [
{
  "value": "cuser1@domain.com"
}
],
"externalId":"422e2e25-6904-4443-b979-7c5c46c63175",
"urn:scim:schemas:extension:workspace:1.0": {
"internalUserType": "PROVISIONED",
"domain": "domain.com"
}
}

HTTP/1.1 201 Created
Content-Type: application/json
Location: https://sva.eng.vmware.com/SAAS/jersey/manager/api/scim/Users/91cfcac4-cca9-4509-bce6-febc0e3b1d7c
ETag: W/"f250dd84f0671c3"

{
"schemas": [
"urn:scim:schemas:extension:workspace:1.0",
"urn:scim:schemas:core:1.0",
"urn:scim:schemas:extension:enterprise:1.0"
],
"id": "91cfcac4-cca9-4509-bce6-febc0e3b1d7c",
"meta": {
"created": "2014-11-20T05:54:34.895Z",
"lastModified": "2014-11-20T05:54:35.089Z",
"location": "https://sva.eng.vmware.com/SAAS/jersey/manager/api/scim/Users/91cfcac4-cca9-4509-bce6-febc0e3b1d7c"
"version":"W\/\"f250dd84f0671c3\""
},
"userName": "cuser1",
"name": {
"givenName": "firstName",
"familyName": "lastName"
},
"displayName": "firstName lastName",
"emails": [
{
  "value": "cuser1@domain.com"
}
],
"groups": [],
"active": true,
"roles": [
{
  "value": "c071da06-84c0-46d3-944b-dd8853cec3fc",
  "display": "User"
}
],
"externalId":"422e2e25-6904-4443-b979-7c5c46c63175",
"urn:scim:schemas:extension:workspace:1.0": {
"userStatus": "1",
"internalUserType": "PROVISIONED",
"domain": "domain.com"
}
}

Find Users: UserResource By externalId 

GET /SAAS/jersey/manager/api/scim/Users?filter=externalId%20eq%20%223273e0f7-1756-440b-a90b-fa0056a10fa0%22
Host: sva.eng.vmware.com
Authorization: Bearer h480djs93hd8

Delete User Resource

Delete will currently operate on any user, synchronized or not. It takes only the id as a parameter and does not discriminate based on the user's userStore value.

DELETE /SAAS/jersey/manager/api/scim/Users/d24afa39-05a1-433f-8aa9-ad41c9a3d394
Host: sva.eng.vmware.com
Authorization: Bearer h480djs93hd8

Sign in to be able to add comments.

Comments 1


jiaqig 1 year ago
Find the latest updates https://github.com/vjiaqig/SCIM-APIs-Provisioned-Users/blob/main/README.md

Contributor

Jiaqi Gao

  0 Favorite

  165 Downloads

  Created 1 year ago

  Updated 1 year ago

Platform

Identity Manager

Language

Java

License

BSD 3-Clause