SCIM 2.0 API
Reference for the SCIM 2.0 endpoint group — 18 endpoints.
Generated from the live OpenAPI spec. Re-run _generate_api_reference.py after backend changes.
Authentication#
All endpoints require a Bearer JWT in the Authorization header unless noted otherwise. See Concepts → Tokens and scopes and Reference → OAuth endpoints for how to obtain one.
Endpoints#
POST /api/v1/tenants/{tenant_id}/scim/v2/Bulk#
Bulk Operation
Execute multiple SCIM operations in a single request.
RFC 7644 Section 3.7 - Bulk Operations.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
tenant_id |
path | yes | string |
Request body:
Required.
application/json→SCIMBulkRequest
Responses:
| Status | Body |
|---|---|
200 |
application/json → SCIMBulkResponse |
422 |
application/json → HTTPValidationError |
GET /api/v1/tenants/{tenant_id}/scim/v2/Groups#
List Groups
List groups with SCIM filtering and pagination.
RFC 7644 Section 3.4.2 - Querying Resources.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
tenant_id |
path | yes | string |
|
filter |
query | no | string | null |
SCIM filter expression |
startIndex |
query | no | integer |
1-based start index |
count |
query | no | integer |
Number of results |
sortBy |
query | no | string | null |
Attribute to sort by |
sortOrder |
query | no | string |
Sort order |
Responses:
| Status | Body |
|---|---|
200 |
application/json → SCIMListResponse |
422 |
application/json → HTTPValidationError |
POST /api/v1/tenants/{tenant_id}/scim/v2/Groups#
Create Group
Create a new group.
RFC 7644 Section 3.3 - Creating Resources.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
tenant_id |
path | yes | string |
Request body:
Required.
application/json→SCIMGroupCreate
Responses:
| Status | Body |
|---|---|
201 |
application/json → SCIMGroup |
422 |
application/json → HTTPValidationError |
DELETE /api/v1/tenants/{tenant_id}/scim/v2/Groups/{group_id}#
Delete Group
Delete a group.
RFC 7644 Section 3.6 - Deleting Resources.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
tenant_id |
path | yes | string |
|
group_id |
path | yes | string |
Responses:
| Status | Body |
|---|---|
204 |
Successful Response |
422 |
application/json → HTTPValidationError |
GET /api/v1/tenants/{tenant_id}/scim/v2/Groups/{group_id}#
Get Group
Get a specific group by ID.
RFC 7644 Section 3.4.1 - Retrieving a Known Resource.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
tenant_id |
path | yes | string |
|
group_id |
path | yes | string |
Responses:
| Status | Body |
|---|---|
200 |
application/json → SCIMGroup |
422 |
application/json → HTTPValidationError |
PATCH /api/v1/tenants/{tenant_id}/scim/v2/Groups/{group_id}#
Patch Group
Partially update a group.
RFC 7644 Section 3.5.2 - Modifying with PATCH.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
tenant_id |
path | yes | string |
|
group_id |
path | yes | string |
Request body:
Required.
application/json→SCIMPatchRequest
Responses:
| Status | Body |
|---|---|
200 |
application/json → SCIMGroup |
422 |
application/json → HTTPValidationError |
PUT /api/v1/tenants/{tenant_id}/scim/v2/Groups/{group_id}#
Replace Group
Replace a group entirely.
RFC 7644 Section 3.5.1 - Replacing with PUT.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
tenant_id |
path | yes | string |
|
group_id |
path | yes | string |
Request body:
Required.
application/json→SCIMGroupCreate
Responses:
| Status | Body |
|---|---|
200 |
application/json → SCIMGroup |
422 |
application/json → HTTPValidationError |
GET /api/v1/tenants/{tenant_id}/scim/v2/ResourceTypes#
Get Resource Types
Return SCIM Resource Types.
RFC 7643 Section 6 - Defining and Registering Resource Types.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
tenant_id |
path | yes | string |
Responses:
| Status | Body |
|---|---|
200 |
application/json → array of SCIMResourceType |
422 |
application/json → HTTPValidationError |
GET /api/v1/tenants/{tenant_id}/scim/v2/ResourceTypes/{resource_type_id}#
Get Resource Type
Return a specific SCIM Resource Type.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
tenant_id |
path | yes | string |
|
resource_type_id |
path | yes | string |
Responses:
| Status | Body |
|---|---|
200 |
application/json → SCIMResourceType |
422 |
application/json → HTTPValidationError |
GET /api/v1/tenants/{tenant_id}/scim/v2/Schemas#
Get Schemas
Return SCIM Schemas.
RFC 7643 Section 7 - Schema Definition.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
tenant_id |
path | yes | string |
Responses:
| Status | Body |
|---|---|
200 |
application/json → array of SCIMSchema |
422 |
application/json → HTTPValidationError |
GET /api/v1/tenants/{tenant_id}/scim/v2/Schemas/{schema_id}#
Get Schema
Return a specific SCIM Schema.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
tenant_id |
path | yes | string |
|
schema_id |
path | yes | string |
Responses:
| Status | Body |
|---|---|
200 |
application/json → SCIMSchema |
422 |
application/json → HTTPValidationError |
GET /api/v1/tenants/{tenant_id}/scim/v2/ServiceProviderConfig#
Get Service Provider Config
Return SCIM Service Provider Configuration.
RFC 7644 Section 4 - Service Provider Configuration Endpoints.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
tenant_id |
path | yes | string |
Responses:
| Status | Body |
|---|---|
200 |
application/json → SCIMServiceProviderConfig |
422 |
application/json → HTTPValidationError |
GET /api/v1/tenants/{tenant_id}/scim/v2/Users#
List Users
List users with SCIM filtering and pagination.
RFC 7644 Section 3.4.2 - Querying Resources.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
tenant_id |
path | yes | string |
|
filter |
query | no | string | null |
SCIM filter expression |
startIndex |
query | no | integer |
1-based start index |
count |
query | no | integer |
Number of results |
sortBy |
query | no | string | null |
Attribute to sort by |
sortOrder |
query | no | string |
Sort order |
attributes |
query | no | string | null |
Attributes to include |
excludedAttributes |
query | no | string | null |
Attributes to exclude |
Responses:
| Status | Body |
|---|---|
200 |
application/json → SCIMListResponse |
422 |
application/json → HTTPValidationError |
POST /api/v1/tenants/{tenant_id}/scim/v2/Users#
Create User
Create a new user.
RFC 7644 Section 3.3 - Creating Resources.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
tenant_id |
path | yes | string |
Request body:
Required.
application/json→SCIMUserCreate
Responses:
| Status | Body |
|---|---|
201 |
application/json → SCIMUser |
422 |
application/json → HTTPValidationError |
DELETE /api/v1/tenants/{tenant_id}/scim/v2/Users/{user_id}#
Delete User
Delete a user.
RFC 7644 Section 3.6 - Deleting Resources.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
tenant_id |
path | yes | string |
|
user_id |
path | yes | string |
Responses:
| Status | Body |
|---|---|
204 |
Successful Response |
422 |
application/json → HTTPValidationError |
GET /api/v1/tenants/{tenant_id}/scim/v2/Users/{user_id}#
Get User
Get a specific user by ID.
RFC 7644 Section 3.4.1 - Retrieving a Known Resource.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
tenant_id |
path | yes | string |
|
user_id |
path | yes | string |
Responses:
| Status | Body |
|---|---|
200 |
application/json → SCIMUser |
422 |
application/json → HTTPValidationError |
PATCH /api/v1/tenants/{tenant_id}/scim/v2/Users/{user_id}#
Patch User
Partially update a user.
RFC 7644 Section 3.5.2 - Modifying with PATCH.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
tenant_id |
path | yes | string |
|
user_id |
path | yes | string |
Request body:
Required.
application/json→SCIMPatchRequest
Responses:
| Status | Body |
|---|---|
200 |
application/json → SCIMUser |
422 |
application/json → HTTPValidationError |
PUT /api/v1/tenants/{tenant_id}/scim/v2/Users/{user_id}#
Replace User
Replace a user entirely.
RFC 7644 Section 3.5.1 - Replacing with PUT.
Parameters:
| Name | In | Required | Type | Description |
|---|---|---|---|---|
tenant_id |
path | yes | string |
|
user_id |
path | yes | string |
Request body:
Required.
application/json→SCIMUserCreate
Responses:
| Status | Body |
|---|---|
200 |
application/json → SCIMUser |
422 |
application/json → HTTPValidationError |
Schemas#
Definitions for every type referenced by the endpoints above. Schema-to-schema references on this page link within the page; cross-page references would require visiting the linked page.
HTTPValidationError#
| Field | Type | Required | Description |
|---|---|---|---|
detail |
array of ValidationError |
no |
SCIMAddress#
SCIM address structure.
| Field | Type | Required | Description |
|---|---|---|---|
formatted |
string | null |
no | |
streetAddress |
string | null |
no | |
locality |
string | null |
no | |
region |
string | null |
no | |
postalCode |
string | null |
no | |
country |
string | null |
no | |
type |
string | null |
no | |
primary |
boolean |
no | Default: False |
SCIMAuthenticationScheme#
SCIM authentication scheme.
| Field | Type | Required | Description |
|---|---|---|---|
type |
string |
yes | |
name |
string |
yes | |
description |
string |
yes | |
specUri |
string | null |
no | |
documentationUri |
string | null |
no | |
primary |
boolean |
no | Default: False |
SCIMBulkOperation#
SCIM Bulk operation (RFC 7644 Section 3.7).
| Field | Type | Required | Description |
|---|---|---|---|
method |
string |
yes | |
bulkId |
string | null |
no | |
version |
string | null |
no | |
path |
string |
yes | |
data |
object | null |
no |
SCIMBulkRequest#
SCIM Bulk request.
| Field | Type | Required | Description |
|---|---|---|---|
schemas |
array of string |
no | Default: ['urn:ietf:params:scim:api:messages:2.0:BulkRequest'] |
failOnErrors |
integer | null |
no | |
Operations |
array of SCIMBulkOperation |
yes |
SCIMBulkResponse#
SCIM Bulk response.
| Field | Type | Required | Description |
|---|---|---|---|
schemas |
array of string |
no | Default: ['urn:ietf:params:scim:api:messages:2.0:BulkResponse'] |
Operations |
array of SCIMBulkResponseOperation |
yes |
SCIMBulkResponseOperation#
SCIM Bulk response operation.
| Field | Type | Required | Description |
|---|---|---|---|
method |
string |
yes | |
bulkId |
string | null |
no | |
version |
string | null |
no | |
location |
string | null |
no | |
status |
string |
yes | |
response |
object | null |
no |
SCIMEmail#
SCIM email structure.
| Field | Type | Required | Description |
|---|---|---|---|
value |
string |
yes | |
type |
string | null |
no | |
primary |
boolean |
no | Default: False |
SCIMEnterpriseUser#
SCIM Enterprise User extension (RFC 7643 Section 4.3).
| Field | Type | Required | Description |
|---|---|---|---|
employeeNumber |
string | null |
no | |
costCenter |
string | null |
no | |
organization |
string | null |
no | |
division |
string | null |
no | |
department |
string | null |
no | |
manager |
object | null |
no |
SCIMGroup#
SCIM Group resource (RFC 7643 Section 4.2).
| Field | Type | Required | Description |
|---|---|---|---|
schemas |
array of string |
no | Default: ['urn:ietf:params:scim:schemas:core:2.0:Group'] |
id |
string | null |
no | |
externalId |
string | null |
no | |
meta |
SCIMMeta | null |
no | |
displayName |
string |
yes | |
members |
array of SCIMGroupMember | null |
no |
SCIMGroupCreate#
SCIM Group creation request.
| Field | Type | Required | Description |
|---|---|---|---|
schemas |
array of string |
no | Default: ['urn:ietf:params:scim:schemas:core:2.0:Group'] |
externalId |
string | null |
no | |
displayName |
string |
yes | |
members |
array of SCIMGroupMember | null |
no |
SCIMGroupMember#
SCIM group member reference.
| Field | Type | Required | Description |
|---|---|---|---|
value |
string |
yes | |
$ref |
string | null |
no | |
display |
string | null |
no | |
type |
string |
no | Default: User |
SCIMListResponse#
SCIM List response (RFC 7644 Section 3.4.2).
| Field | Type | Required | Description |
|---|---|---|---|
schemas |
array of string |
no | Default: ['urn:ietf:params:scim:api:messages:2.0:ListResponse'] |
totalResults |
integer |
yes | |
startIndex |
integer |
no | Default: 1 |
itemsPerPage |
integer |
yes | |
Resources |
array of SCIMUser | SCIMGroup |
yes |
SCIMMeta#
SCIM resource metadata.
| Field | Type | Required | Description |
|---|---|---|---|
resourceType |
string |
yes | |
created |
string (date-time) | null |
no | |
lastModified |
string (date-time) | null |
no | |
location |
string | null |
no | |
version |
string | null |
no |
SCIMName#
SCIM user name structure.
| Field | Type | Required | Description |
|---|---|---|---|
formatted |
string | null |
no | |
familyName |
string | null |
no | |
givenName |
string | null |
no | |
middleName |
string | null |
no | |
honorificPrefix |
string | null |
no | |
honorificSuffix |
string | null |
no |
SCIMPatchOp#
SCIM Patch operation (RFC 7644 Section 3.5.2).
| Field | Type | Required | Description |
|---|---|---|---|
op |
string |
yes | |
path |
string | null |
no | |
value |
any | no |
SCIMPatchRequest#
SCIM Patch request (RFC 7644 Section 3.5.2).
| Field | Type | Required | Description |
|---|---|---|---|
schemas |
array of string |
no | Default: ['urn:ietf:params:scim:api:messages:2.0:PatchOp'] |
Operations |
array of SCIMPatchOp |
yes |
SCIMPhoneNumber#
SCIM phone number structure.
| Field | Type | Required | Description |
|---|---|---|---|
value |
string |
yes | |
type |
string | null |
no | |
primary |
boolean |
no | Default: False |
SCIMResourceType#
SCIM Resource Type (RFC 7643 Section 6).
| Field | Type | Required | Description |
|---|---|---|---|
schemas |
array of string |
no | Default: ['urn:ietf:params:scim:schemas:core:2.0:ResourceType'] |
id |
string |
yes | |
name |
string |
yes | |
description |
string | null |
no | |
endpoint |
string |
yes | |
schema |
string |
yes | |
schemaExtensions |
array of SCIMSchemaExtension | null |
no | |
meta |
SCIMMeta | null |
no |
SCIMSchema#
SCIM Schema definition (RFC 7643 Section 7).
| Field | Type | Required | Description |
|---|---|---|---|
schemas |
array of string |
no | Default: ['urn:ietf:params:scim:schemas:core:2.0:Schema'] |
id |
string |
yes | |
name |
string | null |
no | |
description |
string | null |
no | |
attributes |
array of SCIMSchemaAttribute |
yes | |
meta |
SCIMMeta | null |
no |
SCIMSchemaAttribute#
SCIM schema attribute definition.
| Field | Type | Required | Description |
|---|---|---|---|
name |
string |
yes | |
type |
string |
yes | |
multiValued |
boolean |
no | Default: False |
description |
string | null |
no | |
required |
boolean |
no | Default: False |
canonicalValues |
array of string | null |
no | |
caseExact |
boolean |
no | Default: False |
mutability |
string |
no | Default: readWrite |
returned |
string |
no | Default: default |
uniqueness |
string |
no | Default: none |
subAttributes |
array of SCIMSchemaAttribute | null |
no |
SCIMSchemaExtension#
SCIM schema extension reference.
| Field | Type | Required | Description |
|---|---|---|---|
schema |
string |
yes | |
required |
boolean |
no | Default: False |
SCIMServiceProviderConfig#
SCIM Service Provider Configuration (RFC 7643 Section 5).
| Field | Type | Required | Description |
|---|---|---|---|
schemas |
array of string |
no | Default: ['urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig'] |
documentationUri |
string | null |
no | |
patch |
object of string → boolean |
no | Default: {'supported': True} |
bulk |
object | no | Default: {'supported': True, 'maxOperations': 1000, 'maxPayloadSize': 1048576} |
filter |
object | no | Default: {'supported': True, 'maxResults': 200} |
changePassword |
object of string → boolean |
no | Default: {'supported': True} |
sort |
object of string → boolean |
no | Default: {'supported': True} |
etag |
object of string → boolean |
no | Default: {'supported': False} |
authenticationSchemes |
array of SCIMAuthenticationScheme |
yes |
SCIMUser#
SCIM User resource (RFC 7643 Section 4.1).
| Field | Type | Required | Description |
|---|---|---|---|
schemas |
array of string |
no | Default: ['urn:ietf:params:scim:schemas:core:2.0:User'] |
id |
string | null |
no | |
externalId |
string | null |
no | |
meta |
SCIMMeta | null |
no | |
userName |
string |
yes | |
name |
SCIMName | null |
no | |
displayName |
string | null |
no | |
nickName |
string | null |
no | |
profileUrl |
string | null |
no | |
title |
string | null |
no | |
userType |
string | null |
no | |
preferredLanguage |
string | null |
no | |
locale |
string | null |
no | |
timezone |
string | null |
no | |
active |
boolean |
no | Default: True |
password |
string | null |
no | |
emails |
array of SCIMEmail | null |
no | |
phoneNumbers |
array of SCIMPhoneNumber | null |
no | |
addresses |
array of SCIMAddress | null |
no | |
groups |
array of SCIMUserGroup | null |
no | |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User |
SCIMEnterpriseUser | null |
no |
SCIMUserCreate#
SCIM User creation request.
| Field | Type | Required | Description |
|---|---|---|---|
schemas |
array of string |
no | Default: ['urn:ietf:params:scim:schemas:core:2.0:User'] |
externalId |
string | null |
no | |
userName |
string |
yes | |
name |
SCIMName | null |
no | |
displayName |
string | null |
no | |
nickName |
string | null |
no | |
profileUrl |
string | null |
no | |
title |
string | null |
no | |
userType |
string | null |
no | |
preferredLanguage |
string | null |
no | |
locale |
string | null |
no | |
timezone |
string | null |
no | |
active |
boolean |
no | Default: True |
password |
string | null |
no | |
emails |
array of SCIMEmail | null |
no | |
phoneNumbers |
array of SCIMPhoneNumber | null |
no | |
addresses |
array of SCIMAddress | null |
no | |
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User |
SCIMEnterpriseUser | null |
no |
SCIMUserGroup#
SCIM user's group membership reference.
| Field | Type | Required | Description |
|---|---|---|---|
value |
string |
yes | |
$ref |
string | null |
no | |
display |
string | null |
no | |
type |
string |
no | Default: direct |
ValidationError#
| Field | Type | Required | Description |
|---|---|---|---|
loc |
array of string | integer |
yes | |
msg |
string |
yes | |
type |
string |
yes |