Understanding PAM360 SCIM APIs

21 minutes to read

Introduction

SCIM APIs serve as the foundation for seamlessly integrating identity management processes across various systems and applications. With SCIM implementation in PAM360, SCIM APIs enable administrators to automate user and group provisioning tasks, ensuring efficient management of access to critical resources. SCIM APIs use the GET, POST, PUT, PATCH, and DELETE methods to offer a wide range of CRUD operations.

To access PAM360 SCIM APIs, authentication from PAM360 is required. This involves creating a REST API user account with the respective role and using the generated user authentication token for authentication purposes. The generated authentication token can be sent in two ways for authentication:

As an Authentication Token header, similar to REST APIs.
As a Bearer Token in the Authorization header.

This document will help you understand the supported SCIM endpoints, APIs, and attributes. The supported SCIM Endpoints are listed below:

Users
Groups
SCIM Configuration
3.1 ServiceProviderConfig
3.2 Schemas
3.3 ResourceTypes

1. Users

To manage users in PAM360, you can make use of the PAM360 SCIM APIs provided in this section.

Supported Core Attributes

Attributes	Data type	Required? (for POST)	Required? (for PUT)
userName	String	Yes	No
givenName	String	Yes	Yes
familyName	String	Yes	Yes
emails	Array	Yes	Yes
password	String	No	No
roles	Array	Yes	No
active	Boolean	Yes	No

Supported Custom Schema Extension Attributes

urn:ietf:params:scim:schemas:extension:pam360_domain:2.0:User:userType

urn:ietf:params:scim:schemas:extension:pam360_domain:2.0:User:domain

Attributes	Types	Descriptions
userType	0\|1\|2\|3	Types of users. 0 - Local, 1 - AD, 2 - Entra ID, 3- LDAP.
domain	String	Domain to which the domain user is affiliated.

Below are the PAM360 SCIM APIs for the User endpoint:

1.1 Get User

Description

To get the details of a user in PAM360.

URL

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/{userId}

HTTP Method

GET

Sample Request

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/2101

Sample Response

{
"emails": [
{
"type": "work",
"value": "john@teams.com",
"primary": true
}
],
"roles": [
{
"value": "Privileged Administrator",
"primary": true
}
],
"meta": {
"created": "2024-02-29 13:54:37.451",
"location": "https://192.168.176.251 :8282/scim/v2/Users/2101",
"resourceType": "User"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"name": {
"givenName": "John",
"familyName": "G"
},
"active": true,
"id": 2101,
"userName": "john@teams.onmicrosoft.com",
"urn:ietf:params:scim:schemas:extension:pam360_domain:2.0:User": {
"userType": "0"
},
}

1.2 Get All Users

Description

To get all the details of users in PAM360.

URL

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users

HTTP Method

GET

Query Syntax

Utilize SCIM endpoints for querying users based on attributes. Each query includes an operator, attribute, and attribute value in this format:

<baseURL>/scim/users?filter=<attribute> <operator> "<attributeValue>"

Supported Attributes

Attributes	Descriptions
userName	Identifies a user based on their username.
active	Returns a list of users based on their status, which is `true` (active) or `false` (inactive).

Supported Operators

Operators	Definitions
eq	equals
sw	starts with
co	contains
ew	ends with

Sample Request

For Querying,

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users?filter=userName eq "test1"

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users?filter=active eq "true"

For Pagination,

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users?startIndex=1&count=50

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users?startIndex=51&count=50

For combining Querying and Pagination,

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users?filter=userName eq "test1"&startIndex=1&count=50

Sample Response

{
"totalResults": 2,
"startIndex": 1,
"itemsPerPage": 100,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"Resources": [
{
"emails": [
{
"type": "work",
"value": "guest@teams.onmicrosoft.com",
"primary": true
}
],
"meta": {
"created": "2024-04-02 11:04:45.235",
"location": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/2",
"resourceType": "User"
},
"roles": [
{
"value": "Password User",
"primary": true
}
],
"urn:ietf:params:scim:schemas:extension:pam360_domain:2.0:User": {
"userType": "0"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:pam360_domain:2.0:User"
],
"name": {
"givenName": "guest",
"familyName": ""
},
"active": true,
"id": 2,
"userName": "guest"
},
{
"emails": [
{
"type": "work",
"value": "aaaadmin@teams.onmicrosoft.com",
"primary": true
}
],
"meta": {
"created": "2024-04-02 11:04:45.235",
"location": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/1",
"resourceType": "User"
},
"roles": [
{
"value": "Privileged Administrator",
"primary": true
}
],
"urn:ietf:params:scim:schemas:extension:pam360_domain:2.0:User": {
"userType": "0"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:pam360_domain:2.0:User"
],
"name": {
"givenName": "admin",
"familyName": ""
},
"active": true,
"id": 1,
"userName": "admin"
}
]
}

1.3 Create a New User

Description

To create a new user or Entra domain user to PAM360.

URL

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users

HTTP Method

POST

Sample Request

{
"userName": "john@teams.onmicrosoft.com",
"name": {
"givenName": "John",
"familyName": "G"
},
"emails": [
{
"type": "work",
"value": "john@teams.com",
"primary": true
}
],
"roles": [
{
"value": "Privileged Administrator",
"primary": true
}
],
"active": true,
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:pam360_domain:2.0:User"
],
"urn:ietf:params:scim:schemas:extension:pam360_domain:2.0:User": {
"userType": "0"
}
}

For creating an Entra domain user in PAM360,

Sample Response

{
"emails": [
{
"type": "work",
"value": "john@teams.com",
"primary": true
}
],
"meta": {
"location": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/601",
"resourceType": "User"
},
"roles": [
{
"value": "Privileged Administrator",
"primary": true
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"name": {
"givenName": "John",
"familyName": "G"
},
"active": true,
"id": 601,
"userName": "john@teams.onmicrosoft.com"
}

1.4 Update User Details

Description

To update the details of a user in PAM360.

URL

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/{userId}

HTTP Method

PUT

Sample Request

{
"userName": "john@teams.onmicrosoft.com",
"name": {
"givenName": "John",
"familyName": "Doe"
},
"emails": [
{
"type": "work",
"value": "john.doe@teams.com",
"primary": true
}
],
"roles": [
{
"value": "Password User",
"primary": true
}
],
"active": true,
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
}

Sample Response

{
"emails": [
{
"type": "work",
"value": "john.doe@teams.com",
"primary": true
}
],
"meta": {
"location": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/601",
"resourceType": "User"
},
"roles": [
{
"value": "Password User",
"primary": true
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"name": {
"givenName": "John",
"familyName": "Doe"
},
"active": true,
"id": 601,
"userName": "john@teams.onmicrosoft.com"
}

1.5 Patch User Details

Description

To update specific values of a user.

URL

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/{userId}

HTTP Method

PATCH

Supported Path Values

Paths	Data Types of the Value
active	Boolean
emails	Array
emails[type eq \"work\"].value	String
name	JSON Object
name.familyName	String
name.givenName	String
roles	Array
roles[primary eq\"True\"].value	String

Sample Request

{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "Replace",
"path": "active",
"value": true
},
{
"op": "Replace",
"path": "name.familyName",
"value": "asdf"
}
]
}

To change the email of a user,

{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "Replace",
"path": "emails[type eq \"work\"].value",
"value": true
}
]
}

To change the role of a user,

{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "Replace",
"path": "roles[primary eq \"True\"].value",
"value": "Password User"
}
]
}

Sample Response

Upon successful update, you will get the HTTP Status Code 204.

2. Groups

To manage SCIM provisioned groups in PAM360.

Supported Core Attributes

Attributes	Descriptions
displayName	Identifies a group based on its display name.
id	Identifies a group based on its ID.
members	Provides a list of users associated with the group.

Below are the PAM360 SCIM APIs for the Group endpoint:

2.1 Get Details of a Group

Description

To get the details of a group added to PAM360.

URL

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups/{groupId}

HTTP Method

GET

Sample Request

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups/1202

Sample Response

{
"displayName": "Group4",
"meta": {
"created": "2024-01-30 14:01:08.461",
"location": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups/1202",
"resourceType": "Group"
},
"members": [
{
"value": 9,
"$ref": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/9"
},
{
"value": 301,
"$ref": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/301"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"id": 1202
}

2.2 Get Details of All Groups

Description

To get the details of all the groups added to PAM360.

URL

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups

HTTP Method

GET

Query Syntax

Utilize SCIM endpoints for querying groups based on attributes. Each query includes an operator, attribute, and attribute value in this format:

<baseURL>/scim/groups?filter=<attribute> <operator> "<attributeValue>"

Supported Attributes

Attributes	Description
displayName	Identifies a group based on its display name.

Supported Operators

Operators	Definitions
eq	equals
sw	starts with
co	contains
ew	ends with

Sample Request

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups

For Querying,

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups?filter=displayName eq "group1"

For Pagination,

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups?startIndex=1&count=50

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups?startIndex=51&count=50

For combining Querying and Pagination,

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups?filter=displayName eq "group1"&startIndex=1&count=50

Sample Response

{
"totalResults": 7,
"startIndex": 6,
"itemsPerPage": 2,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"Resources": [
{
"displayName": "Group4",
"meta": {
"created": "2024-01-30 14:01:08.461",
"location": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups/1202",
"resourceType": "Group"
},
"members": [
{
"value": 301,
"$ref": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/301"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"id": 1202
},
{
"displayName": "john",
"meta": {
"created": "2024-01-31 18:13:30.024",
"location": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups/1501",
"resourceType": "Group"
},
"members": [
{
"value": 9,
"$ref": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/9"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"id": 1501
}
]
}

2.3 Create a Group

Description

To add a group to PAM360.

URL

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups

HTTP Method

POST

Sample Request

{
"displayName": "Group14",
"meta": {
"created": "2024-01-30 14:01:08.461",
"resourceType": "Group"
},
"members": [
{
"value": 9,
"$ref": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/9"
},
{
"value": 301,
"$ref": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/301"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
]
}

Sample Response

{
"displayName": "Group14",
"meta": {
"created": "2024-01-30 14:01:08.461",
"location": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups/2101",
"resourceType": "Group"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"members": [
{
"value": 9,
"$ref": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/9"
},
{
"value": 301,
"$ref": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/301"
}
],
"id": 2101
}

2.4 Update Group Details

Description

To update the details of the group added in PAM360.

URL

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups/{groupId}

HTTP Method

PUT

Sample Request

{
[
"displayName": "Group24",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"members": [
{
"value": 9,
"$ref": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/9"
},
{
"value": 2,
"$ref": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/2"
}
]
}

Sample Response

{
"displayName": "Group24",
"meta": {
"created": "2024-01-30 14:01:08.461",
"location": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups/1202",
"resourceType": "Group"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"members": [
{
"value": 9,
"$ref": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/9"
},
{
"value": 2,
"$ref": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/2"
}
],
"id": 1202
}

2.5 Patch Group

Description

To update a detail of the group added to PAM360.

URL

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups/{groupId}

HTTP Method

PATCH

Sample Request

{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "Replace",
"path": "displayName",
"value": "Group4"
},
{
"op": "Add",
"path": "members",
"value": [
{
"value": "1504"
}
]
},
{
"op": "Remove",
"path": "members",
"value": [
{
"value": "1501"
},
{
"value": "1502"
}
]
}
]
}

Sample Response

Upon successful update, you will receive the HTTP Status code 204.

2.6 Delete Group

Description

To delete a group from PAM360.

URL

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups/{groupId}

HTTP Method

DELETE

Sample Request

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups/2101

Sample Response

Upon successful deletion, you will receive the HTTP Status code 204.

3. SCIM Configuration

Below are the PAM360 SCIM APIs for the ServiceProviderConfig, Schemas, and ResourceTypes endpoints:

3.1 ServiceProviderConfig

Description

To get all the details of SCIM implementation in PAM360.

URL

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/ServiceProviderConfig

HTTP Method

GET

Sample Request

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/ServiceProviderConfig

Sample Response

{
"patch": {
"supported": true
},
"filter": {
"maxResults": 0,
"supported": true
},
"documentationUri": "https://www.manageengine.com/privileged-access-management/help/scim-config.html",
"authenticationSchemes": [
{
"documentationUri": "https://www.manageengine.com/privileged-access-management/help/scim-config.html",
"name": "API Token",
"description": "Authentication scheme using the API Token",
"type": "apitoken",
"primary": true
},
{
"documentationUri": "https://www.manageengine.com/privileged-access-management/help/scim-config.html",
"name": "OAuth Bearer Token",
"description": "Authentication scheme using the OAuth Bearer Token Standard",
"type": "oauthbearertoken",
"primary": false
}
],
"meta": {
"location": "/ServiceProviderConfig",
"resourceType": "ServiceProviderConfig"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"
],
"etag": {
"supported": false
},
"sort": {
"supported": false
},
"bulk": {
"maxPayloadSize": 0,
"maxOperations": 0,
"supported": false
},
"changePassword": {
"supported": false
}
}

3.2 Schemas

3.2.1 Get a Schema

Description

To get a schema using its ID.

URL

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Schemas/{schemaId}

HTTP Method

GET

Sample Request

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:Group

Sample Response

{
"meta": {
"location": "Schemas/urn:ietf:params:scim:schemas:core:2.0:Group",
"resourceType": "Schema"
},
"name": "Group",
"description": "Group",
"attributes": [
{
"uniqueness": "none",
"name": "displayName",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "members",
"mutability": "readWrite",
"type": "complex",
"multiValued": true,
"returned": "default",
"required": false,
"subAttributes": [
{
"uniqueness": "none",
"name": "value",
"description": "Identifier of the member of this Group.",
"mutability": "immutable",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"uniqueness": "none",
"name": "$ref",
"description": "Location of the member of this Group.",
"mutability": "immutable",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
}
]
}
],
"id": "urn:ietf:params:scim:schemas:core:2.0:Group"
}

3.2.2 Get All Schemas

Description

To get all the schemas implemented and the supported params in PAM360.

URL

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Schemas

HTTP Method

GET

Sample Request

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Schemas

Sample Response

{
"startIndex": 1,
"totalResults": 3,
"itemsPerPage": 100,
"Resources": [
{
"meta": {
"location": "/Schemas/urn:ietf:params:scim:schemas:core:2.0:User",
"resourceType": "Schema"
},
"name": "User",
"description": "User Account",
"attributes": [
{
"uniqueness": "server",
"name": "userName",
"mutability": "immutable",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": true
},
{
"uniqueness": "none",
"name": "name",
"mutability": "readWrite",
"type": "complex",
"multiValued": false,
"returned": "default",
"required": false,
"subAttributes": [
{
"uniqueness": "none",
"name": "familyName",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"uniqueness": "none",
"name": "givenName",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
}
]
},
{
"name": "active",
"mutability": "readWrite",
"type": "boolean",
"multiValued": false,
"returned": "default",
"required": false
},
{
"uniqueness": "none",
"name": "password",
"mutability": "writeOnly",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "never",
"required": false
},
{
"uniqueness": "none",
"name": "emails",
"mutability": "readWrite",
"type": "complex",
"multiValued": true,
"returned": "default",
"required": false,
"subAttributes": [
{
"uniqueness": "none",
"name": "value",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"uniqueness": "none",
"name": "type",
"canonicalValues": [
"work"
],
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "primary",
"mutability": "readWrite",
"type": "boolean",
"multiValued": false,
"returned": "default",
"required": false
}
]
},
{
"name": "roles",
"description": "A list of roles for the User that collectively represent who the User is, e.g., 'Password User', 'Administrator'.",
"mutability": "readWrite",
"type": "complex",
"multiValued": true,
"returned": "default",
"required": false,
"subAttributes": [
{
"uniqueness": "none",
"name": "value",
"description": "The value of a role.",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"uniqueness": "none",
"name": "display",
"description": "A human-readable name, primarily used for display purposes. READ-ONLY.",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"uniqueness": "none",
"name": "type",
"description": "A label indicating the attribute's function.",
"canonicalValues": [],
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "primary",
"description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute. The primary attribute value 'true' MUST appear no more than once.",
"mutability": "readWrite",
"type": "boolean",
"multiValued": false,
"returned": "default",
"required": false
}
]
}
],
"id": "urn:ietf:params:scim:schemas:core:2.0:User"
},
{
"meta": {
"location": "Schemas/urn:ietf:params:scim:schemas:core:2.0:Group",
"resourceType": "Schema"
},
"name": "Group",
"description": "Group",
"attributes": [
{
"uniqueness": "none",
"name": "displayName",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "members",
"mutability": "readWrite",
"type": "complex",
"multiValued": true,
"returned": "default",
"required": false,
"subAttributes": [
{
"uniqueness": "none",
"name": "value",
"description": "Identifier of the member of this Group.",
"mutability": "immutable",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"uniqueness": "none",
"name": "$ref",
"description": "Location of the member of this Group.",
"mutability": "immutable",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
}
]
}
],
"id": "urn:ietf:params:scim:schemas:core:2.0:Group"
},
{
"meta": {
"location": "Schemas/urn:ietf:params:scim:schemas:extension:pam360_domain:2.0:User",
"resourceType": "Schema"
},
"name": "Domain",
"description": "Domain of the User in case of AD, LDAP or Entra ID.",
"attributes": [
{
"uniqueness": "none",
"name": "userType",
"canonicalValues": [
"0",
"1",
"2",
"3"
],
"mutability": "immutable",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"uniqueness": "none",
"name": "domain",
"mutability": "immutable",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
}
],
"id": "urn:ietf:params:scim:schemas:extension:pam360_domain:2.0:User"
}
]
}

3.3 ResourceTypes

3.3.1 Get a Resource Type

Description

To get the details of a SCIM resource implemented in PAM360.

URL

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/ResourceTypes/{typeId}

HTTP Method

GET

Sample Request

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/ResourceTypes/Group

Sample Response

{
"schema": "urn:ietf:params:scim:schemas:core:2.0:Group",
"endpoint": "/Groups",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
],
"name": "Group",
"description": "Group",
"id": "Group"
}

3.3.2 Get all Resource Types

Description

To get the details of all the SCIM resources implemented in PAM360.

URL

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/ResourceTypes

HTTP Method

GET

Sample Request

https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/ResourceTypes

Sample Response

{
"totalResults": 2,
"startIndex": 1,
"itemsPerPage": 100,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"Resources": [
{
"schema": "urn:ietf:params:scim:schemas:core:2.0:User",
"endpoint": "/Users",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
],
"name": "User",
"description": "User Account",
"id": "User"
},
{
"schema": "urn:ietf:params:scim:schemas:core:2.0:Group",
"endpoint": "/Groups",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
],
"name": "Group",
"description": "Group",
"id": "Group"
}
]
}