Understanding PAM360 SCIM APIs
Introduction
SCIM APIs serve as the foundation for seamlessly integrating identity management processes across various systems and applications. With SCIM implementation in PAM360, SCIM APIs enable administrators to automate user and group provisioning tasks, ensuring efficient management of access to critical resources. SCIM APIs use the GET, POST, PUT, PATCH, and DELETE methods to offer a wide range of CRUD operations.
To access PAM360 SCIM APIs, authentication from PAM360 is required. This involves creating a REST API user account with the respective role and using the generated user authentication token for authentication purposes. The generated authentication token can be sent in two ways for authentication:
- As an Authentication Token header, similar to REST APIs.
- As a Bearer Token in the Authorization header.
This document will help you understand the supported SCIM endpoints, APIs, and attributes. The supported SCIM Endpoints are listed below:
1. Users
To manage users in PAM360, you can make use of the PAM360 SCIM APIs provided in this section.
Supported Core Attributes
Attributes | Data type | Required? (for POST) | Required? (for PUT) |
---|---|---|---|
userName |
String |
Yes |
No |
givenName |
String |
Yes |
Yes |
familyName |
String |
Yes |
Yes |
emails |
Array |
Yes |
Yes |
password |
String |
No |
No |
roles |
Array |
Yes |
No |
active |
Boolean |
Yes |
No |
Supported Custom Schema Extension Attributes
urn:ietf:params:scim:schemas:extension:pam360_domain:2.0:User:userType
urn:ietf:params:scim:schemas:extension:pam360_domain:2.0:User:domain
Attributes | Types | Descriptions |
---|---|---|
userType |
0|1|2|3 |
Types of users. 0 - Local, 1 - AD, 2 - Entra ID, 3- LDAP. |
domain |
String |
Domain to which the domain user is affiliated. |
Below are the PAM360 SCIM APIs for the User endpoint:
1.1 Get User
Description
To get the details of a user in PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/{userId}
HTTP Method
GET
Sample Request
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/2101
Sample Response
{
"emails": [
{
"type": "work",
"value": "john@teams.com",
"primary": true
}
],
"roles": [
{
"value": "Privileged Administrator",
"primary": true
}
],
"meta": {
"created": "2024-02-29 13:54:37.451",
"location": "https://192.168.176.251 :8282/scim/v2/Users/2101",
"resourceType": "User"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"name": {
"givenName": "John",
"familyName": "G"
},
"active": true,
"id": 2101,
"userName": "john@teams.onmicrosoft.com",
"urn:ietf:params:scim:schemas:extension:pam360_domain:2.0:User": {
"userType": "0"
},
}
1.2 Get All Users
Description
To get all the details of users in PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users
HTTP Method
GET
Query Syntax
Utilize SCIM endpoints for querying users based on attributes. Each query includes an operator, attribute, and attribute value in this format:
<baseURL>/scim/users?filter=<attribute> <operator> "<attributeValue>"
Supported Attributes
Attributes | Descriptions |
---|---|
userName |
Identifies a user based on their username. |
active |
Returns a list of users based on their status, which is `true` (active) or `false` (inactive). |
Supported Operators
Operators | Definitions |
---|---|
eq |
equals |
sw |
starts with |
co |
contains |
ew |
ends with |
Sample Request
For Querying,
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users?filter=userName eq "test1"
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users?filter=active eq "true"
For Pagination,
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users?startIndex=1&count=50
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users?startIndex=51&count=50
For combining Querying and Pagination,
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users?filter=userName eq "test1"&startIndex=1&count=50
Sample Response
{
"totalResults": 2,
"startIndex": 1,
"itemsPerPage": 100,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"Resources": [
{
"emails": [
{
"type": "work",
"value": "guest@teams.onmicrosoft.com",
"primary": true
}
],
"meta": {
"created": "2024-04-02 11:04:45.235",
"location": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/2",
"resourceType": "User"
},
"roles": [
{
"value": "Password User",
"primary": true
}
],
"urn:ietf:params:scim:schemas:extension:pam360_domain:2.0:User": {
"userType": "0"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:pam360_domain:2.0:User"
],
"name": {
"givenName": "guest",
"familyName": ""
},
"active": true,
"id": 2,
"userName": "guest"
},
{
"emails": [
{
"type": "work",
"value": "aaaadmin@teams.onmicrosoft.com",
"primary": true
}
],
"meta": {
"created": "2024-04-02 11:04:45.235",
"location": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/1",
"resourceType": "User"
},
"roles": [
{
"value": "Privileged Administrator",
"primary": true
}
],
"urn:ietf:params:scim:schemas:extension:pam360_domain:2.0:User": {
"userType": "0"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:pam360_domain:2.0:User"
],
"name": {
"givenName": "admin",
"familyName": ""
},
"active": true,
"id": 1,
"userName": "admin"
}
]
}
1.3 Create a New User
Description
To create a new user or Entra domain user to PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users
HTTP Method
POST
Sample Request
{
"userName": "john@teams.onmicrosoft.com",
"name": {
"givenName": "John",
"familyName": "G"
},
"emails": [
{
"type": "work",
"value": "john@teams.com",
"primary": true
}
],
"roles": [
{
"value": "Privileged Administrator",
"primary": true
}
],
"active": true,
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:pam360_domain:2.0:User"
],
"urn:ietf:params:scim:schemas:extension:pam360_domain:2.0:User": {
"userType": "0"
}
}
For creating an Entra domain user in PAM360,
{
"userName": "john@teams.onmicrosoft.com",
"name": {
"givenName": "John",
"familyName": "G"
},
"emails": [
{
"type": "work",
"value": "john@teams.com",
"primary": true
}
],
"roles": [
{
"value": "Privileged Administrator",
"primary": true
}
],
"active": true,
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:pam360_domain:2.0:User"
],
"urn:ietf:params:scim:schemas:extension:pam360_domain:2.0:User": {
"userType": "2",
"domain": "teams.onmicrosoft.com"
}
}
Sample Response
{
"emails": [
{
"type": "work",
"value": "john@teams.com",
"primary": true
}
],
"meta": {
"location": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/601",
"resourceType": "User"
},
"roles": [
{
"value": "Privileged Administrator",
"primary": true
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"name": {
"givenName": "John",
"familyName": "G"
},
"active": true,
"id": 601,
"userName": "john@teams.onmicrosoft.com"
}
1.4 Update User Details
Description
To update the details of a user in PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/{userId}
HTTP Method
PUT
Sample Request
{
"userName": "john@teams.onmicrosoft.com",
"name": {
"givenName": "John",
"familyName": "Doe"
},
"emails": [
{
"type": "work",
"value": "john.doe@teams.com",
"primary": true
}
],
"roles": [
{
"value": "Password User",
"primary": true
}
],
"active": true,
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
}
Sample Response
{
"emails": [
{
"type": "work",
"value": "john.doe@teams.com",
"primary": true
}
],
"meta": {
"location": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/601",
"resourceType": "User"
},
"roles": [
{
"value": "Password User",
"primary": true
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"name": {
"givenName": "John",
"familyName": "Doe"
},
"active": true,
"id": 601,
"userName": "john@teams.onmicrosoft.com"
}
1.5 Patch User Details
Description
To update specific values of a user.
URL
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/{userId}
HTTP Method
PATCH
Supported Path Values
Paths | Data Types of the Value |
---|---|
active |
Boolean |
emails |
Array |
emails[type eq \"work\"].value |
String |
name |
JSON Object |
name.familyName |
String |
name.givenName |
String |
roles |
Array |
roles[primary eq\"True\"].value |
String |
Sample Request
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "Replace",
"path": "active",
"value": true
},
{
"op": "Replace",
"path": "name.familyName",
"value": "asdf"
}
]
}
To change the email of a user,
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "Replace",
"path": "emails[type eq \"work\"].value",
"value": true
}
]
}
To change the role of a user,
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "Replace",
"path": "roles[primary eq \"True\"].value",
"value": "Password User"
}
]
}
Sample Response
Upon successful update, you will get the HTTP Status Code 204.
2. Groups
To manage SCIM provisioned groups in PAM360.
Supported Core Attributes
Attributes | Descriptions |
---|---|
displayName |
Identifies a group based on its display name. |
id |
Identifies a group based on its ID. |
members |
Provides a list of users associated with the group. |
Below are the PAM360 SCIM APIs for the Group endpoint:
2.1 Get Details of a Group
Description
To get the details of a group added to PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups/{groupId}
HTTP Method
GET
Sample Request
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups/1202
Sample Response
{
"displayName": "Group4",
"meta": {
"created": "2024-01-30 14:01:08.461",
"location": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups/1202",
"resourceType": "Group"
},
"members": [
{
"value": 9,
"$ref": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/9"
},
{
"value": 301,
"$ref": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/301"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"id": 1202
}
2.2 Get Details of All Groups
Description
To get the details of all the groups added to PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups
HTTP Method
GET
Query Syntax
Utilize SCIM endpoints for querying groups based on attributes. Each query includes an operator, attribute, and attribute value in this format:
<baseURL>/scim/groups?filter=<attribute> <operator> "<attributeValue>"
Supported Attributes
Attributes | Description |
---|---|
displayName |
Identifies a group based on its display name. |
Supported Operators
Operators | Definitions |
---|---|
eq |
equals |
sw |
starts with |
co |
contains |
ew |
ends with |
Sample Request
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups
For Querying,
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups?filter=displayName eq "group1"
For Pagination,
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups?startIndex=1&count=50
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups?startIndex=51&count=50
For combining Querying and Pagination,
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups?filter=displayName eq "group1"&startIndex=1&count=50
Sample Response
{
"totalResults": 7,
"startIndex": 6,
"itemsPerPage": 2,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"Resources": [
{
"displayName": "Group4",
"meta": {
"created": "2024-01-30 14:01:08.461",
"location": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups/1202",
"resourceType": "Group"
},
"members": [
{
"value": 301,
"$ref": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/301"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"id": 1202
},
{
"displayName": "john",
"meta": {
"created": "2024-01-31 18:13:30.024",
"location": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups/1501",
"resourceType": "Group"
},
"members": [
{
"value": 9,
"$ref": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/9"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"id": 1501
}
]
}
2.3 Create a Group
Description
To add a group to PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups
HTTP Method
POST
Sample Request
{
"displayName": "Group14",
"meta": {
"created": "2024-01-30 14:01:08.461",
"resourceType": "Group"
},
"members": [
{
"value": 9,
"$ref": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/9"
},
{
"value": 301,
"$ref": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/301"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
]
}
Sample Response
{
"displayName": "Group14",
"meta": {
"created": "2024-01-30 14:01:08.461",
"location": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups/2101",
"resourceType": "Group"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"members": [
{
"value": 9,
"$ref": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/9"
},
{
"value": 301,
"$ref": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/301"
}
],
"id": 2101
}
2.4 Update Group Details
Description
To update the details of the group added in PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups/{groupId}
HTTP Method
PUT
Sample Request
{
[
"displayName": "Group24",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"members": [
{
"value": 9,
"$ref": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/9"
},
{
"value": 2,
"$ref": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/2"
}
]
}
Sample Response
{
"displayName": "Group24",
"meta": {
"created": "2024-01-30 14:01:08.461",
"location": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups/1202",
"resourceType": "Group"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"members": [
{
"value": 9,
"$ref": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/9"
},
{
"value": 2,
"$ref": "https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Users/2"
}
],
"id": 1202
}
2.5 Patch Group
Description
To update a detail of the group added to PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups/{groupId}
HTTP Method
PATCH
Sample Request
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "Replace",
"path": "displayName",
"value": "Group4"
},
{
"op": "Add",
"path": "members",
"value": [
{
"value": "1504"
}
]
},
{
"op": "Remove",
"path": "members",
"value": [
{
"value": "1501"
},
{
"value": "1502"
}
]
}
]
}
Sample Response
Upon successful update, you will receive the HTTP Status code 204.
2.6 Delete Group
Description
To delete a group from PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups/{groupId}
HTTP Method
DELETE
Sample Request
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Groups/2101
Sample Response
Upon successful deletion, you will receive the HTTP Status code 204.
3. SCIM Configuration
Below are the PAM360 SCIM APIs for the ServiceProviderConfig, Schemas, and ResourceTypes endpoints:
3.1 ServiceProviderConfig
Description
To get all the details of SCIM implementation in PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/ServiceProviderConfig
HTTP Method
GET
Sample Request
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/ServiceProviderConfig
Sample Response
{
"patch": {
"supported": true
},
"filter": {
"maxResults": 0,
"supported": true
},
"documentationUri": "https://www.manageengine.com/privileged-access-management/help/scim-config.html",
"authenticationSchemes": [
{
"documentationUri": "https://www.manageengine.com/privileged-access-management/help/scim-config.html",
"name": "API Token",
"description": "Authentication scheme using the API Token",
"type": "apitoken",
"primary": true
},
{
"documentationUri": "https://www.manageengine.com/privileged-access-management/help/scim-config.html",
"name": "OAuth Bearer Token",
"description": "Authentication scheme using the OAuth Bearer Token Standard",
"type": "oauthbearertoken",
"primary": false
}
],
"meta": {
"location": "/ServiceProviderConfig",
"resourceType": "ServiceProviderConfig"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"
],
"etag": {
"supported": false
},
"sort": {
"supported": false
},
"bulk": {
"maxPayloadSize": 0,
"maxOperations": 0,
"supported": false
},
"changePassword": {
"supported": false
}
}
3.2 Schemas
3.2.1 Get a Schema
Description
To get a schema using its ID.
URL
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Schemas/{schemaId}
HTTP Method
GET
Sample Request
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:Group
Sample Response
{
"meta": {
"location": "Schemas/urn:ietf:params:scim:schemas:core:2.0:Group",
"resourceType": "Schema"
},
"name": "Group",
"description": "Group",
"attributes": [
{
"uniqueness": "none",
"name": "displayName",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "members",
"mutability": "readWrite",
"type": "complex",
"multiValued": true,
"returned": "default",
"required": false,
"subAttributes": [
{
"uniqueness": "none",
"name": "value",
"description": "Identifier of the member of this Group.",
"mutability": "immutable",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"uniqueness": "none",
"name": "$ref",
"description": "Location of the member of this Group.",
"mutability": "immutable",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
}
]
}
],
"id": "urn:ietf:params:scim:schemas:core:2.0:Group"
}
3.2.2 Get All Schemas
Description
To get all the schemas implemented and the supported params in PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Schemas
HTTP Method
GET
Sample Request
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/Schemas
Sample Response
{
"startIndex": 1,
"totalResults": 3,
"itemsPerPage": 100,
"Resources": [
{
"meta": {
"location": "/Schemas/urn:ietf:params:scim:schemas:core:2.0:User",
"resourceType": "Schema"
},
"name": "User",
"description": "User Account",
"attributes": [
{
"uniqueness": "server",
"name": "userName",
"mutability": "immutable",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": true
},
{
"uniqueness": "none",
"name": "name",
"mutability": "readWrite",
"type": "complex",
"multiValued": false,
"returned": "default",
"required": false,
"subAttributes": [
{
"uniqueness": "none",
"name": "familyName",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"uniqueness": "none",
"name": "givenName",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
}
]
},
{
"name": "active",
"mutability": "readWrite",
"type": "boolean",
"multiValued": false,
"returned": "default",
"required": false
},
{
"uniqueness": "none",
"name": "password",
"mutability": "writeOnly",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "never",
"required": false
},
{
"uniqueness": "none",
"name": "emails",
"mutability": "readWrite",
"type": "complex",
"multiValued": true,
"returned": "default",
"required": false,
"subAttributes": [
{
"uniqueness": "none",
"name": "value",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"uniqueness": "none",
"name": "type",
"canonicalValues": [
"work"
],
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "primary",
"mutability": "readWrite",
"type": "boolean",
"multiValued": false,
"returned": "default",
"required": false
}
]
},
{
"name": "roles",
"description": "A list of roles for the User that collectively represent who the User is, e.g., 'Password User', 'Administrator'.",
"mutability": "readWrite",
"type": "complex",
"multiValued": true,
"returned": "default",
"required": false,
"subAttributes": [
{
"uniqueness": "none",
"name": "value",
"description": "The value of a role.",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"uniqueness": "none",
"name": "display",
"description": "A human-readable name, primarily used for display purposes. READ-ONLY.",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"uniqueness": "none",
"name": "type",
"description": "A label indicating the attribute's function.",
"canonicalValues": [],
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "primary",
"description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute. The primary attribute value 'true' MUST appear no more than once.",
"mutability": "readWrite",
"type": "boolean",
"multiValued": false,
"returned": "default",
"required": false
}
]
}
],
"id": "urn:ietf:params:scim:schemas:core:2.0:User"
},
{
"meta": {
"location": "Schemas/urn:ietf:params:scim:schemas:core:2.0:Group",
"resourceType": "Schema"
},
"name": "Group",
"description": "Group",
"attributes": [
{
"uniqueness": "none",
"name": "displayName",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "members",
"mutability": "readWrite",
"type": "complex",
"multiValued": true,
"returned": "default",
"required": false,
"subAttributes": [
{
"uniqueness": "none",
"name": "value",
"description": "Identifier of the member of this Group.",
"mutability": "immutable",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"uniqueness": "none",
"name": "$ref",
"description": "Location of the member of this Group.",
"mutability": "immutable",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
}
]
}
],
"id": "urn:ietf:params:scim:schemas:core:2.0:Group"
},
{
"meta": {
"location": "Schemas/urn:ietf:params:scim:schemas:extension:pam360_domain:2.0:User",
"resourceType": "Schema"
},
"name": "Domain",
"description": "Domain of the User in case of AD, LDAP or Entra ID.",
"attributes": [
{
"uniqueness": "none",
"name": "userType",
"canonicalValues": [
"0",
"1",
"2",
"3"
],
"mutability": "immutable",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"uniqueness": "none",
"name": "domain",
"mutability": "immutable",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
}
],
"id": "urn:ietf:params:scim:schemas:extension:pam360_domain:2.0:User"
}
]
}
3.3 ResourceTypes
3.3.1 Get a Resource Type
Description
To get the details of a SCIM resource implemented in PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/ResourceTypes/{typeId}
HTTP Method
GET
Sample Request
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/ResourceTypes/Group
Sample Response
{
"schema": "urn:ietf:params:scim:schemas:core:2.0:Group",
"endpoint": "/Groups",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
],
"name": "Group",
"description": "Group",
"id": "Group"
}
3.3.2 Get all Resource Types
Description
To get the details of all the SCIM resources implemented in PAM360.
URL
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/ResourceTypes
HTTP Method
GET
Sample Request
https://<Host-Name-of-PAM360-Server OR IP address>:<Port>/scim/v2/ResourceTypes
Sample Response
{
"totalResults": 2,
"startIndex": 1,
"itemsPerPage": 100,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"Resources": [
{
"schema": "urn:ietf:params:scim:schemas:core:2.0:User",
"endpoint": "/Users",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
],
"name": "User",
"description": "User Account",
"id": "User"
},
{
"schema": "urn:ietf:params:scim:schemas:core:2.0:Group",
"endpoint": "/Groups",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
],
"name": "Group",
"description": "Group",
"id": "Group"
}
]
}