Overview

FusionAuth Reactor logo

This feature is only available in the Enterprise plan. Please visit our pricing page to learn more.

SCIM Server API Overview

This API has been available since 1.36.0

This page contains all of the APIs for managing Users and Groups using SCIM requests. See our overview of FusionAuth’s support for the SCIM specification for more details.

FusionAuth supported SCIM Resource API endpoints

FusionAuth supported Service Provider Configuration endpoints:

Authentication

In order to use the authenticated FusionAuth SCIM API endpoints, you must create a SCIM client entity and execute the Client Credentials authorization workflow. Default Entity Types are provided for you with permission configurations for each individual endpoint. A SCIM Client must use credentials for a SCIM Client Entity and that Entity must have the corresponding permission for that endpoint enabled.

SCIM Error Responses

All error responses from FusionAuth SCIM API endpoints will be returned using the SCIM urn:ietf:params:scim:api:messages:2.0:Error schema as defined by RFC 7644 Section 3.12.

Example SCIM error response

{
  "detail": "[UnauthorizedException] Your supplied token is not authorized to make this SCIM request.",
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:Error"
  ],
  "status": "401"
}

When applicable, additional error details will be provided using the urn:ietf:params:scim:schemas:extension:fusionauth:2.0:Error SCIM schema extension.

Example SCIM Error Response with FusionAuth custom extension schema

{
  "detail": "Request failed, see errors for additional details.",
  "schemas": [
    "urn:ietf:params:scim:schemas:extension:fusionauth:2.0:Error",
    "urn:ietf:params:scim:api:messages:2.0:Error"
  ],
  "status": "400",
  "urn:ietf:params:scim:schemas:extension:fusionauth:2.0:Error": {
    "fieldErrors": {
      "user.username": [
        {
          "code": "[duplicate]user.username",
          "message": "A User with username = [johnny123] already exists."
        }
      ]
    },
    "generalErrors": [
      {
        "code": "[invalid]",
        "message": "Your JSON was invalid"
      }
    ]
  }
}