SCIM Server API Overview

This API has been available since 1.36.0

This page contains all of the APIs for managing Users and Groups using SCIM requests. See our overview of FusionAuth’s support for the SCIM specification for more details.

FusionAuth supported SCIM Resource API endpoints

FusionAuth supported Service Provider Configuration endpoints:

Authentication

In order to use the authenticated FusionAuth SCIM API endpoints, you must create a SCIM client entity and execute the Client Credentials authorization workflow. Default Entity Types are provided for you with permission configurations for each individual endpoint. A SCIM Client must use credentials for a SCIM Client Entity and that Entity must have the corresponding permission for that endpoint enabled.

SCIM Error Responses

All error responses from From FusionAuth SCIM API endpoints will be returned in SCIM compliant schema.

Example SCIM error response JSON

{
  "detail": "[UnauthorizedException] Your supplied token is not authorized to make this SCIM request.",
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:Error"
  ],
  "status": "401"
}

In addition, FusionAuth will append additional error data when available with a SCIM schema extension.

Example SCIM Error Response JSON with FusionAuth custom extension schema

{
  "detail": "Request failed, see errors for additional details.",
  "schemas": [
    "urn:ietf:params:scim:schemas:extension:fusionauth:2.0:Error",
    "urn:ietf:params:scim:api:messages:2.0:Error"
  ],
  "status": "400",
  "urn:ietf:params:scim:schemas:extension:fusionauth:2.0:Error": {
    "fieldErrors": {
      "user.username": [
        {
          "code": "[duplicate]user.username",
          "message": "A User with username = [johnny123] already exists."
        }
      ]
    },
    "generalErrors": [
      {
        "code": "[invalid]",
        "message": "Your JSON was invalid"
      }
    ]
  }
}

Feedback

How helpful was this page?

See a problem?

File an issue in our docs repo