SCIM EnterpriseUser APIs
Overview
This page contains all of the APIs for managing Users through SCIM EnterpriseUser requests.
Create an EnterpriseUser
This API is used to create a new FusionAuth User from a SCIM request
Request
Create an EnterpriseUser from a SCIM request
POST /api/scim/resource/v2/EnterpriseUsers
Where my field definitions at!?!
Because the SCIM specification allows for customization of the schemas using extensions, there is no way to accurately document all the JSON structure possibilities.
The following is just an example of a typical SCIM EnterpriseUser request body a SCIM client might send. However, your incoming request lambda must map these values to populate the FusionAuth User. A default lambda is provided for you that would handle a request like this example.
This is taken from the SCIM Schema RFC describing a SCIM EnterpriseUser schema. For the full specification you can find the RFC.
Example Request Body
{
"active": true,
"emails":[
{
"value":"example@fusionauth.io",
"type":"work",
"primary": true
}
],
"externalId":"cc6714c6-286c-411c-a6bc-ee413cda1dbc",
"name":{
"familyName": "Doe",
"formatted": "John Doe",
"givenName": "John",
"honorificPrefix": "Mr.",
"honorificSuffix": "III",
"middleName": "William"
},
"password": "supersecret",
"phoneNumbers":[
{
"primary": true,
"type":"mobile",
"value":"303-555-1234"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"costCenter": "123",
"department": "",
"division": "R&D",
"employeeNumber": "42",
"manager": {
"displayName": "Bob",
"$ref": "https://login.piedpiper.com/api/scim/resource/v2/EnterpriseUsers/550f49a9-7697-4e73-95e6-08b50a864b03",
"value": "550f49a9-7697-4e73-95e6-08b50a864b03"
}
},
"userName":"johnny123"
}Response
The response for this API contains the User that was just created in SCIM schema format.
| Code | Description |
|---|---|
200 |
The request was successful. The response will contain a JSON body. |
400 |
The request was invalid and/or malformed. The response will contain a SCIM Error JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
401 |
You did not supply a valid JWT in your Authorization header. The response will be empty. Ensure you’ve correctly set up Entities and performed a Client Credentials grant. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
503 |
The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body. |
504 |
One or more Webhook endpoints returned an invalid response or were unreachable. Based on the transaction configuration for this event your action cannot be completed. A stack trace is provided and logged in the FusionAuth log files. |
For FusionAuth SCIM endpoints, any error responses will be returned in standard SCIM schema. See more details in the SCIM API Overview.
Where my field definitions at!?!
Because the SCIM specification allows for customization of the schemas using extensions, there is no way to accurately document all the JSON structure possibilities.
The following is just an example of a typical SCIM EnterpriseUser response body a SCIM client might send. However, your incoming request lambda must map these values to populate the FusionAuth User. A default lambda is provided for you that would handle a response like this example.
This is taken from the SCIM Schema RFC describing a SCIM EnterpriseUser schema. For the full specification you can find the RFC.
Example Response Body
{
"active": true,
"emails":[
{
"primary": true,
"type":"work",
"value":"example@fusionauth.io"
}
],
"externalId":"cc6714c6-286c-411c-a6bc-ee413cda1dbc",
"id": "2819c223-7f76-453a-919d-413861904600",
"meta" : {
"created" : "2022-04-12T21:59:23.279Z",
"lastModified" : "2022-04-12T21:59:23.279Z",
"location" : "https://piedpiper.com/api/scim/resource/v2/EnterpriseUsers/550f49a9-7697-4e73-95e6-08b50a864b03",
"resourceType" : "EnterpriseUser"
},
"name":{
"familyName": "Doe",
"formatted": "John Doe",
"givenName": "John",
"honorificPrefix": "Mr.",
"honorificSuffix": "III",
"middleName": "William"
},
"phoneNumbers":[
{
"primary": true,
"type":"mobile",
"value":"303-555-1234"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"division": "R&D",
"employeeNumber": "42",
"manager": {
"displayName": "Bob",
"$ref": "https://login.piedpiper.com/api/scim/resource/v2/EnterpriseUsers/550f49a9-7697-4e73-95e6-08b50a864b03",
"value": "550f49a9-7697-4e73-95e6-08b50a864b03"
}
},
"userName":"johnny123"
}Delete an EnterpriseUser
This API is used to hard delete a FusionAuth User through a SCIM request. You must specify the Id of the User on the URI.
The data of a User who has been hard deleted is permanently removed from FusionAuth. The User’s data cannot be restored via the FusionAuth API or the administrative user interface. If you need to restore the User’s data, you must retrieve it from a database backup.
Request
Delete an EnterpriseUser through a SCIM request
DELETE /api/scim/resource/v2/EnterpriseUsers/{userId}
Request Parameters
- userId [UUID] Optional
-
The FusionAuth unique User Id.
Response
This API does not return a JSON response body.
| Code | Description |
|---|---|
204 |
The request was successful. The response will be empty. |
400 |
The request was invalid and/or malformed. The response will contain a SCIM Error JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
401 |
You did not supply a valid JWT in your Authorization header. The response will be empty. Ensure you’ve correctly set up Entities and performed a Client Credentials grant. |
404 |
The object doesn’t exist. The response will be empty. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
503 |
The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body. |
504 |
One or more Webhook endpoints returned an invalid response or were unreachable. Based on the transaction configuration for this event your action cannot be completed. A stack trace is provided and logged in the FusionAuth log files. |
For FusionAuth SCIM endpoints, any error responses will be returned in standard SCIM schema. See more details in the SCIM API Overview.
Retrieve an EnterpriseUser
This API is used to retrieve a FusionAuth User in SCIM schema format through a SCIM request.
Request
Retrieves an EnterpriseUser through a SCIM request
GET /api/scim/resource/v2/EnterpriseUsers/{userId}
Request Parameters
- userId [UUID] Optional
-
The FusionAuth unique User Id.
Response
The response for this API contains the User in SCIM schema format.
| Code | Description |
|---|---|
200 |
The request was successful. The response will contain a JSON body. |
400 |
The request was invalid and/or malformed. The response will contain a SCIM Error JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
401 |
You did not supply a valid JWT in your Authorization header. The response will be empty. Ensure you’ve correctly set up Entities and performed a Client Credentials grant. |
404 |
The object doesn’t exist. The response will be empty. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
503 |
The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body. |
For FusionAuth SCIM endpoints, any error responses will be returned in standard SCIM schema. See more details in the SCIM API Overview.
Where my field definitions at!?!
Because the SCIM specification allows for customization of the schemas using extensions, there is no way to accurately document all the JSON structure possibilities.
The following is just an example of a typical SCIM EnterpriseUser response body a SCIM client might send. However, your incoming request lambda must map these values to populate the FusionAuth User. A default lambda is provided for you that would handle a response like this example.
This is taken from the SCIM Schema RFC describing a SCIM EnterpriseUser schema. For the full specification you can find the RFC.
Example Response Body
{
"active": true,
"emails":[
{
"primary": true,
"type":"work",
"value":"example@fusionauth.io"
}
],
"externalId":"cc6714c6-286c-411c-a6bc-ee413cda1dbc",
"id": "2819c223-7f76-453a-919d-413861904600",
"meta" : {
"created" : "2022-04-12T21:59:23.279Z",
"lastModified" : "2022-04-12T21:59:23.279Z",
"location" : "https://piedpiper.com/api/scim/resource/v2/EnterpriseUsers/550f49a9-7697-4e73-95e6-08b50a864b03",
"resourceType" : "EnterpriseUser"
},
"name":{
"familyName": "Doe",
"formatted": "John Doe",
"givenName": "John",
"honorificPrefix": "Mr.",
"honorificSuffix": "III",
"middleName": "William"
},
"phoneNumbers":[
{
"primary": true,
"type":"mobile",
"value":"303-555-1234"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"division": "R&D",
"employeeNumber": "42",
"manager": {
"displayName": "Bob",
"$ref": "https://login.piedpiper.com/api/scim/resource/v2/EnterpriseUsers/550f49a9-7697-4e73-95e6-08b50a864b03",
"value": "550f49a9-7697-4e73-95e6-08b50a864b03"
}
},
"userName":"johnny123"
}Update an EnterpriseUser
This API is used to update a new FusionAuth User from a SCIM request. The FusionAuth User will be overwritten by the data contained in the request. It is not a partial update or a patch.
Request
Updates an EnterpriseUser from a SCIM request
PUT /api/scim/resource/v2/EnterpriseUsers/{userId}
Request Parameters
- userId [UUID] Optional
-
The FusionAuth unique User Id.
Where my field definitions at!?!
Because the SCIM specification allows for customization of the schemas using extensions, there is no way to accurately document all the JSON structure possibilities.
The following is just an example of a typical SCIM EnterpriseUser request body a SCIM client might send. However, your incoming request lambda must map these values to populate the FusionAuth User. A default lambda is provided for you that would handle a request like this example.
This is taken from the SCIM Schema RFC describing a SCIM EnterpriseUser schema. For the full specification you can find the RFC.
Example Request Body
{
"active": true,
"emails":[
{
"value":"example@fusionauth.io",
"type":"work",
"primary": true
}
],
"externalId":"cc6714c6-286c-411c-a6bc-ee413cda1dbc",
"name":{
"familyName": "Doe",
"formatted": "John Doe",
"givenName": "John",
"honorificPrefix": "Mr.",
"honorificSuffix": "III",
"middleName": "William"
},
"password": "supersecret",
"phoneNumbers":[
{
"primary": true,
"type":"mobile",
"value":"303-555-1234"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"costCenter": "123",
"department": "",
"division": "R&D",
"employeeNumber": "42",
"manager": {
"displayName": "Bob",
"$ref": "https://login.piedpiper.com/api/scim/resource/v2/EnterpriseUsers/550f49a9-7697-4e73-95e6-08b50a864b03",
"value": "550f49a9-7697-4e73-95e6-08b50a864b03"
}
},
"userName":"johnny123"
}Response
The response for this API contains the User that was updated in SCIM schema format.
| Code | Description |
|---|---|
200 |
The request was successful. The response will contain a JSON body. |
400 |
The request was invalid and/or malformed. The response will contain a SCIM Error JSON Object with the specific errors. This status will also be returned if a paid FusionAuth license is required and is not present. |
401 |
You did not supply a valid JWT in your Authorization header. The response will be empty. Ensure you’ve correctly set up Entities and performed a Client Credentials grant. |
404 |
The object doesn’t exist. The response will be empty. |
500 |
There was an internal error. A stack trace is provided and logged in the FusionAuth log files. The response will be empty. |
503 |
The search index is not available or encountered an exception so the request cannot be completed. The response will contain a JSON body. |
504 |
One or more Webhook endpoints returned an invalid response or were unreachable. Based on the transaction configuration for this event your action cannot be completed. A stack trace is provided and logged in the FusionAuth log files. |
For SCIM endpoints, error responses will be returned in standard SCIM schema. See more details in the SCIM API Overview.
Where my field definitions at!?!
Because the SCIM specification allows for customization of the schemas using extensions, there is no way to accurately document all the JSON structure possibilities.
The following is just an example of a typical SCIM EnterpriseUser response body a SCIM client might send. However, your incoming request lambda must map these values to populate the FusionAuth User. A default lambda is provided for you that would handle a response like this example.
This is taken from the SCIM Schema RFC describing a SCIM EnterpriseUser schema. For the full specification you can find the RFC.
Example Response Body
{
"active": true,
"emails":[
{
"primary": true,
"type":"work",
"value":"example@fusionauth.io"
}
],
"externalId":"cc6714c6-286c-411c-a6bc-ee413cda1dbc",
"id": "2819c223-7f76-453a-919d-413861904600",
"meta" : {
"created" : "2022-04-12T21:59:23.279Z",
"lastModified" : "2022-04-12T21:59:23.279Z",
"location" : "https://piedpiper.com/api/scim/resource/v2/EnterpriseUsers/550f49a9-7697-4e73-95e6-08b50a864b03",
"resourceType" : "EnterpriseUser"
},
"name":{
"familyName": "Doe",
"formatted": "John Doe",
"givenName": "John",
"honorificPrefix": "Mr.",
"honorificSuffix": "III",
"middleName": "William"
},
"phoneNumbers":[
{
"primary": true,
"type":"mobile",
"value":"303-555-1234"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"division": "R&D",
"employeeNumber": "42",
"manager": {
"displayName": "Bob",
"$ref": "https://login.piedpiper.com/api/scim/resource/v2/EnterpriseUsers/550f49a9-7697-4e73-95e6-08b50a864b03",
"value": "550f49a9-7697-4e73-95e6-08b50a864b03"
}
},
"userName":"johnny123"
}