scim2 (1.0)

Download OpenAPI specification:Download

Authentication

Bearer

Security Scheme Type	HTTP
HTTP Authorization Scheme	bearer

Patch Group

Service allows to add a user to a group or remove a user from a group. The ID is the fully qualified path of the group including the mesh UUID scope.

Be careful - invoking this endpoint to remove members, and empty array would lead to completey remove all members from the underlying group.

path Parameters

id

required

string

Example: {2819c223-7f76-453a-919d-413861904646}tenant:tenant1/employee

Fully qualified path of the group.

header Parameters

x-thing-it-customer

required

string

OID of the customer.

Request Body schema:
application/json

schemas required	Array of strings Items Value: "urn:ietf:params:scim:api:messages:2.0:PatchOp"
	Array of objects (Operation) [ items ]

Responses

Request samples

Payload

Content type

application/json

Example

Adds Jane Doe to Employee role

{"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [{"op": "add",
"path": "members",
"value": [{"display": "Jane Doe",
"value": "5ae9c4854777da52feaeb31a"
}
]
}
]
}

Response samples

Content type

application/json

Example

Role Employee of Tenant 1 with Jane Doe

{"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"
],
"id": "{2819c223-7f76-453a-919d-413861904646}tenant:tenant1/employee",
"displayName": "Employee",
"members": [{"display": "John Doe",
"value": "5ad491db5b51b69b8e54c25c"
},
{"display": "Jane Doe",
"value": "5ae9c4854777da52feaeb31a"
}
]
}

Fetch Group

Service returns a group by ID where the ID corresponds to the fully qualified path of a Thing-it participant including the mesh UUID scope.

Members from different customers are listed too, if the requesting user is entitled for the group (MesOperator, MeshDesigner, TenantAdministrator, CustomerAdministrator, UserManagement).

A participant in Thing-it can be role, organization or an department.

Organizations can be nested.

Organizations can be scoped. A deparment is an instances of a scoped organization (e.g. Tenant A is an instance of the scoped organization Tenant).

Roles can be defined on top level, under an organization or department. Roles defined for a scoped organization are inheritted to each instance of an department. Departments can define additional dedicated roles.

path Parameters

id

required

string

Example: {2819c223-7f76-453a-919d-413861904646}tenant:tenant1/employee

Fully qualified path of the group.

query Parameters

excludedAttributes

string

Mainly used to retrieve groups without members.

header Parameters

x-thing-it-customer

required

string

OID of the customer.

Responses

Response samples

Content type

application/json

{"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"
],
"id": "{2819c223-7f76-453a-919d-413861904646}tenant:tenant1/employee",
"displayName": "Employee",
"members": [{"display": "John Doe",
"value": "5ad491db5b51b69b8e54c25c"
}
]
}

Delete User

Service deletes the user which corresponds to a full anonymization of the user in Thing-it including user related information.

This is only possible for users of the same customer. If a user cannot be deleted due to an 403 error, it has to be removed from a Group via PATCH service on Groups resource accordingly.

path Parameters

id

required

string

Example: 5ad491db5b51b69b8e54c25c

OID of the user.

header Parameters

x-thing-it-customer

string

OID of the customer.

Responses

Response samples

400
401
403
404
500

Content type

application/json

{"schemas": ["urn:ietf:params:scim:api:messages:2.0:Error"
],
"scimType": "string",
"detail": "string",
"status": "string"
}

Fetch User

Service returns a user by ID where the ID corresponds to the Thing-it UUID of a user.

If the x-thing-it-mesh header is available, the list of groups a user belongs to is limited to the specified mesh.

Only those groups are considered to which the requesting user is entitled for (MesOperator, MeshDesigner, TenantAdministrator, CustomerAdministrator, UserManagement).

path Parameters

id

required

string

Example: 5ad491db5b51b69b8e54c25c

OID of the user.

query Parameters

attributes

string

Comma separated list of attribute to be considered.

header Parameters

x-thing-it-customer

string

OID of the customer.

Responses

Response samples

Content type

application/json

{"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "5ad491db5b51b69b8e54c25c",
"userName": "john.doe@thing-it.com",
"name": {"givenName": "John",
"familyName": "Doe"
},
"displayName": "John Doe",
"active": true,
"emails": [{"value": "john.doe@thing-it.com",
"type": "work",
"primary": true
}
],
"phoneNumbers": [{"value": "08154711",
"type": "work"
}
],
"groups": [{"display": "Employee",
"value": "{2819c223-7f76-453a-919d-413861904646}tenant:tenant1/employee"
}
],
"roles": ["CustomerAdministrator"
]
}

Update User (Partial)

Service allows to update a user. At this point only updates on name, displayName, title, active, phoneNumbers and enterprise attribute are supported.

Adding a user to a certain group or removing the user form it has to be done via /groups (PATCH) endpoint.

path Parameters

id

required

string

Example: 5ad491db5b51b69b8e54c25c

OID of the user.

header Parameters

x-thing-it-customer required	string OID of the customer.
x-thing-it-mesh	string OID of the mesh.

Request Body schema: application/json

schemas required	Array of strings Items Value: "urn:ietf:params:scim:api:messages:2.0:PatchOp"
	Array of objects (Operation) [ items ]

Responses

Request samples

Payload

Content type

application/json

{"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [{"op": "add",
"path": "groups",
"value": [{"display": "Employee",
"value": "{2819c223-7f76-453a-919d-413861904646}tenant:tenant1/teamLead"
}
]
}
]
}

Response samples

Content type

application/json

{"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "5ad491db5b51b69b8e54c25c",
"userName": "john.doe@thing-it.com",
"name": {"givenName": "John",
"familyName": "Doe"
},
"displayName": "John Doe",
"active": true,
"emails": [{"value": "john.doe@thing-it.com",
"type": "work",
"primary": true
}
],
"phoneNumbers": [{"value": "08154711",
"type": "work"
}
],
"groups": [{"display": "Employee",
"value": "{2819c223-7f76-453a-919d-413861904646}tenant:tenant1:employee"
},
{"display": "Team Lead",
"value": "{2819c223-7f76-453a-919d-413861904646}tenant:tenant1/teamLead"
}
],
"roles": ["CustomerAdministrator"
]
}

Update User (Complete)

Service allows to update the basic attributes if an user. Roles and groups excluded.

path Parameters

id

required

string

Example: 5ad491db5b51b69b8e54c25c

OID of the user.

header Parameters

X-Thing-it-Customer	string OID of the customer.
x-thing-it-mesh	string OID of the mesh.

Request Body schema: application/json

schemas	Array of strings Items Enum: "urn:ietf:params:scim:schemas:core:2.0:User" "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
userName required	string Maps to account in Thing-it.
	object
displayName	string Maps to alias in Thing-it.
title	string Maps to title in Thing-it.
active	boolean Maps to validTo in Thing-it.
	Array of objects[ items ] Maps to email in Thing-it. Only the first email is taken.
	Array of objects[ items ] Maps to publicCommunicationData.cellPhone in Thing-it. Only the first phone number is taken.
roles	Array of strings
	object (EnterpriseUser)
externalId	string
	object (Meta)

Responses

Request samples

Payload

Content type

application/json

{"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "john.doe@thing-it.com",
"externalId": "48698854-a2b4-41a5-ae70-da955c9f70ae",
"name": {"givenName": "John",
"familyName": "Doe"
},
"displayName": "John Doe",
"active": true,
"emails": [{"value": "john.doe@thing-it.com",
"type": "work",
"primary": true
}
],
"phoneNumbers": [{"value": "08154711",
"type": "work"
}
]
}

Response samples

200

Content type

application/json

{"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "5ad491db5b51b69b8e54c25c",
"userName": "john.doe@thing-it.com",
"name": {"givenName": "John",
"familyName": "Doe"
},
"displayName": "John Doe",
"active": true,
"emails": [{"value": "john.doe@thing-it.com",
"type": "work",
"primary": true
}
],
"phoneNumbers": [{"value": "08154711",
"type": "work"
}
],
"groups": [{"display": "Employee",
"value": "{2819c223-7f76-453a-919d-413861904646}tenant:tenant1:employee"
},
{"display": "Team Lead",
"value": "{2819c223-7f76-453a-919d-413861904646}tenant:tenant1/teamLead"
}
],
"roles": ["CustomerAdministrator"
]
}

Fetch Groups

Service returns groups for all meshes of a customer.

Members from different customers are listed too, if the requesting user is entitled for the group (MesOperator, MeshDesigner, TenantAdministrator, CustomerAdministrator, UserManagement).

If the x-thing-it-mesh header is available, only groups of specified mesh are considered.

query Parameters

filter	string
excludedAttributes	string Mainly used to retrieve groups without members.

header Parameters

x-thing-it-customer required	string OID of the customer.
x-thing-it-mesh	string OID of the mesh.

Responses

Response samples

200
400
401
403
500

Content type

application/json

{"schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 2,
"Resources": [{"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "{2819c223-7f76-453a-919d-413861904646}tenant:tenant1/employee",
"displayName": "Employee",
"members": [{"display": "John Doe",
"value": "5ad491db5b51b69b8e54c25c"
}
]
},
{"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "{2819c223-7f76-453a-919d-413861904646}tenant:tenant2/employee",
"displayName": "Employee",
"members": [{"display": "Jane Doe",
"value": "5ae9c4854777da52feaeb31a"
}
]
}
]
}

Fetch Users

Service returns all users of a customer. The requesting user has to be in the role CustomerAdministrator.

If the x-thing-it-mesh header is available, the list of groups a user belongs to is limited to the specified mesh.

Only those groups are considered to which the requesting user is entitled for (MesOperator, MeshDesigner, TenantAdministrator, CustomerAdministrator, UserManagement).

query Parameters

filter	string
attributes	string Comma separated list of attribute to be considered.

header Parameters

X-Thing-it-Customer

string

Responses

Response samples

200
400
401
403
500

Content type

application/json

{"schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 2,
"Resources": [{"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "string",
"displayName": "John Doe",
"groups": [{"display": "tenant:tenant1/employeeloyee",
"value": "{2819c223-7f76-453a-919d-413861904646}tenant:tenant1/employee"
},
{"display": "tenant:tenant1/teamLead",
"value": "{2819c223-7f76-453a-919d-413861904646}tenant:tenant1/teamLead"
}
]
},
{"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "string",
"displayName": "Jane Doe",
"groups": [{"display": "tenant:tenant1/employee",
"value": "{2819c223-7f76-453a-919d-413861904646}tenant:tenant1/employee"
}
]
}
]
}

createUser

Service allows to create users in Thing-it. Roles and groups excluded.

header Parameters

X-Thing-it-Customer

string

Request Body schema: application/json

schemas	Array of strings Items Enum: "urn:ietf:params:scim:schemas:core:2.0:User" "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
userName required	string Maps to account in Thing-it.
	object
displayName	string Maps to alias in Thing-it.
title	string Maps to title in Thing-it.
active	boolean Maps to validTo in Thing-it.
	Array of objects[ items ] Maps to email in Thing-it. Only the first email is taken.
	Array of objects[ items ] Maps to publicCommunicationData.cellPhone in Thing-it. Only the first phone number is taken.
roles	Array of strings
	object (EnterpriseUser)
externalId	string
	object (Meta)

Responses

Request samples

Payload

Content type

application/json

{"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "string",
"name": {"givenName": "string",
"familyName": "string"
},
"displayName": "string",
"title": "string",
"active": true,
"emails": [{"value": "string",
"type": "string",
"primary": true
}
],
"phoneNumbers": [{"value": "string",
"type": "string"
}
],
"roles": ["string"
],
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {"employeeNumber": "string",
"department": "string",
"costCenter": "string"
},
"externalId": "string",
"meta": {"resourceType": "User",
"created": "2019-08-24T14:15:22Z",
"lastModified": "2019-08-24T14:15:22Z",
"version": "string",
"location": "http://example.com"
}
}

Response samples

Content type

application/json

{"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"
],
"id": "string",
"userName": "string",
"name": {"givenName": "string",
"familyName": "string"
},
"displayName": "string",
"title": "string",
"active": true,
"emails": [{"value": "string",
"type": "string",
"primary": true
}
],
"phoneNumbers": [{"value": "string",
"type": "string"
}
],
"groups": [{"display": "string",
"value": "string"
}
],
"roles": ["string"
],
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {"employeeNumber": "string",
"department": "string",
"costCenter": "string"
},
"externalId": "string",
"meta": {"resourceType": "User",
"created": "2019-08-24T14:15:22Z",
"lastModified": "2019-08-24T14:15:22Z",
"version": "string",
"location": "http://example.com"
}
}

Fetch Schemas

Responses

Response samples

200

Content type

application/json

{"schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 0,
"Resources": [{"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"
],
"id": "string",
"displayName": "string",
"members": [{"display": "string",
"value": "string"
}
]
}
]
}

Fetch Service Provider Config

Responses

Response samples

200

Content type

application/json

{"schemas": [{ }
],
"documentationUri": "string",
"authenticationSchemes": [{"type": "string",
"name": "string",
"description": "string",
"specUri": "string",
"documentationUri": "string",
"primary": true
}
],
"patch": {"supported": true
},
"bulk": {"supported": true,
"maxOperations": 0,
"maxPayloadSize": 0
},
"filter": {"supported": true,
"maxResults": 0
},
"changePassword": {"supported": true
},
"sort": {"supported": true
},
"etag": {"supported": true
}
}

scim2 (1.0)

Authentication

Bearer

Patch Group

path Parameters

header Parameters

Request Body schema: application/jsonapplication/xmlapplication/json

Responses

Request samples

Response samples

Fetch Group

path Parameters

query Parameters

header Parameters

Responses

Response samples

Delete User

path Parameters

header Parameters

Responses

Response samples

Fetch User

path Parameters

query Parameters

header Parameters

Responses

Response samples

Update User (Partial)

path Parameters

header Parameters

Request Body schema: application/json

Responses

Request samples

Response samples

Update User (Complete)

path Parameters

header Parameters

Request Body schema: application/json

Responses

Request samples

Response samples

Fetch Groups

query Parameters

header Parameters

Responses

Response samples

Fetch Users

query Parameters

header Parameters

Responses

Response samples

createUser

header Parameters

Request Body schema: application/json

Responses

Request samples

Response samples

Fetch Schemas

Responses

Response samples

Fetch Service Provider Config

Responses

Response samples

Request Body schema:
application/json