Accessing the SCIM api

I created an identity just to access the SCIM API. I have given it both user rights for SCIM and to the REST api. When I attempt to execute a call to either the SCIM or rest I get a 401 not authorized. Is there additonal rights I need to add to the user past these two?

SCIM Executor
WebServices Executor

This is the endpoint I am trying to connect to.
https://:8443/identityiq/scim/v2/list

I am running identityiq 8.1

Postman response:
{“schemas”:[“urn:ietf:params:scim:api:messages:2.0:Error”],“detail”:“User does not have access.”,“status”:“401”}

Also is there a logfile that collects the errors for the SCIM and REST api’s? I didn’t see anything int he log directory on tomcat.

I tested in my local sandbox by giving these same 2 Capabilities to an identity, and I can query the SCIM APIs just fine (I tested with GET http://localhost:8080/identityiq_82/scim/v2/Users). It seems like the endpoint you are calling is not valid: https://:8443/identityiq/scim/v2/list

Check the list of valid IdentityIQ API endpoints: IdentityIQ API | SailPoint Developer Community

I removed the servername I updated the call matching yours.

https://d2lg12535.dev-resource.iam.hpecorp.net:8443/identityiq/scim/v2/Users

{

"schemas": [

    "urn:ietf:params:scim:api:messages:2.0:Error"

],

"detail": "User does not have access.",

"status": "401"

}

The ReadScimUser SPRight is required to make this call. By default, this is included in the SCIMExecutor Capability. You might want to verify that this is still the case. If that still doesn’t work, then it’s possible that the session you’re using to make the SCIM query timed out and is no longer authorized. If neither of those options pan out, enable tracing on the sailpoint.web.Authorizer class to verify that whatever is getting passed into the hasAccess() method is as expected.

Are you using basic auth, or client credentials (oauth)?

Have you tried removing the user from the workgroup, and just assigning those two capabilities directly?

I was trying to use the auth headers I switched it to basic auth and removed the header. Its working now.

Excellent - glad to hear it!

Anusha is out today but Samuel has offered to walk you through the ITG deployment. Scheduling a 2 hour call just in case there are a lot of questions.

Anusha is out today but Samuel has offered to walk you through the ITG deployment. Scheduling a 2 hour call just in case there are a lot of questions.