Filter users by entitlement - SCIM API

Hi, is it possible to filter users by entitlement? I’d like to get an entitlement’s membership.

Here is the filter I tried:

http://localhost:8080/identityiq/scim/v2/Users?filter=urn:ietf:params:scim:schemas:sailpoint:1.0:User:entitlements.display eq "GROUP_A"

but I’m getting the following error :

    "schemas": [
    "scimType": "invalidFilter",
    "detail": "Invalid filter, attribute does not support search: urn:ietf:params:scim:schemas:sailpoint:1.0:User:entitlements.display",
    "status": "400"

Is there a different endpoint/filter that would let me filter by entitlement’s name or display?


Did you ever figure out an alternate solution for this?

Hi Rachael

I ended up creating a custom endpoint to get the desired data. I used the following filter.

ManagedAttribute ent = context.getObjectById(ManagedAttribute.class, id);

Filter filterEntitlement = Filter.and(Filter.and(Filter.eq("", "YOUR_APP"),
										Filter.eq("name", "memberOf"), 
										Filter.eq("aggregationState", AggregationState.Connected),
										Filter.eq("value", ent.getValue())));

			Filter filter = Filter.collectionCondition("identityEntitlements", filterEntitlement);
			QueryOptions qo = new QueryOptions();

			List<Identity> ids = context.getObjects(Identity.class, qo);