I’ve noticed that not all identity attributes are returned on the call to the /users endpoint of the scim api. For example, firstname and lastname are identity attributes on our instance but are not returned in a call to get a user. Also, it seems that these same attributes cannot be used to search for users on the endpoint. @derek_putnam, I know you’re a SCIM expert
I wish I was but alas, I am not.
With that said, @adam_creaney knows a thing or two about SCIM!
@kevinwoodbury
I suspect part of the problem is tied to the difference between IIQ nomenclature of certain attributes vs the SCIM spec definition of those same attributes (like name, email, etc.). Doing a SCIM search based on lastname would actually be a filter like this: filter=name.familyName eq "Arnefield"
.
In my sandbox (with totally random fake data, executing the following GET request: http://localhost:8080/iiq/scim/v2/Users?filter=name.familyName eq "Arnefield"
will find 2 users with that same last name:
{
"totalResults": 2,
"startIndex": 1,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"Resources": [
{
"urn:ietf:params:scim:schemas:sailpoint:1.0:User": {
"icc_empID": "002588",
"capabilities": [],
"lastRefresh": "2023-04-03T21:01:49.904Z",
"icc_startDate": "1/13/2008 0:0:0 AM UTC",
"icc_department": "Your Company",
"icc_jobCode": "ME",
"icc_empType": "Part Time Permanent",
"icc_state": "MI",
"icc_country": "US",
"administrator": {},
"icc_active": "Active",
"isManager": false,
"icc_userID": "harnefield",
"accounts": [
{
"displayName": "002588",
"value": "0a0a428587481246818748c3ef19098d",
"$ref": "http://localhost:8080/iiq/scim/v2/Accounts/0a0a428587481246818748c3ef19098d"
},
{
"displayName": "harnefield",
"value": "0a0a428587481246818748c7d6436587",
"$ref": "http://localhost:8080/iiq/scim/v2/Accounts/0a0a428587481246818748c7d6436587"
},
{
"displayName": "harnefield",
"value": "0a0a428587481246818748c86a250aa8",
"$ref": "http://localhost:8080/iiq/scim/v2/Accounts/0a0a428587481246818748c86a250aa8"
}
],
"riskScore": 250,
"icc_city": "Ti├¬n Phã░ß╗øc",
"icc_title": "Marketing Executive"
},
"emails": [
{
"type": "work",
"value": "[email protected]",
"primary": true
}
],
"displayName": "Arnefield, Hart",
"meta": {
"created": "2023-04-03T20:16:53.015Z",
"location": "http://localhost:8080/iiq/scim/v2/Users/0a0a428587481246818748c3ef17098b",
"lastModified": "2023-04-03T21:01:49.904Z",
"version": "W/\"1680555709904\"",
"resourceType": "User"
},
"schemas": [
"urn:ietf:params:scim:schemas:sailpoint:1.0:User",
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"name": {
"formatted": "Arnefield, Hart",
"familyName": "Arnefield",
"givenName": "Hart"
},
"active": true,
"id": "0a0a428587481246818748c3ef17098b",
"userType": "employee",
"userName": "002588",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"manager": {
"displayName": "Marusik, Clyve",
"value": "0a0a428587481246818748c3abfe00d2",
"$ref": "http://localhost:8080/iiq/scim/v2/Users/0a0a428587481246818748c3abfe00d2"
}
}
},
{
"urn:ietf:params:scim:schemas:sailpoint:1.0:User": {
"icc_empID": "002123",
"capabilities": [],
"lastRefresh": "2023-04-03T21:01:23.621Z",
"icc_startDate": "10/5/2015 0:0:0 AM UTC",
"icc_department": "QA Team",
"icc_jobCode": "DBE",
"icc_empType": "Part Time Contract",
"icc_state": "MT",
"icc_country": "US",
"administrator": {},
"icc_active": "Active",
"isManager": false,
"icc_userID": "tarnefield",
"accounts": [
{
"displayName": "002123",
"value": "0a0a428587481246818748c4baf12e81",
"$ref": "http://localhost:8080/iiq/scim/v2/Accounts/0a0a428587481246818748c4baf12e81"
},
{
"displayName": "tarnefield",
"value": "0a0a428587481246818748c7b4c25d31",
"$ref": "http://localhost:8080/iiq/scim/v2/Accounts/0a0a428587481246818748c7b4c25d31"
},
{
"displayName": "tarnefield",
"value": "0a0a428587481246818748c8b2a41d52",
"$ref": "http://localhost:8080/iiq/scim/v2/Accounts/0a0a428587481246818748c8b2a41d52"
}
],
"riskScore": 250,
"icc_city": "Sŏnbong",
"icc_title": "Database Engineer"
},
"emails": [
{
"type": "work",
"value": "[email protected]",
"primary": true
}
],
"displayName": "Arnefield, Tamqrah",
"meta": {
"created": "2023-04-03T20:17:45.200Z",
"location": "http://localhost:8080/iiq/scim/v2/Users/0a0a428587481246818748c4baf02e80",
"lastModified": "2023-04-03T21:01:23.621Z",
"version": "W/\"1680555683621\"",
"resourceType": "User"
},
"schemas": [
"urn:ietf:params:scim:schemas:sailpoint:1.0:User",
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"name": {
"formatted": "Arnefield, Tamqrah",
"familyName": "Arnefield",
"givenName": "Tamqrah"
},
"active": true,
"id": "0a0a428587481246818748c4baf02e80",
"userType": "contractor",
"userName": "002123",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"manager": {
"displayName": "Willowby, Dar",
"value": "0a0a428587481246818748c3acb500e5",
"$ref": "http://localhost:8080/iiq/scim/v2/Users/0a0a428587481246818748c3acb500e5"
}
}
}
]
}
You will see in the output above that custom extended IIQ attributes are also included in the response (the icc_
ones). Searchable extended attributes can also be used in SCIM querys/filters, so if I wanted to find users in Texas, my SCIM request would be: http://localhost:8080/iiq/scim/v2/Users?filter=urn:ietf:params:scim:schemas:sailpoint:1.0:User:icc_state eq "TX"
Limiting to 2 results for brevity, I get:
{
"totalResults": 56,
"startIndex": 1,
"itemsPerPage": 2,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"Resources": [
{
"urn:ietf:params:scim:schemas:sailpoint:1.0:User": {
"icc_empID": "002274",
"capabilities": [],
"lastRefresh": "2023-04-03T21:01:27.746Z",
"icc_startDate": "11/30/2009 0:0:0 AM UTC",
"icc_department": "Marketing Department",
"icc_jobCode": "SE",
"icc_empType": "Full Time Permanent",
"icc_state": "TX",
"icc_country": "US",
"administrator": {},
"icc_active": "Active",
"isManager": false,
"icc_userID": "tsalery",
"accounts": [
{
"displayName": "002274",
"value": "0a0a428587481246818748c3bb32023e",
"$ref": "http://localhost:8080/iiq/scim/v2/Accounts/0a0a428587481246818748c3bb32023e"
},
{
"displayName": "tsalery",
"value": "0a0a428587481246818748c761364776",
"$ref": "http://localhost:8080/iiq/scim/v2/Accounts/0a0a428587481246818748c761364776"
},
{
"displayName": "tsalery",
"value": "0a0a428587481246818748c8bf0c1f2e",
"$ref": "http://localhost:8080/iiq/scim/v2/Accounts/0a0a428587481246818748c8bf0c1f2e"
}
],
"riskScore": 250,
"icc_city": "Ingenio La Esperanza",
"icc_title": "Software Engineer"
},
"emails": [
{
"type": "work",
"value": "[email protected]",
"primary": true
}
],
"displayName": "Salery, Turner",
"meta": {
"created": "2023-04-03T20:16:39.728Z",
"location": "http://localhost:8080/iiq/scim/v2/Users/0a0a428587481246818748c3bb2f023d",
"lastModified": "2023-04-03T21:01:27.746Z",
"version": "W/\"1680555687746\"",
"resourceType": "User"
},
"schemas": [
"urn:ietf:params:scim:schemas:sailpoint:1.0:User",
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"name": {
"formatted": "Salery, Turner",
"familyName": "Salery",
"givenName": "Turner"
},
"active": true,
"id": "0a0a428587481246818748c3bb2f023d",
"userType": "employee",
"userName": "002274",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"manager": {
"displayName": "Gilfillan, Kelci",
"value": "0a0a428587481246818748c3b0bd0161",
"$ref": "http://localhost:8080/iiq/scim/v2/Users/0a0a428587481246818748c3b0bd0161"
}
}
},
{
"urn:ietf:params:scim:schemas:sailpoint:1.0:User": {
"icc_empID": "002328",
"capabilities": [],
"lastRefresh": "2023-04-03T21:01:38.450Z",
"icc_startDate": "10/14/2005 0:0:0 AM UTC",
"icc_department": "Marketing Department",
"icc_jobCode": "TPM",
"icc_empType": "Full Time Contract",
"icc_state": "TX",
"icc_country": "US",
"administrator": {},
"icc_active": "Active",
"isManager": false,
"icc_userID": "epeever",
"accounts": [
{
"displayName": "002328",
"value": "0a0a428587481246818748c3c7e0037e",
"$ref": "http://localhost:8080/iiq/scim/v2/Accounts/0a0a428587481246818748c3c7e0037e"
},
{
"displayName": "epeever",
"value": "0a0a428587481246818748c775504c94",
"$ref": "http://localhost:8080/iiq/scim/v2/Accounts/0a0a428587481246818748c775504c94"
},
{
"displayName": "epeever",
"value": "0a0a428587481246818748c846f00117",
"$ref": "http://localhost:8080/iiq/scim/v2/Accounts/0a0a428587481246818748c846f00117"
}
],
"riskScore": 250,
"icc_city": "Karlskrona",
"icc_title": "Technical Project Manager"
},
"emails": [
{
"type": "work",
"value": "[email protected]",
"primary": true
}
],
"displayName": "Peever, Elbertina",
"meta": {
"created": "2023-04-03T20:16:42.972Z",
"location": "http://localhost:8080/iiq/scim/v2/Users/0a0a428587481246818748c3c7dc037d",
"lastModified": "2023-04-03T21:01:38.450Z",
"version": "W/\"1680555698450\"",
"resourceType": "User"
},
"schemas": [
"urn:ietf:params:scim:schemas:sailpoint:1.0:User",
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"name": {
"formatted": "Peever, Elbertina",
"familyName": "Peever",
"givenName": "Elbertina"
},
"active": true,
"id": "0a0a428587481246818748c3c7dc037d",
"userType": "contractor",
"userName": "002328",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"manager": {
"displayName": "Tichelaar, Weber",
"value": "0a0a428587481246818748c3abab00cc",
"$ref": "http://localhost:8080/iiq/scim/v2/Users/0a0a428587481246818748c3abab00cc"
}
}
}
]
}
This was done on my personal sandbox using IIQ 8.3p2, but I’ve done similar with the IIQ SCIM API going back to at least 8.1p3 that I can recall off-hand. Hope this helps!
This is a huge help, thank-you @brian_weigel