{{BASE_URL}}/identityiq/scim/v2/Users?attributes=roles, emails, displayName, name, active, id, userType, userName
However, the response does not include the role details associated with the users. Could someone please guide us on the correct API endpoint to use for retrieving the roles and entitlements assigned to users in SailPoint IdentityIQ?
We are using IdentityIQ 8.4 version.
Hello @niralishah
Welcome to SailPoint Developer Community for your query. As per screenshot attached SCIM end point need to be changed as below:-
GET {{BASE_URL}}/identityiq/scim/v2/Users?attributes=roles,entitlements,emails,displayName,name,active,id,userType,userName
Another thing need to be checked is SCIM configuration xml is properly set for entitlements
@asharma65 The provided query we’ve tried for fetching roles but still it is not giving roles details in response though available in UI.
Hi @niralishah,
There is no roles attribute in the Users API, so we are not getting any information regarding roles.
API EndPoint URL: http://localhost:8080/identityiq/scim/v2/Users/{userId}
{
“urn:ietf:params:scim:schemas
1.0:User”: {
“country”: “India”,
“capabilities”: [
“SystemAdministrator”
],
“gender”: “F”,
“lastRefresh”: “2025-08-06T12:00:31.996+05:30”,
“city”: “Hyd”,
“org”: “XYZ”,
“employeeid”: “XYXH1121”,
“isManager”: true,
“accounts”: [
{
“displayName”: “XYXH1121”,
“value”: “7f0000018d7c190b818d7d38c1cc030a”,
“$ref”: “http://localhost:8080/identityiq/scim/v2/Accounts/7f0000018d7c190b818d7d38c1cc030a”
}
],
“riskScore”: 2,
“state”: “Telangana”,
“designation”: “President”,
“department”: “IDM”,
“status”: “Active”
},
“emails”: [
{
“type”: “work”,
“value”: “xyz@example.com”,
“primary”: true
}
],
“displayName”: “XYXH1121”,
“meta”: {
“created”: “2024-02-06T12:31:28.140+05:30”,
“location”: “http://localhost:8080/identityiq/scim/v2/Users/7f0000018d7c190b818d7d38c1cc0309”,
“lastModified”: “2025-08-06T12:00:32.003+05:30”,
“version”: “W/"1754461832003"”,
“resourceType”: “User”
},
“name”: {
“formatted”: “XYXH1121”,
“familyName”: “xyz”,
“givenName”: “xyz”
},
“active”: true,
“id”: “7f0000018d7c190b818d7d38c1cc0309”,
“userName”: “XYXH1121”,
“urn:ietf:params:scim:schemas:extension:enterprise:2.0:User”: {
“manager”: {
“displayName”: “XYXH1120”,
“value”: “7f0000018d7c190b818d7d38c19e0307”,
“$ref”: “http://localhost:8080/identityiq/scim/v2/Users/7f0000018d7c190b818d7d38c19e0307”
}
},
“schemas”: [
“urn:ietf:params:scim:schemas1.0:User”,
“urn:ietf:params:scim:schemas:core:2.0:User”,
“urn:ietf:params:scim:schemas:extension:enterprise:2.0:User”
]
}
Hi @niralishah
I attempted to retrieve the assigned roles using the following REST API:
http://localhost:8080/identityiq/rest/identities/{id}
Sample Response:
{
“assignedRoles”: [
{
“date”: 1753696756392,
“displayName”: “Access IT Role - Read files”,
“description”: null,
“id”: “0a00020f981b1bff81981be0543500bf”
},
{
“date”: 1753696756400,
“displayName”: “Access IT Role - Edit files”,
“description”: null,
“id”: “c0a8386696c71c828196c7fc36ba003a”
}
],
“viewableIdentityAttributes”: {
“Email”: “sarah.moore@example.com”,
“First Name”: “Sarah”,
“Last Name”: “Moore”,
“Manager”: “Jane Smith”,
},
“listAttributes”: [
“First Name”,
“Last Name”,
“Email”,
“Manager”,
]
}
Additionally, entitlement values can be retrieved using the following API endpoint:
http://localhost:8080/identityiq/scim/v2/Accounts/{id}
Try below it will work
{{BASE_URL}}scim/v2/Users/370128?lookupByName=true&attributes=urn:ietf:params:scim:schemas:sailpoint:1.0:User:entitlements
Do we ahve any bulk endpoint to fetch roles and entitlements?
Also we’re able to fetch the roles and entitlements using below endpoints:
roles: /identityiq/rest/identities/:id
entitlements: /identityiq/rest/identities/:id/identityEntitlements
You can get roles from the SCIM call with this: …/scim/v2/Users?attributes=urn:ietf:params:scim:schemas:sailpoint:1.0:User:roles
Thanks @brad_grutsch . We are able to fetch users using the provided attribute. Do we have such attribute or endpoint available to fetch applications or entitlements in bulk by providing multiple ids?
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
