Updates an existing User.
PUT/Users/:userId
The endpoint used to update a User resource. There are attributes marked as 'returned only by request', such as roles, which must be provided as part of the attributes query parameter in order to be included in the response.
In order for Lifecycle Events to have access to previous Identity values, a new IdentityArchive object is created and saved to the database. This feature is turned on by default and could have an impact on the overall performance of the SCIM update. It is not expected for the impact of this change to be noticeable, but in cases where it is, and when configured Lifecycle Events are not dependent on the previous Identity attributes, the creation of the IdentityArchive object during a SCIM update is configurable. By default, the IdentityArchive creation during a SCIM update is enabled. To disable the creation of the IdentityArchive object during SCIM updates, the following attribute can be set on the SystemConfiguration object:
<entry key="scimTriggerSnapshots" value="false">
Request
Path Parameters
The id of User resource. If lookupByName is set to true, this path parameter should be set to the userName of the User.
Query Parameters
A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.
A comma-separated list of attributes to exclude from the response. Some attributes cannot be excluded.
A boolean value that determines if the User resource will be looked up by userName instead of userId (value in path parameter 'userId'). Setting this query parameter to true will cause the value pulled from the 'userId' path parameter to be treated as a userName when searching for the resource.
Example: scim/v2/Users/Mock.User?lookupByName=true
- application/scim+json
- */*
Body
required
Array [
]
Unique identifier for the User. Typically used to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the entire set of Users. This attribute cannot be changed.
name
The components of the User’s real name. Providers may return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.
The full name, including all middle names, titles, and suffixes as appropriate, formatted for display.
The family name of the User, or Last Name in most Western languages
The given name of the User, or First Name in most Western languages
The name of the User, suitable for display to end-users. The name should be the full name of the User being described.
The type of the User, identifying the relationship between the organization and the User.
A Boolean value indicating the User’s administrative status.
The User's case-sensitive cleartext password. This attribute is intended to be used as a means to specify an initial password when creating a new User or to reset an existing User's password. This attribute will never be returned in a response.
emails
undefined[]
Email addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g., [email protected] instead of [email protected]. Canonical Type values of work, home, and other.
Type of email address (work, home, other).
Canonicalized email address.
A Boolean value indicating the primary e-mail address. The primary attribute value 'true' MUST appear no more than once.
urn:ietf:params:scim:schemas:sailpoint:1.0:User
Capabilities assigned to this User.
administrator
The Administrator of the RPA or Service Account. This attribute is only applicable if the User type is RPA/Bots or Service.
The display name of the Administrator of RPA user or Service account.
The id of the SCIM resource representing the Administrator of RPA user or Service account.
The URI of the SCIM resource representing the Administrator of RPA user or Service Account.
The software version of the RPA/Bots.
Employee id associated with this User.
Distinguished name for this User.
The region this User is assigned to.
regionOwner
The User who owns the region that this resource (User) belongs to.
Display name of the region owner.
The id of the region owner.
URI reference of the region owner resource.
The location this User is assigned to.
locationOwner
object
The User who owns the location that this resource (User) belongs to.
Display name of the location owner.
The id of the location owner.
URI reference to the location owner resource.
Department this User is assigned to.
Cost centers this User is associated with.
Job title given to this User.
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
Enterprise User Schema. Contains the manager of the User.
manager
Manager of the user.
Display name of the manager.
The id of the manager.
Reference to the manager resource.
Body
required
Array [
]
Unique identifier for the User. Typically used to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the entire set of Users. This attribute cannot be changed.
name
The components of the User’s real name. Providers may return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.
The full name, including all middle names, titles, and suffixes as appropriate, formatted for display.
The family name of the User, or Last Name in most Western languages
The given name of the User, or First Name in most Western languages
The name of the User, suitable for display to end-users. The name should be the full name of the User being described.
The type of the User, identifying the relationship between the organization and the User.
A Boolean value indicating the User’s administrative status.
The User's case-sensitive cleartext password. This attribute is intended to be used as a means to specify an initial password when creating a new User or to reset an existing User's password. This attribute will never be returned in a response.
emails
undefined[]
Email addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g., [email protected] instead of [email protected]. Canonical Type values of work, home, and other.
Type of email address (work, home, other).
Canonicalized email address.
A Boolean value indicating the primary e-mail address. The primary attribute value 'true' MUST appear no more than once.
urn:ietf:params:scim:schemas:sailpoint:1.0:User
Capabilities assigned to this User.
administrator
The Administrator of the RPA or Service Account. This attribute is only applicable if the User type is RPA/Bots or Service.
The display name of the Administrator of RPA user or Service account.
The id of the SCIM resource representing the Administrator of RPA user or Service account.
The URI of the SCIM resource representing the Administrator of RPA user or Service Account.
The software version of the RPA/Bots.
Employee id associated with this User.
Distinguished name for this User.
The region this User is assigned to.
regionOwner
The User who owns the region that this resource (User) belongs to.
Display name of the region owner.
The id of the region owner.
URI reference of the region owner resource.
The location this User is assigned to.
locationOwner
object
The User who owns the location that this resource (User) belongs to.
Display name of the location owner.
The id of the location owner.
URI reference to the location owner resource.
Department this User is assigned to.
Cost centers this User is associated with.
Job title given to this User.
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
Enterprise User Schema. Contains the manager of the User.
manager
Manager of the user.
Display name of the manager.
The id of the manager.
Reference to the manager resource.
Responses
- 200
Updates an existing User and returns that User.
- application/json
- Schema
- Example (from schema)
Schema
Array [
]
Array [
]
Array [
]
Array [
]
IdentityIQ id of the User.
Unique identifier for the User. Typically used to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the entire set of Users. Cannot be changed.
name
The components of the User’s real name. Providers may return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.
The full name, including all middle names, titles, and suffixes as appropriate, formatted for display.
The family name of the User, or Last Name in most Western languages
The given name of the User, or First Name in most Western languages
The name of the User, suitable for display to end-users. The name should be the full name of the User being described.
The type of the User, identifying the relationship between the organization and the User.
A Boolean value indicating the User’s administrative status.
emails
undefined[]
Email addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g., [email protected] instead of [email protected]. Canonical Type values of work, home, and other.
Type of email address (work, home, other).
Canonicalized email address.
A Boolean value indicating the primary e-mail address. The primary attribute value 'true' MUST appear no more than once.
urn:ietf:params:scim:schemas:sailpoint:1.0:User
object
Additional attributes of the User.
accounts
undefined[]
Simple representation of the Account (or Link) ResourceType.
The display name of the Account.
The id of the SCIM resource representing the Account.
The URI of the SCIM resource representing the Account.
entitlements
undefined[]
Entitlements of the User. Returned in response only if requested using the 'attributes' query parameter.
The value of the Entitlement.
The display name of the Entitlement.
The type of Entitlement (Entitlement, Permission, etc.).
The name of the Application this Entitlement applies to.
The account this Entitlement was sourced from.
The URI of the SCIM resource representing the Entitlement.
roles
undefined[]
Roles of the User. Returned only if requested. Returned in response only if requested using the 'attributes' query parameter.
The value of the Role.
The display name of the Role.
The type of Role (IT, Business, etc.).
Indicates how this Role was acquired. Assigned or Detected.
The name of the Application where this Role came from.
The name of the Account this Role was sourced from.
The URI of the SCIM resource representing the Role.
Capabilities assigned to this User.
Composite Risk Score of this User.
A Boolean value that determines if this User is a manager.
administrator
The Administrator of the RPA or Service Account. This attribute is only applicable if the User type is RPA/Bots or Service.
The display name of the Administrator of RPA user or Service account.
The id of the SCIM resource representing the Administrator of RPA user or Service account.
The URI of the SCIM resource representing the Administrator of RPA user or Service Account.
The software version of the RPA/Bots.
Employee id associated with this User.
Distinguished name for this User.
The region this User is assigned to.
regionOwner
The User who owns the region that this resource (User) belongs to.
Display name of the region owner.
The id of the region owner.
URI reference of the region owner resource.
The location this User is assigned to.
locationOwner
object
The User who owns the location that this resource (User) belongs to.
Display name of the location owner.
The id of the location owner.
URI reference to the location owner resource.
Department this User is assigned to.
Cost centers this User is associated with.
Job title given to this User.
Datetime representation of the last refresh for this User.
urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
Enterprise User Schema. Contains the manager of the User.
manager
Manager of the User.
Display name of the User's manager.
The id of the SCIM resource representing the User’s manager.
The URI of the SCIM resource representing the User’s manager.
meta
Metadata of the resource.
Datetime this resource was created.
The location of the resource.
Datetime the resource was last modified.
The version of the resource.
The SCIM resource type.
The schemas involved in the SCIM resource.
{
"id": "c0b4568a4fe7458c434ee77d1fbt156b",
"userName": "Mock.User",
"name": {
"formatted": "Ms. Barbara J Jensen, III",
"familyName": "Jensen",
"givenName": "Barbara"
},
"displayName": "Barbara Jensen",
"userType": "employee",
"active": true,
"emails": [
{
"type": "work",
"value": "[email protected]",
"primary": "true"
}
],
"urn:ietf:params:scim:schemas:sailpoint:1.0:User": {
"accounts": [
{
"displayName": "Bob.Smith",
"value": "c0a7778b7ef71e79817ee74e6a1f0444",
"$ref": "http://localhost:8080/iiq/scim/v2/Accounts/c0a7778b7ef71e79817ee74e6a1f0444"
}
],
"entitlements": [
{
"value": "groupmbr",
"display": "HelpDesk",
"type": "Permission",
"application": "ADMockApp",
"accountName": "CN=Barbara Jensen,OU=Taipei,OU=Asia-Pacific,DC=example,DC=com",
"$ref": "http://localhost:8080/iiq/scim/v2/Entitlements/c0a7777a7f74744d817e74fc12362c67"
}
],
"roles": [
{
"value": "detectedRoles",
"display": "User - IT",
"type": "it",
"acquired": "Assigned",
"application": "Active_Directory",
"accountName": "CN=Barbara Jensen,OU=Taipei,OU=Asia-Pacific,DC=example,DC=com",
"$ref": "http://localhost:8080/iiq/scim/v2/Roles/c0a7777a7f74744d817e74fc12362c67"
}
],
"capabilities": "[\"SystemAdministrator\"]",
"riskScore": 125,
"isManager": false,
"administrator": {
"displayName": "Bob Smith",
"value": "c0a7777a7f74744d817e74fc12362c67O",
"$ref": "http://localhost:8080/iiq/scim/v2/Users/c0a7777a7f74744d817e74fc12362c67"
},
"softwareVersion": "7.3",
"empId": "1b2a3c",
"dn": "cn=Bob Smith,ou=services",
"region": "Americas",
"regionOwner": {
"displayName": "Joe Smith",
"value": "c0b4568a4fe7458c434ee77d1fbt156b",
"$ref": "http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b"
},
"location": "Singapore",
"locationOwner": {
"displayName": "Bob Smith",
"value": "c0a7778b7ef71e79817ee74e6a1f0444",
"$ref": "http://localhost:8080/iiq/scim/v2/Users/c0a7778b7ef71e79817ee74e6a1f0444"
},
"Department": "Regional Operations",
"costcenter": [
"CC01",
"DD02"
],
"jobtitle": "Internal Audit Manager",
"lastRefresh": "2024-07-29T15:51:28.071Z"
},
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"manager": {
"displayName": "Bob Smith",
"value": "c7a7347a7fe71e69077ee75f5d1f1237",
"$ref": "http://localhost:8080/iiq/scim/v2/Users/c7a7347a7fe71e69077ee75f5d1f1237"
}
},
"meta": {
"created": "2022-02-11T01:34:04.074-05:00",
"location": "http://localhost:8080/iiq/scim/v2/Users/c0b4568a4fe7458c434ee77d1fbt156b",
"lastModified": "2022-02-11T01:08:45.866-05:00",
"version": "W\"1644561244074\"",
"resourceType": "User"
},
"schemas": [
"urn:ietf:params:scim:schemas:sailpoint:1.0:User",
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
]
}