I am trying to implement SCIM in AAD and am having a hard time mapping the fields. When a user is added to a group. In this example i want the following to happen:
(pretty much what scim does)
User is provisioned, the user is created.
User deprovisioned, user deleted
User is added to group, the group changes
User is removed from group, the group changes.
here is the api information
getUsers
Method: get
URL: /scim/v2/Users?filter=userName+eq+%22example%40example.com%22
response:
{
"totalResults": 1,
"startIndex": 1,
"itemsPerPage": 1,
"schemas": [ "urn:ietf:params:scim:api:messages:2.0:ListResponse" ],
"Resources": [
{
"emails": [ { "value": "example@example.com" } ],
"appGroups": [ "Unicorn Team" ],
"schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User" ],
"name": { "familyName": "Family", "givenName": "Given" }, // SCIM requires names, but no real names are stored; you'll always get back these placeholder values
"active": true,
"id": "example@example.com",
"userName": "example@example.com",
"status": "success"
},
... // more users
]
}
addUsers
Method: post
url /scim/v2/Users
body
{
"userName": "example@example.com",
"appGroups": [ "Unicorn Team", "Rainbow Team" ],
"active": true
}
response:
{
"emails": [
{
"value": "example@example.com"
}
],
"appGroups": [
"Unicorn Team",
"Rainbow Team"
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"name": {
"familyName": "Family",
"givenName": "Given"
},
"active": true,
"id": "example@example.com",
"userName": "example@example.com",
"status": "success"
}
User Config:
"users": [
{
"email": "example@example.com",
"groups": ["Unicorn Team", "Rainbow Team"]
},
],
"groups": [
{
name: "Unicorn Team",
},
{
name: "Rainbow Team",
},
{
name: "X",
},
{
name: "Y",
},
{
name: "Z",
},
]
putUsers
method: put
URL: /scim/v2/Users/example%40example.com
body:
{
"userName": "example@example.com",
"appGroups": [ "Unicorn Team", "X" ],
"active": true
}
User Config:
"users": [
{
"email": "example@example.com",
"groups": ["Unicorn Team", "X"]
},
],
"groups": [
{
name: "Unicorn Team",
},
{
name: "Rainbow Team",
},
{
name: "X",
},
{
name: "Y",
},
{
name: "Z",
},
]
patchUsers
method: patch
URL: /scim/v2/Users/example%40example.com
body:
{
"active": false
}
response:
{
"emails": [
{
"value": "example@example.com"
}
],
"appGroups": [
"Unicorn Group"
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"name": {
"familyName": "Family",
"givenName": "Given"
},
"active": false,
"id": "example@example.com",
"userName": "example@example.com",
"status": "success"
}
User Config
"users": [
],
"groups": [
{
name: "Unicorn Team",
},
{
name: "Rainbow Team",
},
{
name: "X",
},
{
name: "Y",
},
{
name: "Z",
},
]
In order to add user to group in SCIM AZURE AD implementation, you have to implement /Groups endpoint, as appears here:
https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#update-group-add-members HTTP Patch request as appears in the reference.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.