Create Self Service Enrollment Request for a Specific MFA Factor
/admin/v1/MyAuthenticationFactorEnroller
Request
- application/scim+json
- application/json
-
Authorization: string
The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.
-
Content-Type: string
Media Type
-
RESOURCE_TYPE_SCHEMA_VERSION(optional): string
An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.
Before you specify an attribute-value in a request to create a resource, please check the 'mutability' property of that attribute in the resource-type schema below. Clicking on an attribute-row will expand that row to show the SCIM++ Properties of that attribute.
- Your request to create, update or replace a resource may specify in its payload a value for any attribute that is defined as mutability:readWrite or mutability:writeOnly or mutability:immutable:
- The SCIM APIs to create a resource will ignore silently any value that you specify for an attribute that is defined as mutability:readOnly.
- The SCIM APIs to update or replace a resource will fail with an error 400 Bad Request if you specify a value for an attribute that is defined as mutability:readOnly.
- Similarly, the SCIM APIs to update or replace a resource will fail with an error 400 Bad Request if you specify any value for an attribute that is defined as mutability:immutable and that already has a value in the specified resource.
Also, before you use the query-parameter attributes to request specific attributes, please check the 'returned' property of that attribute in the resource-type schema below:
- Your request to read a resource (or to search a resource-type) can specify as the value of attributes any attributes that are defined as returned:default or returned:request or returned:always:
- If you request a specific set of attributes, the SCIM APIs to read a resource (or to search a resource-type) will return in each resource the set of attributes that you requested, as well as any attribute that is defined as returned:always.
- If you do not request a specific set of attributes, the SCIM APIs to read a resource (or to search a resource-type) will return in each resource the the set of attributes defined as returned:default, as well as any attribute that is defined as returned:always.
- The SCIM APIs to read a resource (or to search a resource-type) will ignore silently any request to return an attribute that is defined as returned:never.
object
-
additionalAttributes(optional):
array additionalAttributes
SCIM++ Properties:
- idcsSearchable: false
- multiValued: true
- mutability: readWrite
- required: false
- returned: default
- type: complex
- uniqueness: none
-
authnFactors:
array authnFactors
SCIM++ Properties:
- multiValued: true
- mutability: readWrite
- required: true
- returned: default
- type: string
- uniqueness: none
-
autoEnrollFactor(optional):
boolean
SCIM++ Properties:
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: boolean
- uniqueness: none
-
compartmentOcid(optional):
string
SCIM++ Properties:
- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
-
countryCode(optional):
string
SCIM++ Properties:
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: string
- uniqueness: none
-
deleteInProgress(optional):
boolean
SCIM++ Properties:
- caseExact: false
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: boolean
- uniqueness: none
-
deviceId(optional):
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
-
displayName(optional):
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: string
- uniqueness: none
-
domainOcid(optional):
string
SCIM++ Properties:
- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
-
id(optional):
string
SCIM++ Properties:
- caseExact: false
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: false
- returned: always
- type: string
- uniqueness: global
-
idcsCreatedBy:
object idcsCreatedBy
SCIM++ Properties:
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: true
- returned: default
- type: complex
-
idcsLastModifiedBy(optional):
object idcsLastModifiedBy
SCIM++ Properties:
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: complex
-
idcsLastUpgradedInRelease(optional):
string
SCIM++ Properties:
- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: request
- type: string
- uniqueness: none
-
idcsPreventedOperations(optional):
array idcsPreventedOperations
SCIM++ Properties:
- idcsSearchable: false
- multiValued: true
- mutability: readOnly
- required: false
- returned: request
- type: string
- uniqueness: none
-
isAccRecEnabled(optional):
boolean
SCIM++ Properties:
- caseExact: true
- idcsSearchable: true
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: boolean
- uniqueness: none
-
isDeviceOffline(optional):
boolean
SCIM++ Properties:
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: boolean
- uniqueness: none
-
landLine(optional):
boolean
SCIM++ Properties:
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: boolean
- uniqueness: none
-
meta(optional):
object meta
SCIM++ Properties:
- caseExact: false
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- idcsCsvAttributeNameMappings: [[columnHeaderName:Created Date, mapsTo:meta.created]]
- type: complex
-
ocid(optional):
string
Maximum Length:
255
SCIM++ Properties:- caseExact: true
- idcsSearchable: true
- multiValued: false
- mutability: immutable
- required: false
- returned: default
- type: string
- uniqueness: global
-
otpCode(optional):
string
SCIM++ Properties:
- type: string
- multiValued: false
- required: false
- mutability: readWrite
- returned: never
- uniqueness: none
- idcsSensitive: encrypt
- idcsSearchable: false
-
phoneNumber(optional):
string
SCIM++ Properties:
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: string
- uniqueness: none
- idcsSensitive: none
-
qrCodeContent(optional):
object qrCodeContent
SCIM++ Properties:
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: binary
- uniqueness: none
-
qrCodeImgContent(optional):
object qrCodeImgContent
SCIM++ Properties:
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: binary
- uniqueness: none
-
qrCodeImgType(optional):
object qrCodeImgType
SCIM++ Properties:
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: binary
- uniqueness: none
-
requestId(optional):
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
-
schemas:
array schemas
SCIM++ Properties:
- caseExact: false
- idcsSearchable: false
- multiValued: true
- mutability: readWrite
- required: true
- returned: default
- type: string
- uniqueness: none
- sharedSecret(optional): string
-
skipFactorVerification(optional):
boolean
SCIM++ Properties:
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: boolean
- uniqueness: none
-
tags(optional):
array tags
SCIM++ Properties:
- idcsCompositeKey: [key, value]
- idcsSearchable: true
- multiValued: true
- mutability: readWrite
- required: false
- returned: request
- type: complex
- uniqueness: none
-
tenancyOcid(optional):
string
SCIM++ Properties:
- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
-
thirdPartyFactor(optional):
object thirdPartyFactor
SCIM++ Properties:
- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: complex
- uniqueness: none
-
user:
object user
SCIM++ Properties:
- caseExact: false
- idcsSearchable: true
- multiValued: false
- mutability: readWrite
- required: true
- returned: default
- type: complex
- uniqueness: none
array
- idcsSearchable: false
- multiValued: true
- mutability: readWrite
- required: false
- returned: default
- type: complex
- uniqueness: none
-
Array of:
object additionalAttributes
Device additional attributes
array
- multiValued: true
- mutability: readWrite
- required: true
- returned: default
- type: string
- uniqueness: none
[
"EMAIL",
"PUSH",
"SMS",
"TOTP",
"VOICE",
"PHONE_CALL",
"THIRDPARTY",
"FIDO_AUTHENTICATOR",
"YUBICO_OTP"
]
object
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: true
- returned: default
- type: complex
-
$ref(optional):
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: reference
- uniqueness: none
-
display(optional):
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
-
ocid(optional):
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- returned: default
- type: string
- uniqueness: none
-
type(optional):
string
Allowed Values:
[ "User", "App" ]
SCIM++ Properties:- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
-
value:
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: true
- returned: default
- type: string
- uniqueness: none
object
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: complex
-
$ref(optional):
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: reference
- uniqueness: none
-
display(optional):
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
-
ocid(optional):
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- returned: default
- type: string
- uniqueness: none
-
type(optional):
string
Allowed Values:
[ "User", "App" ]
SCIM++ Properties:- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
-
value:
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: true
- returned: default
- type: string
- uniqueness: none
array
- idcsSearchable: false
- multiValued: true
- mutability: readOnly
- required: false
- returned: request
- type: string
- uniqueness: none
[
"replace",
"update",
"delete"
]
object
- caseExact: false
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- idcsCsvAttributeNameMappings: [[columnHeaderName:Created Date, mapsTo:meta.created]]
- type: complex
-
created(optional):
string
SCIM++ Properties:
- caseExact: false
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: dateTime
- uniqueness: none
-
lastModified(optional):
string
SCIM++ Properties:
- caseExact: false
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: dateTime
- uniqueness: none
-
location(optional):
string
SCIM++ Properties:
- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
-
resourceType(optional):
string
SCIM++ Properties:
- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
-
version(optional):
string
SCIM++ Properties:
- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
object
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: binary
- uniqueness: none
object
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: binary
- uniqueness: none
object
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: binary
- uniqueness: none
[
"PNG",
"JPG"
]
array
- caseExact: false
- idcsSearchable: false
- multiValued: true
- mutability: readWrite
- required: true
- returned: default
- type: string
- uniqueness: none
object
- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: complex
- uniqueness: none
-
thirdPartyFactorId(optional):
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: string
- uniqueness: none
-
thirdPartyFactorType(optional):
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: string
- uniqueness: none
-
thirdPartyVendorName:
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: true
- returned: default
- type: string
- uniqueness: none
object
- caseExact: false
- idcsSearchable: true
- multiValued: false
- mutability: readWrite
- required: true
- returned: default
- type: complex
- uniqueness: none
-
$ref(optional):
string
SCIM++ Properties:
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: reference
- uniqueness: none
-
ocid(optional):
string
Minimum Length:
1
Maximum Length:400
SCIM++ Properties:- caseExact: true
- idcsSearchable: true
- multiValued: false
- mutability: readWrite
- required: false
- returned: always
- type: string
- uniqueness: none
-
value:
string
SCIM++ Properties:
- caseExact: false
- idcsSearchable: true
- multiValued: false
- mutability: readWrite
- required: true
- returned: always
- type: string
- uniqueness: none
object
-
key:
string
Minimum Length:
1
Maximum Length:100
SCIM++ Properties:- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: true
- returned: always
- type: string
- uniqueness: none
- idcsRequiresWriteForAccessFlows: true
- idcsRequiresImmediateReadAfterWriteForAccessFlows: true
-
value:
string
Minimum Length:
1
Maximum Length:100
SCIM++ Properties:- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: true
- returned: default
- type: string
- uniqueness: none
- idcsRequiresWriteForAccessFlows: true
- idcsRequiresImmediateReadAfterWriteForAccessFlows: true
Response
- application/json
- application/scim+json
201 Response
object
-
additionalAttributes(optional):
array additionalAttributes
SCIM++ Properties:
- idcsSearchable: false
- multiValued: true
- mutability: readWrite
- required: false
- returned: default
- type: complex
- uniqueness: none
-
authnFactors:
array authnFactors
SCIM++ Properties:
- multiValued: true
- mutability: readWrite
- required: true
- returned: default
- type: string
- uniqueness: none
-
autoEnrollFactor(optional):
boolean
SCIM++ Properties:
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: boolean
- uniqueness: none
-
compartmentOcid(optional):
string
SCIM++ Properties:
- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
-
countryCode(optional):
string
SCIM++ Properties:
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: string
- uniqueness: none
-
deleteInProgress(optional):
boolean
SCIM++ Properties:
- caseExact: false
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: boolean
- uniqueness: none
-
deviceId(optional):
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
-
displayName(optional):
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: string
- uniqueness: none
-
domainOcid(optional):
string
SCIM++ Properties:
- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
-
id(optional):
string
SCIM++ Properties:
- caseExact: false
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: false
- returned: always
- type: string
- uniqueness: global
-
idcsCreatedBy:
object idcsCreatedBy
SCIM++ Properties:
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: true
- returned: default
- type: complex
-
idcsLastModifiedBy(optional):
object idcsLastModifiedBy
SCIM++ Properties:
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: complex
-
idcsLastUpgradedInRelease(optional):
string
SCIM++ Properties:
- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: request
- type: string
- uniqueness: none
-
idcsPreventedOperations(optional):
array idcsPreventedOperations
SCIM++ Properties:
- idcsSearchable: false
- multiValued: true
- mutability: readOnly
- required: false
- returned: request
- type: string
- uniqueness: none
-
isAccRecEnabled(optional):
boolean
SCIM++ Properties:
- caseExact: true
- idcsSearchable: true
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: boolean
- uniqueness: none
-
isDeviceOffline(optional):
boolean
SCIM++ Properties:
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: boolean
- uniqueness: none
-
landLine(optional):
boolean
SCIM++ Properties:
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: boolean
- uniqueness: none
-
meta(optional):
object meta
SCIM++ Properties:
- caseExact: false
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- idcsCsvAttributeNameMappings: [[columnHeaderName:Created Date, mapsTo:meta.created]]
- type: complex
-
ocid(optional):
string
Maximum Length:
255
SCIM++ Properties:- caseExact: true
- idcsSearchable: true
- multiValued: false
- mutability: immutable
- required: false
- returned: default
- type: string
- uniqueness: global
-
otpCode(optional):
string
SCIM++ Properties:
- type: string
- multiValued: false
- required: false
- mutability: readWrite
- returned: never
- uniqueness: none
- idcsSensitive: encrypt
- idcsSearchable: false
-
phoneNumber(optional):
string
SCIM++ Properties:
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: string
- uniqueness: none
- idcsSensitive: none
-
qrCodeContent(optional):
object qrCodeContent
SCIM++ Properties:
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: binary
- uniqueness: none
-
qrCodeImgContent(optional):
object qrCodeImgContent
SCIM++ Properties:
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: binary
- uniqueness: none
-
qrCodeImgType(optional):
object qrCodeImgType
SCIM++ Properties:
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: binary
- uniqueness: none
-
requestId(optional):
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
-
schemas:
array schemas
SCIM++ Properties:
- caseExact: false
- idcsSearchable: false
- multiValued: true
- mutability: readWrite
- required: true
- returned: default
- type: string
- uniqueness: none
- sharedSecret(optional): string
-
skipFactorVerification(optional):
boolean
SCIM++ Properties:
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: boolean
- uniqueness: none
-
tags(optional):
array tags
SCIM++ Properties:
- idcsCompositeKey: [key, value]
- idcsSearchable: true
- multiValued: true
- mutability: readWrite
- required: false
- returned: request
- type: complex
- uniqueness: none
-
tenancyOcid(optional):
string
SCIM++ Properties:
- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
-
thirdPartyFactor(optional):
object thirdPartyFactor
SCIM++ Properties:
- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: complex
- uniqueness: none
-
user:
object user
SCIM++ Properties:
- caseExact: false
- idcsSearchable: true
- multiValued: false
- mutability: readWrite
- required: true
- returned: default
- type: complex
- uniqueness: none
array
- idcsSearchable: false
- multiValued: true
- mutability: readWrite
- required: false
- returned: default
- type: complex
- uniqueness: none
-
Array of:
object additionalAttributes
Device additional attributes
array
- multiValued: true
- mutability: readWrite
- required: true
- returned: default
- type: string
- uniqueness: none
[
"EMAIL",
"PUSH",
"SMS",
"TOTP",
"VOICE",
"PHONE_CALL",
"THIRDPARTY",
"FIDO_AUTHENTICATOR",
"YUBICO_OTP"
]
object
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: true
- returned: default
- type: complex
-
$ref(optional):
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: reference
- uniqueness: none
-
display(optional):
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
-
ocid(optional):
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- returned: default
- type: string
- uniqueness: none
-
type(optional):
string
Allowed Values:
[ "User", "App" ]
SCIM++ Properties:- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
-
value:
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: true
- returned: default
- type: string
- uniqueness: none
object
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: complex
-
$ref(optional):
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: reference
- uniqueness: none
-
display(optional):
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
-
ocid(optional):
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- returned: default
- type: string
- uniqueness: none
-
type(optional):
string
Allowed Values:
[ "User", "App" ]
SCIM++ Properties:- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
-
value:
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: true
- returned: default
- type: string
- uniqueness: none
array
- idcsSearchable: false
- multiValued: true
- mutability: readOnly
- required: false
- returned: request
- type: string
- uniqueness: none
[
"replace",
"update",
"delete"
]
object
- caseExact: false
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- idcsCsvAttributeNameMappings: [[columnHeaderName:Created Date, mapsTo:meta.created]]
- type: complex
-
created(optional):
string
SCIM++ Properties:
- caseExact: false
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: dateTime
- uniqueness: none
-
lastModified(optional):
string
SCIM++ Properties:
- caseExact: false
- idcsSearchable: true
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: dateTime
- uniqueness: none
-
location(optional):
string
SCIM++ Properties:
- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
-
resourceType(optional):
string
SCIM++ Properties:
- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
-
version(optional):
string
SCIM++ Properties:
- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: string
- uniqueness: none
object
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: binary
- uniqueness: none
object
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: binary
- uniqueness: none
object
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: binary
- uniqueness: none
[
"PNG",
"JPG"
]
array
- caseExact: false
- idcsSearchable: false
- multiValued: true
- mutability: readWrite
- required: true
- returned: default
- type: string
- uniqueness: none
object
- caseExact: false
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: complex
- uniqueness: none
-
thirdPartyFactorId(optional):
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: string
- uniqueness: none
-
thirdPartyFactorType(optional):
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: false
- returned: default
- type: string
- uniqueness: none
-
thirdPartyVendorName:
string
SCIM++ Properties:
- caseExact: true
- idcsSearchable: false
- multiValued: false
- mutability: readWrite
- required: true
- returned: default
- type: string
- uniqueness: none
object
- caseExact: false
- idcsSearchable: true
- multiValued: false
- mutability: readWrite
- required: true
- returned: default
- type: complex
- uniqueness: none
-
$ref(optional):
string
SCIM++ Properties:
- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: false
- returned: default
- type: reference
- uniqueness: none
-
ocid(optional):
string
Minimum Length:
1
Maximum Length:400
SCIM++ Properties:- caseExact: true
- idcsSearchable: true
- multiValued: false
- mutability: readWrite
- required: false
- returned: always
- type: string
- uniqueness: none
-
value:
string
SCIM++ Properties:
- caseExact: false
- idcsSearchable: true
- multiValued: false
- mutability: readWrite
- required: true
- returned: always
- type: string
- uniqueness: none
object
-
key:
string
Minimum Length:
1
Maximum Length:100
SCIM++ Properties:- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: true
- returned: always
- type: string
- uniqueness: none
- idcsRequiresWriteForAccessFlows: true
- idcsRequiresImmediateReadAfterWriteForAccessFlows: true
-
value:
string
Minimum Length:
1
Maximum Length:100
SCIM++ Properties:- idcsSearchable: false
- multiValued: false
- mutability: readOnly
- required: true
- returned: default
- type: string
- uniqueness: none
- idcsRequiresWriteForAccessFlows: true
- idcsRequiresImmediateReadAfterWriteForAccessFlows: true
400 Response
object
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
-
detail(optional):
string
A detailed, human readable message. OPTIONAL
-
schemas:
array schemas
The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for SCIM specified Error and Extn Error Schema. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
-
status:
string
The HTTP status code (see Section 6 [RFC7231]) expressed as a JSON String
-
urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error(optional):
object urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
Extension schema for error messages providing more details with the exception status.
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
array
[
"urn:ietf:params:scim:api:messages:2.0:Error",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
]
object
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
-
additionalData(optional):
object additionalData
Contains Map based additional data for the exception message (as key-value pair). All keys and values are in string format.
-
messageId(optional):
string
Internal error keyword pointing to the exception status message. REQUIRED.
object
401 Response
object
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
-
detail(optional):
string
A detailed, human readable message. OPTIONAL
-
schemas:
array schemas
The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for SCIM specified Error and Extn Error Schema. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
-
status:
string
The HTTP status code (see Section 6 [RFC7231]) expressed as a JSON String
-
urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error(optional):
object urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
Extension schema for error messages providing more details with the exception status.
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
array
[
"urn:ietf:params:scim:api:messages:2.0:Error",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
]
object
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
-
additionalData(optional):
object additionalData
Contains Map based additional data for the exception message (as key-value pair). All keys and values are in string format.
-
messageId(optional):
string
Internal error keyword pointing to the exception status message. REQUIRED.
object
404 Response
object
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
-
detail(optional):
string
A detailed, human readable message. OPTIONAL
-
schemas:
array schemas
The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for SCIM specified Error and Extn Error Schema. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
-
status:
string
The HTTP status code (see Section 6 [RFC7231]) expressed as a JSON String
-
urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error(optional):
object urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
Extension schema for error messages providing more details with the exception status.
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
array
[
"urn:ietf:params:scim:api:messages:2.0:Error",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
]
object
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
-
additionalData(optional):
object additionalData
Contains Map based additional data for the exception message (as key-value pair). All keys and values are in string format.
-
messageId(optional):
string
Internal error keyword pointing to the exception status message. REQUIRED.
object
500 Response
object
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
-
detail(optional):
string
A detailed, human readable message. OPTIONAL
-
schemas:
array schemas
The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for SCIM specified Error and Extn Error Schema. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
-
status:
string
The HTTP status code (see Section 6 [RFC7231]) expressed as a JSON String
-
urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error(optional):
object urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
Extension schema for error messages providing more details with the exception status.
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
array
[
"urn:ietf:params:scim:api:messages:2.0:Error",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
]
object
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
-
additionalData(optional):
object additionalData
Contains Map based additional data for the exception message (as key-value pair). All keys and values are in string format.
-
messageId(optional):
string
Internal error keyword pointing to the exception status message. REQUIRED.
object
Examples
The following example requests and responses show you how to self-service enroll in MFA using SMS, Email, Security Questions, PUSH and Offline TOTP factors by submitting a POST request on a REST resource using cURL. For more information about cURL, see Use cURL. The self-service MFA enrollment is a three-step process, i.e., 1) Create Self Service Enrollment Request (This page provides the Request/Response examples for this step), 2) Initiate Self Service Enrollment Using the Requested MFA Factor and 3) Validate Self Service Enrollment Using the Requested MFA Factor.
cURL Command
Note:
The command in this example uses the URL structurehttps://tenant-base-url/resource-path
, where
tenant-base-url
represents the Identity Service URL, and the resource path represents the Identity Service API. See
Send Requests for the appropriate URL structure to use. You can obtain a ME token using Authentication API or OAuth Access Code flow before following the steps below. See
Generating Access Token Using Authentication API Generating Access Token Using Authentication API for information on obtaining a ME token.
curl
-X POST
-H "Content-Type:application/json"
-H "Authorization: Bearer <Access Token Value>"
https://tenant-base-url/admin/v1/MyAuthenticationFactorEnroller
Example of Request Body for SMS Factor Enrollment
The following shows an example of the POST request body in JSON format:
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:AuthenticationFactorEnroller"
],
"user": {
"value": "c810ff4522eb437abac013291c1984d1"
},
"displayName": "Joe's Personal Phone",
"countryCode": "+44",
"phoneNumber": "1122334455",
"authnFactors": [
"SMS"
]
}
Example of Response Body for SMS Factor Enrollment
The following example shows the contents of the response body in JSON format:
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:AuthenticationFactorEnroller"
],
"user": {
"value": "c810ff4522eb437abac013291c1984d1",
"$ref": "https://tenant-base-url/admin/v1/Users/c810ff4522eb437abac013291c1984d1"
},
"displayName": "Joe's Personal Phone",
"countryCode": "+44",
"phoneNumber": "XXXXXXX455",
"authnFactors": [
"SMS"
],
"meta": {
"resourceType": "MyAuthenticationFactorEnroller",
"location": "https://tenant-base-url/admin/v1/MyAuthenticationFactorEnroller"
},
"deviceId": "92142250e2ab4608b5c6532eb73e3d7c",
"requestId": "a0a7f9bf-13a8-43f3-bcc7-2087dc3f7a18o-o1548346179"
}
Error Response Examples
userId
is invalid. You get a 400 HTTP response code.
{
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
],
"detail": "AuthenticationFactorEnroller.user references a User with ID 1fa35f74491d44ef5a7cc25bfdb1c8b1c that does not exist.",
"status": "400",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
"messageId": "error.common.validation.invalidReferenceResource"
}
}
The following example shows the error message in JSON format when an SMS
authentication factor has been disabled or not supported. You get a 400 HTTP response code.
{
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
],
"detail": "The SMS authentication factor is not supported or enabled.",
"status": "400",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
"messageId": "error.ssocommon.auth.authFactorNotSupported"
}
}
The following example shows the error message in JSON format if a countryCode
attribute is incorrect. You get a 400 HTTP response code.
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
],
"detail": "Your phone number +dd9901266400 is not valid.",
"status": "400",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
"messageId": "error.ssocommon.auth.invalidPhoneNumber",
"additionalData": {
"params": "+dd9901266400",
"msgId": "error.ssocommon.auth.invalidPhoneNumber"
}
}
}
The following example shows the error message in JSON format if a phoneNumber
is invalid. You get a 400 HTTP response code.
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
],
"detail": "Your phone number +91123 is not valid.",
"status": "400",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
"messageId": "error.ssocommon.auth.invalidPhoneNumber",
"additionalData": {
"params": "+91123",
"msgId": "error.ssocommon.auth.invalidPhoneNumber"
}
}
}
The following example shows the error message in JSON format for an unauthorized user. That is, the ME token points to user X, but the user ID mentioned in the payload is for user Y. You get a 401 HTTP response code.
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
],
"detail": "You are not authorized to perform this action.",
"status": "401",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
"messageId": "error.ssocommon.ssoadmin.mfa.notAuthorized"
}
}
The following example shows the error message in JSON format if an invalid method is mentioned as a factor. You get a 400 HTTP response code.
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
],
"detail": "Invalid value [SMSS] for attribute :
authnFactors. Expected one of [EMAIL,PUSH,SMS,TOTP,VOICE].",
"status": "400",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
"messageId": "error.common.validation.canonicalValues"
}
}
Example of Request Body for Email Factor Enrollment
The following example shows the contents of the POST request body in JSON format:
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:AuthenticationFactorEnroller"
],
"user": {
"value": "99b7a4b948c74adf947d4fccd3b99972"
},
"authnFactors": [
"EMAIL"
]
}
Example of Response Body for Email Factor Enrollment
The following example shows the contents of the response body in JSON format:
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:AuthenticationFactorEnroller"
],
"user": {
"value": "99b7a4b948c74adf947d4fccd3b99972",
"$ref": "https://tenant-base-url/admin/v1/Users/99b7a4b948c74adf947d4fccd3b99972"
},
"authnFactors": [
"EMAIL"
],
"meta": {
"resourceType": "MyAuthenticationFactorEnroller",
"location": "https://tenant-base-url/admin/v1/MyAuthenticationFactorEnroller"
},
"deviceId": "bcb65790a29143ca960fa67fb530da63",
"requestId": "f8ee0085-1091-4eb3-b1d4-657ea6e1f3b7o-o1541112590"
}
Error Response Examples
The following example shows the error message in JSON format if a user has no primary email set up in the profile. You get a 400 HTTP response code.
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
],
"detail": "Primary email-id is not present for user user2.",
"status": "400",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
"messageId": "error.ssocommon.ssoadmin.user.primaryEmailIdNotPresent",
"additionalData": {
"params": "user2",
"msgId": "error.ssocommon.ssoadmin.user.primaryEmailIdNotPresent"
}
}
}
The following example shows the error message in JSON format if a user tires to enroll email for another user. That is, the ME token points to user X, while user ID mentioned in the payload is for user Y. You get a 401 HTTP response code.
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
],
"detail": "You are not authorized to perform this action.",
"status": "401",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
"messageId": "error.ssocommon.ssoadmin.mfa.notAuthorized"
}
}
The following example shows the error message in JSON format if an EMAIL
authentication factor is disabled in the tenant. You get a 400 HTTP response code.
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
],
"detail": "The EMAIL authentication factor is not supported or enabled.",
"status": "400",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
"messageId": "error.ssocommon.auth.authFactorNotSupported"
}
}
The following example shows the error message in JSON format if a given userId
is incorrect. You get a 400 HTTP response code.
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
],
"detail": "AuthenticationFactorEnroller.user references a User with ID fa35f74491d44ef5a7cc25bfdb1c8b1dc that does not exist.",
"status": "400",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
"messageId": "error.common.validation.invalidReferenceResource"
}
}
The following example shows the error message in JSON format if an invalid method is mentioned as the factor. You get a 400 HTTP response code.
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:Error",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
],
"detail": "Invalid value [EMAILL] for attribute :
authnFactors. Expected one of [EMAIL,PUSH,SMS,TOTP,VOICE].",
"status": "400",
"urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
"messageId": "error.common.validation.canonicalValues"
}
}
Example of Request Body for Security Questions Factor Enrollment
Note:
In the request, you must include the mandatory number of questions and answers based on the Security Questions Settings configuration. You make a GET call to{{HOST}}/admin/v1/SecurityQuestionSettings/SecurityQuestionSettings
. You could also make a GET call to
{{HOST}}/admin/v1/SecurityQuestions?count=48&startIndex=1
in order to retrieve the list of security questions so you know what to enter for the "value" below.
The following example shows the contents of the PATCH request body in JSON format:
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "add",
"path": "urn:ietf:params:scim:schemas:oracle:idcs:extension:securityQuestions:User:secQuestions",
"value": [
{
"value": "FavoriteMovie",
"answer": "Harry Potter",
"hintText": "wizard"
},
{
"value": "FavoriteFood",
"answer": "Chinese",
"hintText": "springrolls"
},
{
"value": "FirstPet",
"answer": "Bouncer",
"hintText": "dog"
}
]
}
]
}
Example of Response Body for Security Questions Factor Enrollment
The following example shows the contents of the response body in JSON format:
{
"idcsCreatedBy": {
"type": "User",
"display": "admin user",
"value": "05999e92c93c4b45a04efd094ac5730e",
"$ref": "https://tenant-base-url/admin/v1/Users/05999e92c93c4b45a04efd094ac5730e"
},
"id": "c810ff4522eb437abac013291c1984d1",
"meta": {
"created": "2019-01-24T10:06:52.595Z",
"lastModified": "2019-01-24T17:05:06.939Z",
"resourceType": "Me",
"location": "https://tenant-base-url/admin/v1/Me/c810ff4522eb437abac013291c1984d1"
},
"active": true,
"displayName": "Joe Bloggs",
"idcsLastModifiedBy": {
"value": "c810ff4522eb437abac013291c1984d1",
"display": "Joe Bloggs",
"type": "User",
"$ref": "https://tenant-base-url/admin/v1/Users/c810ff4522eb437abac013291c1984d1"
},
"userName": "jbloggs",
"urn:ietf:params:scim:schemas:oracle:idcs:extension:userState:User": {
"locked": {
"on": false
}
},
"name": {
"formatted": "Joe Bloggs",
"familyName": "Bloggs",
"givenName": "Joe"
},
"emails": [
{
"verified": true,
"primary": false,
"secondary": false,
"value": "joe.bloggs@example.com",
"type": "recovery"
},
{
"verified": true,
"primary": true,
"secondary": false,
"value": "joe.bloggs@example.com",
"type": "work"
}
],
"urn:ietf:params:scim:schemas:oracle:idcs:extension:mfa:User": {
"mfaStatus": "ENROLLED",
"loginAttempts": 0,
"preferredAuthenticationFactor": "PUSH",
"preferredDevice": {
"value": "2b27b8c072d64b899d41c8470acea32a",
"$ref": "https://tenant-base-url/admin/v1/Devices/2b27b8c072d64b899d41c8470acea32a"
}
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:oracle:idcs:extension:userState:User",
"urn:ietf:params:scim:schemas:oracle:idcs:extension:mfa:User"
]
}
Example of Request Body for PUSH Factor Enrollment
Note:
In the request, you must pass thevalue
attribute, which is the
userId
. You can make a GET call to
{{HOST}}/admin/v1/Me
to get the "id" value.
The following example shows the contents of the POST request body in JSON format:
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:AuthenticationFactorEnroller"
],
"user": {
"value": "c810ff4522eb437abac013291c1984d1"
},
"authnFactors": [
"PUSH"
]
}
Example of Response Body for PUSH Factor Enrollment
The following example shows the contents of the response body in JSON format:
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:AuthenticationFactorEnroller"
],
"user": {
"value": "c810ff4522eb437abac013291c1984d1",
"$ref": "https://tenant-base-url/admin/v1/Users/c810ff4522eb437abac013291c1984d1"
},
"authnFactors": [
"PUSH",
"TOTP"
],
"isDeviceOffline": false,
"meta": {
"resourceType": "MyAuthenticationFactorEnroller",
"location": "https://tenant-base-url/admin/v1/MyAuthenticationFactorEnroller"
},
"deviceId": "8bb96b4302eb40b2916079b3f597b077",
"displayName": "Joe's Phone",
"requestId": "7d988fb0-fe10-458d-aaba-0cb1230bfc25",
"qrCodeImgContent": "aVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQVN3QU...........RHLzZyOU8wcnF3a0YrNnBBQUFBQUJKUlU1RXJrSmdnZz09",
"qrCodeContent": "b3JhY2xlbW9iaWxlYXV0aGVudGljYXRvcjovL3RvdH...........VU0gmS2V5UGFpckxlbmd0aD0yMDQ4JlNTRT1CYXNlMzI=",
"qrCodeImgType": "PNG"
}
The attribute qrCodeImgContent
is double base64 encoded. First decode using a base64decoder to string
content, then base64 decode again to convert the string to image.
The value for qrCodeContent
should be decoded using a base64decoder. The decoded string should then be entered in a QR Code Generator. Scan the QR code generated with an authenticator, such as Oracle Mobile Authenticator. As this is a PUSH enrollment, enrollment will then happen automatically.
Example of Request Body for Offline TOTP Factor Enrollment
value
: the userId
{{HOST}}/admin/v1/Me
to get the
userId
value.
The following example shows the contents of the POST request body in JSON format:
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:AuthenticationFactorEnroller"
],
"user": {
"value": "4d7ef2bed0e64ab9befa13bddf0e7440",
"$ref": "https://tenant-base-url/admin/v1/Users/4d7ef2bed0e64ab9befa13bddf0e7440"
},
"authnFactors": [
"TOTP"
],
"isDeviceOffline": true
}
Example of Response Body for Offline TOTP Factor Enrollment
The following example shows the contents of the response body in JSON format:
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:AuthenticationFactorEnroller"
],
"user": {
"value": "4d7ef2bed0e64ab9befa13bddf0e7440",
"$ref": "https://tenant-base-url/admin/v1/Users/4d7ef2bed0e64ab9befa13bddf0e7440"
},
"authnFactors": [
"TOTP"
],
"isDeviceOffline": true,
"meta": {
"resourceType": "MyAuthenticationFactorEnroller",
"location": "https://tenant-base-url/admin/v1/MyAuthenticationFactorEnroller"
},
"deviceId": "ddbeca400f5841bd82e0a324068e1b0b",
"displayName": "Joe's Phone",
"requestId": "30f61b36-a942-4db1-bca6-fbc63003190a",
"qrCodeImgContent": "aVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQVBv.......QUFBQUJKUlU1RXJrSmdnZz09",
"qrCodeContent": "b3RwYXV0aDovL3RvdHAvcmhvZGdzb............JMZW5ndGg9MjA0OCZTU0U9QmFzZTMy",
"qrCodeImgType": "PNG"
}
The attribute qrCodeImgContent
is double base64 encoded. First decode using a base64decoder to string
content, then base64 decode again to convert the string to image.
The value for qrCodeContent
should be decoded using a base64decoder. The decoded string should then be entered in a QR Code Generator. Scan the QR code generated with an authenticator, such as Oracle Mobile Authenticator.