Create Self Service Enrollment Request for a Specific MFA Factor

post

/admin/v1/MyAuthenticationFactorEnroller

Request

Supported Media Types
Query Parameters
  • A multi-valued list of strings indicating the return type of attribute definition. The specified set of attributes can be fetched by the return type of the attribute. One or more values can be given together to fetch more than one group of attributes. If "attributes" query parameter is also available, union of the two is fetched. Valid values - all, always, never, request, default. Values are case-insensitive.
    Allowed Values: [ "all", "always", "never", "request", "default" ]
  • A comma-delimited string that specifies the names of resource attributes that should be returned in the response. By default, a response that contains resource attributes contains only attributes that are defined in the schema for that resource type as returned=always or returned=default. An attribute that is defined as returned=request is returned in a response only if the request specifies its name in the value of this query parameter. If a request specifies this query parameter, the response contains the attributes that this query parameter specifies, as well as any attribute that is defined as returned=always.
Header Parameters
  • The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.
  • Media Type
  • An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.
Body ()
MyAuthenticationFactorEnroller schema.

Before you specify an attribute-value in a request to create a resource, please check the 'mutability' property of that attribute in the resource-type schema below. Clicking on an attribute-row will expand that row to show the SCIM++ Properties of that attribute.

  • Your request to create, update or replace a resource may specify in its payload a value for any attribute that is defined as mutability:readWrite or mutability:writeOnly or mutability:immutable:

    • The SCIM APIs to create a resource will ignore silently any value that you specify for an attribute that is defined as mutability:readOnly.
    • The SCIM APIs to update or replace a resource will fail with an error 400 Bad Request if you specify a value for an attribute that is defined as mutability:readOnly.
    • Similarly, the SCIM APIs to update or replace a resource will fail with an error 400 Bad Request if you specify any value for an attribute that is defined as mutability:immutable and that already has a value in the specified resource.

Also, before you use the query-parameter attributes to request specific attributes, please check the 'returned' property of that attribute in the resource-type schema below:

  • Your request to read a resource (or to search a resource-type) can specify as the value of attributes any attributes that are defined as returned:default or returned:request or returned:always:

    • If you request a specific set of attributes, the SCIM APIs to read a resource (or to search a resource-type) will return in each resource the set of attributes that you requested, as well as any attribute that is defined as returned:always.
    • If you do not request a specific set of attributes, the SCIM APIs to read a resource (or to search a resource-type) will return in each resource the the set of attributes defined as returned:default, as well as any attribute that is defined as returned:always.
    • The SCIM APIs to read a resource (or to search a resource-type) will ignore silently any request to return an attribute that is defined as returned:never.

Root Schema : MyAuthenticationFactorEnroller
Type: object
This schema is for performing Multi-Factor Authentication enrollment for an authentication factor like SMS, PUSH, OFFLINETOTP, TOTP, THIRDPARTY etc.
Show Source
  • additionalAttributes
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: true
    • mutability: readWrite
    • required: false
    • returned: default
    • type: complex
    • uniqueness: none
    Additional attributes which will be sent as part of a push notification
  • Allowed Values: [ "EMAIL", "PUSH", "SMS", "TOTP", "VOICE", "THIRDPARTY" ]
    SCIM++ Properties:
    • multiValued: true
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    List of authentication factors such as EMAIL, SMS, TOTP, PUSH and so on, to be enrolled for the user
  • SCIM++ Properties:
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    This is to be used for internal purposes.
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Country code of the enrolled phone number. This attribute is valid only for SMS and VOICE channels.
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Device Identifier that points to the Device resource that comprises the notification channel details such as operating system details, device uuid, mobile application version, and so on.
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Display name passed in the request that needs to be used for the device
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: always
    • type: string
    • uniqueness: global
    Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.
  • idcsCreatedBy
    SCIM++ Properties:
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: true
    • returned: default
    • type: complex
    The User or App who created the Resource
  • idcsLastModifiedBy
    SCIM++ Properties:
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: complex
    The User or App who modified the Resource
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: request
    • type: string
    • uniqueness: none
    The release number when the resource was upgraded.
  • Allowed Values: [ "replace", "update", "delete" ]
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: true
    • mutability: readOnly
    • required: false
    • returned: request
    • type: string
    • uniqueness: none
    Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: true
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    Flag indicates whether the device is enrolled in account recovery
  • SCIM++ Properties:
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    Offline/Online mode of the mobile device of the user for PUSH and TOTP notification channels of enrollment
  • meta
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • idcsCsvAttributeNameMappings: [[columnHeaderName:Created Date, mapsTo:meta.created]]
    • type: complex
    A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readWrite
    • returned: never
    • uniqueness: none
    • idcsSensitive: encrypt
    • idcsSearchable: false
    The One Time Passcode which needs to be validated
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    • idcsSensitive: none
    Phone number of the user for whom multi-factor authentication enrollment is being performed. This attribute is valid only for SMS and VOICE channels.
  • qrCodeContent
    SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: binary
    • uniqueness: none
    QRCode content for the user in case their device's camera is not working/present. If the user wants to enroll for multi-factor authentication, the UI will send this QRcode content in an email to the user to use for enrollment.
  • qrCodeImgContent
    SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: binary
    • uniqueness: none
    Base 64 encoded QRCode image content to be shown in the UI for enrollment of PUSH and TOTP (online or offline) notification channels for multi-factor authentication
  • qrCodeImgType
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: binary
    • uniqueness: none
    Image type of the QRCode image to be shown in the UI for enrollment of PUSH and TOTP (online or offline) notification channels for multi-factor authentication
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Unique identifier of the enrollment request for multi-factor authentication
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: true
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard \"enterprise\" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readWrite
    • returned: never
    • uniqueness: none
    • idcsSensitive: encrypt
    • idcsSearchable: false
    Shared secret value
  • SCIM++ Properties:
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    Flag indicates to skip the factor verification call for enrollment
  • tags
    SCIM++ Properties:
    • idcsCompositeKey: [key, value]
    • idcsSearchable: true
    • multiValued: true
    • mutability: readWrite
    • required: false
    • returned: request
    • type: complex
    • uniqueness: none
    A list of tags on this resource.
  • thirdPartyFactor
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: complex
    • uniqueness: none
    User's third-party authentication factor details
  • user
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: complex
    • uniqueness: none
    User for whom the multi-factor enrollment for an authentication factor/s is being performed
Nested Schema : additionalAttributes
Type: array
SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: true
  • mutability: readWrite
  • required: false
  • returned: default
  • type: complex
  • uniqueness: none
Additional attributes which will be sent as part of a push notification
Show Source
Nested Schema : idcsCreatedBy
Type: object
SCIM++ Properties:
  • idcsSearchable: true
  • multiValued: false
  • mutability: readOnly
  • required: true
  • returned: default
  • type: complex
The User or App who created the Resource
Show Source
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: reference
    • uniqueness: none
    The URI of the SCIM resource that represents the User or App who created this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The displayName of the User or App who created this Resource
  • Allowed Values: [ "User", "App" ]
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The type of resource, User or App, that created this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    The ID of the SCIM resource that represents the User or App who created this Resource
Nested Schema : idcsLastModifiedBy
Type: object
SCIM++ Properties:
  • idcsSearchable: true
  • multiValued: false
  • mutability: readOnly
  • required: false
  • returned: default
  • type: complex
The User or App who modified the Resource
Show Source
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: reference
    • uniqueness: none
    The URI of the SCIM resource that represents the User or App who modified this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The displayName of the User or App who modified this Resource
  • Allowed Values: [ "User", "App" ]
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The type of resource, User or App, that modified this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    The ID of the SCIM resource that represents the User or App who modified this Resource
Nested Schema : meta
Type: object
SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: true
  • multiValued: false
  • mutability: readOnly
  • required: false
  • returned: default
  • idcsCsvAttributeNameMappings: [[columnHeaderName:Created Date, mapsTo:meta.created]]
  • type: complex
A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
Show Source
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: dateTime
    • uniqueness: none
    The DateTime the Resource was added to the Service Provider
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: dateTime
    • uniqueness: none
    The most recent DateTime that the details of this Resource were updated at the Service Provider. If this Resource has never been modified since its initial creation, the value MUST be the same as the value of created. The attribute MUST be a DateTime.
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The URI of the Resource being returned. This value MUST be the same as the Location HTTP response header.
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Name of the resource type of the resource--for example, Users or Groups
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The version of the Resource being returned. This value must be the same as the ETag HTTP response header.
Nested Schema : qrCodeContent
Type: object
SCIM++ Properties:
  • caseExact: true
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: binary
  • uniqueness: none
QRCode content for the user in case their device's camera is not working/present. If the user wants to enroll for multi-factor authentication, the UI will send this QRcode content in an email to the user to use for enrollment.
Nested Schema : qrCodeImgContent
Type: object
SCIM++ Properties:
  • caseExact: true
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: binary
  • uniqueness: none
Base 64 encoded QRCode image content to be shown in the UI for enrollment of PUSH and TOTP (online or offline) notification channels for multi-factor authentication
Nested Schema : qrCodeImgType
Type: object
SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: binary
  • uniqueness: none
Image type of the QRCode image to be shown in the UI for enrollment of PUSH and TOTP (online or offline) notification channels for multi-factor authentication
Allowed Values: [ "PNG", "JPG" ]
Nested Schema : tags
Type: array
SCIM++ Properties:
  • idcsCompositeKey: [key, value]
  • idcsSearchable: true
  • multiValued: true
  • mutability: readWrite
  • required: false
  • returned: request
  • type: complex
  • uniqueness: none
A list of tags on this resource.
Show Source
Nested Schema : thirdPartyFactor
Type: object
SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: complex
  • uniqueness: none
User's third-party authentication factor details
Show Source
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Reference to the third party resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Type of the third party authentication factor
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    The vendor name of the third party factor
Nested Schema : user
Type: object
SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: true
  • multiValued: false
  • mutability: readWrite
  • required: true
  • returned: default
  • type: complex
  • uniqueness: none
User for whom the multi-factor enrollment for an authentication factor/s is being performed
Show Source
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: reference
    • uniqueness: none
    The URI that corresponds to the user resource for whom the authentication factor enrollment is being performed
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: always
    • type: string
    • uniqueness: none
    The identifier of the user
Nested Schema : additionalAttributes
Type: object
Additional attributes which will be sent as part of a push notification
Show Source
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    A name of the attribute
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Value of the attribute
Nested Schema : tags
Type: object
A list of tags on this resource.
Show Source
  • Maximum Length: 256
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Key or name of the tag.
  • Maximum Length: 256
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Value of the tag.
Back to Top

Response

Supported Media Types

201 Response

The request was successful.
Body ()
Root Schema : MyAuthenticationFactorEnroller
Type: object
This schema is for performing Multi-Factor Authentication enrollment for an authentication factor like SMS, PUSH, OFFLINETOTP, TOTP, THIRDPARTY etc.
Show Source
  • additionalAttributes
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: true
    • mutability: readWrite
    • required: false
    • returned: default
    • type: complex
    • uniqueness: none
    Additional attributes which will be sent as part of a push notification
  • Allowed Values: [ "EMAIL", "PUSH", "SMS", "TOTP", "VOICE", "THIRDPARTY" ]
    SCIM++ Properties:
    • multiValued: true
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    List of authentication factors such as EMAIL, SMS, TOTP, PUSH and so on, to be enrolled for the user
  • SCIM++ Properties:
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    This is to be used for internal purposes.
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Country code of the enrolled phone number. This attribute is valid only for SMS and VOICE channels.
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Device Identifier that points to the Device resource that comprises the notification channel details such as operating system details, device uuid, mobile application version, and so on.
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Display name passed in the request that needs to be used for the device
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: always
    • type: string
    • uniqueness: global
    Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.
  • idcsCreatedBy
    SCIM++ Properties:
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: true
    • returned: default
    • type: complex
    The User or App who created the Resource
  • idcsLastModifiedBy
    SCIM++ Properties:
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: complex
    The User or App who modified the Resource
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: request
    • type: string
    • uniqueness: none
    The release number when the resource was upgraded.
  • Allowed Values: [ "replace", "update", "delete" ]
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: true
    • mutability: readOnly
    • required: false
    • returned: request
    • type: string
    • uniqueness: none
    Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: true
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    Flag indicates whether the device is enrolled in account recovery
  • SCIM++ Properties:
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    Offline/Online mode of the mobile device of the user for PUSH and TOTP notification channels of enrollment
  • meta
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • idcsCsvAttributeNameMappings: [[columnHeaderName:Created Date, mapsTo:meta.created]]
    • type: complex
    A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readWrite
    • returned: never
    • uniqueness: none
    • idcsSensitive: encrypt
    • idcsSearchable: false
    The One Time Passcode which needs to be validated
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    • idcsSensitive: none
    Phone number of the user for whom multi-factor authentication enrollment is being performed. This attribute is valid only for SMS and VOICE channels.
  • qrCodeContent
    SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: binary
    • uniqueness: none
    QRCode content for the user in case their device's camera is not working/present. If the user wants to enroll for multi-factor authentication, the UI will send this QRcode content in an email to the user to use for enrollment.
  • qrCodeImgContent
    SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: binary
    • uniqueness: none
    Base 64 encoded QRCode image content to be shown in the UI for enrollment of PUSH and TOTP (online or offline) notification channels for multi-factor authentication
  • qrCodeImgType
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: binary
    • uniqueness: none
    Image type of the QRCode image to be shown in the UI for enrollment of PUSH and TOTP (online or offline) notification channels for multi-factor authentication
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Unique identifier of the enrollment request for multi-factor authentication
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: true
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard \"enterprise\" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readWrite
    • returned: never
    • uniqueness: none
    • idcsSensitive: encrypt
    • idcsSearchable: false
    Shared secret value
  • SCIM++ Properties:
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    Flag indicates to skip the factor verification call for enrollment
  • tags
    SCIM++ Properties:
    • idcsCompositeKey: [key, value]
    • idcsSearchable: true
    • multiValued: true
    • mutability: readWrite
    • required: false
    • returned: request
    • type: complex
    • uniqueness: none
    A list of tags on this resource.
  • thirdPartyFactor
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: complex
    • uniqueness: none
    User's third-party authentication factor details
  • user
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: complex
    • uniqueness: none
    User for whom the multi-factor enrollment for an authentication factor/s is being performed
Nested Schema : additionalAttributes
Type: array
SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: true
  • mutability: readWrite
  • required: false
  • returned: default
  • type: complex
  • uniqueness: none
Additional attributes which will be sent as part of a push notification
Show Source
Nested Schema : idcsCreatedBy
Type: object
SCIM++ Properties:
  • idcsSearchable: true
  • multiValued: false
  • mutability: readOnly
  • required: true
  • returned: default
  • type: complex
The User or App who created the Resource
Show Source
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: reference
    • uniqueness: none
    The URI of the SCIM resource that represents the User or App who created this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The displayName of the User or App who created this Resource
  • Allowed Values: [ "User", "App" ]
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The type of resource, User or App, that created this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    The ID of the SCIM resource that represents the User or App who created this Resource
Nested Schema : idcsLastModifiedBy
Type: object
SCIM++ Properties:
  • idcsSearchable: true
  • multiValued: false
  • mutability: readOnly
  • required: false
  • returned: default
  • type: complex
The User or App who modified the Resource
Show Source
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: reference
    • uniqueness: none
    The URI of the SCIM resource that represents the User or App who modified this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The displayName of the User or App who modified this Resource
  • Allowed Values: [ "User", "App" ]
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The type of resource, User or App, that modified this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    The ID of the SCIM resource that represents the User or App who modified this Resource
Nested Schema : meta
Type: object
SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: true
  • multiValued: false
  • mutability: readOnly
  • required: false
  • returned: default
  • idcsCsvAttributeNameMappings: [[columnHeaderName:Created Date, mapsTo:meta.created]]
  • type: complex
A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
Show Source
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: dateTime
    • uniqueness: none
    The DateTime the Resource was added to the Service Provider
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: dateTime
    • uniqueness: none
    The most recent DateTime that the details of this Resource were updated at the Service Provider. If this Resource has never been modified since its initial creation, the value MUST be the same as the value of created. The attribute MUST be a DateTime.
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The URI of the Resource being returned. This value MUST be the same as the Location HTTP response header.
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Name of the resource type of the resource--for example, Users or Groups
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The version of the Resource being returned. This value must be the same as the ETag HTTP response header.
Nested Schema : qrCodeContent
Type: object
SCIM++ Properties:
  • caseExact: true
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: binary
  • uniqueness: none
QRCode content for the user in case their device's camera is not working/present. If the user wants to enroll for multi-factor authentication, the UI will send this QRcode content in an email to the user to use for enrollment.
Nested Schema : qrCodeImgContent
Type: object
SCIM++ Properties:
  • caseExact: true
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: binary
  • uniqueness: none
Base 64 encoded QRCode image content to be shown in the UI for enrollment of PUSH and TOTP (online or offline) notification channels for multi-factor authentication
Nested Schema : qrCodeImgType
Type: object
SCIM++ Properties:
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: binary
  • uniqueness: none
Image type of the QRCode image to be shown in the UI for enrollment of PUSH and TOTP (online or offline) notification channels for multi-factor authentication
Allowed Values: [ "PNG", "JPG" ]
Nested Schema : tags
Type: array
SCIM++ Properties:
  • idcsCompositeKey: [key, value]
  • idcsSearchable: true
  • multiValued: true
  • mutability: readWrite
  • required: false
  • returned: request
  • type: complex
  • uniqueness: none
A list of tags on this resource.
Show Source
Nested Schema : thirdPartyFactor
Type: object
SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: default
  • type: complex
  • uniqueness: none
User's third-party authentication factor details
Show Source
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Reference to the third party resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Type of the third party authentication factor
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    The vendor name of the third party factor
Nested Schema : user
Type: object
SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: true
  • multiValued: false
  • mutability: readWrite
  • required: true
  • returned: default
  • type: complex
  • uniqueness: none
User for whom the multi-factor enrollment for an authentication factor/s is being performed
Show Source
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: reference
    • uniqueness: none
    The URI that corresponds to the user resource for whom the authentication factor enrollment is being performed
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: always
    • type: string
    • uniqueness: none
    The identifier of the user
Nested Schema : additionalAttributes
Type: object
Additional attributes which will be sent as part of a push notification
Show Source
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    A name of the attribute
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Value of the attribute
Nested Schema : tags
Type: object
A list of tags on this resource.
Show Source
  • Maximum Length: 256
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Key or name of the tag.
  • Maximum Length: 256
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Value of the tag.

400 Response

Bad or invalid request
Body ()
Root Schema : Error
Type: object
The SCIM Protocol uses the HTTP status response status codes defined in Section 6 [RFC7231] to indicate operation success or failure. Refer the available status codes here : Status Codes.
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
Show Source
  • A detailed, human readable message. OPTIONAL
  • Allowed Values: [ "urn:ietf:params:scim:api:messages:2.0:Error", "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error" ]
    The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for SCIM specified Error and Extn Error Schema. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
  • The HTTP status code (see Section 6 [RFC7231]) expressed as a JSON String
  • urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
    Extension schema for error messages providing more details with the exception status.
    Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Nested Schema : urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
Type: object
Extension schema for error messages providing more details with the exception status.
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Show Source
Nested Schema : additionalData
Type: object
Contains Map based additional data for the exception message (as key-value pair). All keys and values are in string format.

401 Response

The supplied credentials, if any, are not sufficient to access the resource.
Body ()
Root Schema : Error
Type: object
The SCIM Protocol uses the HTTP status response status codes defined in Section 6 [RFC7231] to indicate operation success or failure. Refer the available status codes here : Status Codes.
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
Show Source
  • A detailed, human readable message. OPTIONAL
  • Allowed Values: [ "urn:ietf:params:scim:api:messages:2.0:Error", "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error" ]
    The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for SCIM specified Error and Extn Error Schema. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
  • The HTTP status code (see Section 6 [RFC7231]) expressed as a JSON String
  • urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
    Extension schema for error messages providing more details with the exception status.
    Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Nested Schema : urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
Type: object
Extension schema for error messages providing more details with the exception status.
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Show Source
Nested Schema : additionalData
Type: object
Contains Map based additional data for the exception message (as key-value pair). All keys and values are in string format.

404 Response

The requested resource was not found.
Body ()
Root Schema : Error
Type: object
The SCIM Protocol uses the HTTP status response status codes defined in Section 6 [RFC7231] to indicate operation success or failure. Refer the available status codes here : Status Codes.
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
Show Source
  • A detailed, human readable message. OPTIONAL
  • Allowed Values: [ "urn:ietf:params:scim:api:messages:2.0:Error", "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error" ]
    The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for SCIM specified Error and Extn Error Schema. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
  • The HTTP status code (see Section 6 [RFC7231]) expressed as a JSON String
  • urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
    Extension schema for error messages providing more details with the exception status.
    Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Nested Schema : urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
Type: object
Extension schema for error messages providing more details with the exception status.
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Show Source
Nested Schema : additionalData
Type: object
Contains Map based additional data for the exception message (as key-value pair). All keys and values are in string format.

500 Response

We couldn't return the representation due to an internal server error.
Body ()
Root Schema : Error
Type: object
The SCIM Protocol uses the HTTP status response status codes defined in Section 6 [RFC7231] to indicate operation success or failure. Refer the available status codes here : Status Codes.
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
Show Source
  • A detailed, human readable message. OPTIONAL
  • Allowed Values: [ "urn:ietf:params:scim:api:messages:2.0:Error", "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error" ]
    The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for SCIM specified Error and Extn Error Schema. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
  • The HTTP status code (see Section 6 [RFC7231]) expressed as a JSON String
  • urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
    Extension schema for error messages providing more details with the exception status.
    Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Nested Schema : urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
Type: object
Extension schema for error messages providing more details with the exception status.
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Show Source
Nested Schema : additionalData
Type: object
Contains Map based additional data for the exception message (as key-value pair). All keys and values are in string format.
Back to Top

Examples

The following example requests and responses show you how to self-service enroll in MFA using SMS, Email, Security Questions, PUSH and Offline TOTP factors by submitting a POST request on a REST resource using cURL. For more information about cURL, see Use cURL. The self-service MFA enrollment is a three-step process, i.e., 1) Create Self Service Enrollment Request (This page provides the Request/Response examples for this step), 2) Initiate Self Service Enrollment Using the Requested MFA Factor and 3) Validate Self Service Enrollment Using the Requested MFA Factor.

cURL Command

Note:

The command in this example uses the URL structure https://tenant-base-url/resource-path, where tenant-base-url represents the Identity Service URL, and the resource path represents the Identity Service API. See Send Requests for the appropriate URL structure to use. You can obtain a ME token using Authentication API or OAuth Access Code flow before following the steps below. See Generating Access Token Using Authentication API Generating Access Token Using Authentication API for information on obtaining a ME token.
curl
-X POST
-H "Content-Type:application/json"
-H "Authorization: Bearer <Access Token Value>"
https://tenant-base-url/admin/v1/MyAuthenticationFactorEnroller

Example of Request Body for SMS Factor Enrollment

The following shows an example of the POST request body in JSON format:

{
  "schemas": [
    "urn:ietf:params:scim:schemas:oracle:idcs:AuthenticationFactorEnroller"
  ],
  "user": {
    "value": "c810ff4522eb437abac013291c1984d1"
  },
  "displayName": "Joe's Personal Phone",
  "countryCode": "+44",
  "phoneNumber": "1122334455",
  "authnFactors": [
    "SMS"
  ]
}

Example of Response Body for SMS Factor Enrollment

The following example shows the contents of the response body in JSON format:

{
    "schemas": [
        "urn:ietf:params:scim:schemas:oracle:idcs:AuthenticationFactorEnroller"
    ],
    "user": {
        "value": "c810ff4522eb437abac013291c1984d1",
        "$ref": "https://tenant-base-url/admin/v1/Users/c810ff4522eb437abac013291c1984d1"
    },
    "displayName": "Joe's Personal Phone",
    "countryCode": "+44",
    "phoneNumber": "XXXXXXX455",
    "authnFactors": [
        "SMS"
    ],
    "meta": {
        "resourceType": "MyAuthenticationFactorEnroller",
        "location": "https://tenant-base-url/admin/v1/MyAuthenticationFactorEnroller"
    },
    "deviceId": "92142250e2ab4608b5c6532eb73e3d7c",
    "requestId": "a0a7f9bf-13a8-43f3-bcc7-2087dc3f7a18o-o1548346179"
}

Error Response Examples

The following example shows the error message in JSON format when the userId is invalid. You get a 400 HTTP response code.
{
   {
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:Error",
        "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
    ],
    "detail": "AuthenticationFactorEnroller.user references a User with ID 1fa35f74491d44ef5a7cc25bfdb1c8b1c that does not exist.",
    "status": "400",
    "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
        "messageId": "error.common.validation.invalidReferenceResource"
    }
}

The following example shows the error message in JSON format when an SMS authentication factor has been disabled or not supported. You get a 400 HTTP response code.

{
 {
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:Error",
        "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
    ],
    "detail": "The SMS authentication factor is not supported or enabled.",
    "status": "400",
    "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
        "messageId": "error.ssocommon.auth.authFactorNotSupported"
    }
}

The following example shows the error message in JSON format if a countryCode attribute is incorrect. You get a 400 HTTP response code.

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:Error",
        "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
    ],
    "detail": "Your phone number +dd9901266400 is not valid.",
    "status": "400",
    "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
        "messageId": "error.ssocommon.auth.invalidPhoneNumber",
        "additionalData": {
            "params": "+dd9901266400",
            "msgId": "error.ssocommon.auth.invalidPhoneNumber"
        }
    }
}

The following example shows the error message in JSON format if a phoneNumber is invalid. You get a 400 HTTP response code.

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:Error",
        "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
    ],
    "detail": "Your phone number +91123 is not valid.",
    "status": "400",
    "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
        "messageId": "error.ssocommon.auth.invalidPhoneNumber",
        "additionalData": {
            "params": "+91123",
            "msgId": "error.ssocommon.auth.invalidPhoneNumber"
        }
    }
}

The following example shows the error message in JSON format for an unauthorized user. That is, the ME token points to user X, but the user ID mentioned in the payload is for user Y. You get a 401 HTTP response code.

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:Error",
        "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
    ],
    "detail": "You are not authorized to perform this action.",
    "status": "401",
    "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
        "messageId": "error.ssocommon.ssoadmin.mfa.notAuthorized"
    }
}

The following example shows the error message in JSON format if an invalid method is mentioned as a factor. You get a 400 HTTP response code.

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:Error",
        "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
    ],
    "detail": "Invalid value [SMSS] for attribute :
 authnFactors. Expected one of [EMAIL,PUSH,SMS,TOTP,VOICE].",
    "status": "400",
    "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
        "messageId": "error.common.validation.canonicalValues"
    }
}

Example of Request Body for Email Factor Enrollment

The following example shows the contents of the POST request body in JSON format:

{
  "schemas": [
    "urn:ietf:params:scim:schemas:oracle:idcs:AuthenticationFactorEnroller"
  ],
  "user": {
    "value": "99b7a4b948c74adf947d4fccd3b99972"
  },
  "authnFactors": [
    "EMAIL"
  ]
}

Example of Response Body for Email Factor Enrollment

The following example shows the contents of the response body in JSON format:

{
    "schemas": [
        "urn:ietf:params:scim:schemas:oracle:idcs:AuthenticationFactorEnroller"
    ],
    "user": {
        "value": "99b7a4b948c74adf947d4fccd3b99972",
        "$ref": "https://tenant-base-url/admin/v1/Users/99b7a4b948c74adf947d4fccd3b99972"
    },
    "authnFactors": [
        "EMAIL"
    ],
    "meta": {
        "resourceType": "MyAuthenticationFactorEnroller",
        "location": "https://tenant-base-url/admin/v1/MyAuthenticationFactorEnroller"
    },
    "deviceId": "bcb65790a29143ca960fa67fb530da63",
    "requestId": "f8ee0085-1091-4eb3-b1d4-657ea6e1f3b7o-o1541112590"
}

Error Response Examples

The following example shows the error message in JSON format if a user has no primary email set up in the profile. You get a 400 HTTP response code.

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:Error",
        "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
    ],
    "detail": "Primary email-id is not present for user user2.",
    "status": "400",
    "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
        "messageId": "error.ssocommon.ssoadmin.user.primaryEmailIdNotPresent",
        "additionalData": {
            "params": "user2",
            "msgId": "error.ssocommon.ssoadmin.user.primaryEmailIdNotPresent"
        }
    }
}

The following example shows the error message in JSON format if a user tires to enroll email for another user. That is, the ME token points to user X, while user ID mentioned in the payload is for user Y. You get a 401 HTTP response code.

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:Error",
        "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
    ],
    "detail": "You are not authorized to perform this action.",
    "status": "401",
    "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
        "messageId": "error.ssocommon.ssoadmin.mfa.notAuthorized"
    }
}

The following example shows the error message in JSON format if an EMAIL authentication factor is disabled in the tenant. You get a 400 HTTP response code.

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:Error",
        "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
    ],
    "detail": "The EMAIL authentication factor is not supported or enabled.",
    "status": "400",
    "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
        "messageId": "error.ssocommon.auth.authFactorNotSupported"
    }
}

The following example shows the error message in JSON format if a given userId is incorrect. You get a 400 HTTP response code.

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:Error",
        "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
    ],
    "detail": "AuthenticationFactorEnroller.user references a User with ID fa35f74491d44ef5a7cc25bfdb1c8b1dc that does not exist.",
    "status": "400",
    "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
        "messageId": "error.common.validation.invalidReferenceResource"
    }
}

The following example shows the error message in JSON format if an invalid method is mentioned as the factor. You get a 400 HTTP response code.

{
    "schemas": [
        "urn:ietf:params:scim:api:messages:2.0:Error",
        "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
    ],
    "detail": "Invalid value [EMAILL] for attribute :
 authnFactors. Expected one of [EMAIL,PUSH,SMS,TOTP,VOICE].",
    "status": "400",
    "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
        "messageId": "error.common.validation.canonicalValues"
    }
}

Example of Request Body for Security Questions Factor Enrollment

Note:

In the request, you must include the mandatory number of questions and answers based on the Security Questions Settings configuration. You make a GET call to {{HOST}}/admin/v1/SecurityQuestionSettings/SecurityQuestionSettings. You could also make a GET call to {{HOST}}/admin/v1/SecurityQuestions?count=48&startIndex=1 in order to retrieve the list of security questions so you know what to enter for the "value" below.

The following example shows the contents of the PATCH request body in JSON format:

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
  ],
  "Operations": [
    {
      "op": "add",
      "path": "urn:ietf:params:scim:schemas:oracle:idcs:extension:securityQuestions:User:secQuestions",
      "value": [
        {
          "value": "FavoriteMovie",
          "answer": "Harry Potter",
          "hintText": "wizard"
        },
        {
          "value": "FavoriteFood",
          "answer": "Chinese",
          "hintText": "springrolls"
        },
        {
          "value": "FirstPet",
          "answer": "Bouncer",
          "hintText": "dog"
        }
      ]
    }
  ]
}

Example of Response Body for Security Questions Factor Enrollment

The following example shows the contents of the response body in JSON format:

{
    "idcsCreatedBy": {
        "type": "User",
        "display": "admin user",
        "value": "05999e92c93c4b45a04efd094ac5730e",
        "$ref": "https://tenant-base-url/admin/v1/Users/05999e92c93c4b45a04efd094ac5730e"
    },
    "id": "c810ff4522eb437abac013291c1984d1",
    "meta": {
        "created": "2019-01-24T10:06:52.595Z",
        "lastModified": "2019-01-24T17:05:06.939Z",
        "resourceType": "Me",
        "location": "https://tenant-base-url/admin/v1/Me/c810ff4522eb437abac013291c1984d1"
    },
    "active": true,
    "displayName": "Joe Bloggs",
    "idcsLastModifiedBy": {
        "value": "c810ff4522eb437abac013291c1984d1",
        "display": "Joe Bloggs",
        "type": "User",
        "$ref": "https://tenant-base-url/admin/v1/Users/c810ff4522eb437abac013291c1984d1"
    },
    "userName": "jbloggs",
    "urn:ietf:params:scim:schemas:oracle:idcs:extension:userState:User": {
        "locked": {
            "on": false
        }
    },
    "name": {
        "formatted": "Joe Bloggs",
        "familyName": "Bloggs",
        "givenName": "Joe"
    },
    "emails": [
        {
            "verified": true,
            "primary": false,
            "secondary": false,
            "value": "joe.bloggs@example.com",
            "type": "recovery"
        },
        {
            "verified": true,
            "primary": true,
            "secondary": false,
            "value": "joe.bloggs@example.com",
            "type": "work"
        }
    ],
    "urn:ietf:params:scim:schemas:oracle:idcs:extension:mfa:User": {
        "mfaStatus": "ENROLLED",
        "loginAttempts": 0,
        "preferredAuthenticationFactor": "PUSH",
        "preferredDevice": {
            "value": "2b27b8c072d64b899d41c8470acea32a",
            "$ref": "https://tenant-base-url/admin/v1/Devices/2b27b8c072d64b899d41c8470acea32a"
        }
    },
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User",
        "urn:ietf:params:scim:schemas:oracle:idcs:extension:userState:User",
        "urn:ietf:params:scim:schemas:oracle:idcs:extension:mfa:User"
    ]
}

Example of Request Body for PUSH Factor Enrollment

Note:

In the request, you must pass the value attribute, which is the userId. You can make a GET call to {{HOST}}/admin/v1/Me to get the "id" value.

The following example shows the contents of the POST request body in JSON format:

{
  "schemas": [
    "urn:ietf:params:scim:schemas:oracle:idcs:AuthenticationFactorEnroller"
  ],
  "user": {
    "value": "c810ff4522eb437abac013291c1984d1"
  },
  "authnFactors": [
    "PUSH"
  ]
}

Example of Response Body for PUSH Factor Enrollment

The following example shows the contents of the response body in JSON format:

{
    "schemas": [
        "urn:ietf:params:scim:schemas:oracle:idcs:AuthenticationFactorEnroller"
    ],
    "user": {
        "value": "c810ff4522eb437abac013291c1984d1",
        "$ref": "https://tenant-base-url/admin/v1/Users/c810ff4522eb437abac013291c1984d1"
    },
    "authnFactors": [
        "PUSH",
        "TOTP"
    ],
    "isDeviceOffline": false,
    "meta": {
        "resourceType": "MyAuthenticationFactorEnroller",
        "location": "https://tenant-base-url/admin/v1/MyAuthenticationFactorEnroller"
    },
    "deviceId": "8bb96b4302eb40b2916079b3f597b077",
    "displayName": "Joe's Phone",
    "requestId": "7d988fb0-fe10-458d-aaba-0cb1230bfc25",
    "qrCodeImgContent": "aVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQVN3QU...........RHLzZyOU8wcnF3a0YrNnBBQUFBQUJKUlU1RXJrSmdnZz09",
    "qrCodeContent": "b3JhY2xlbW9iaWxlYXV0aGVudGljYXRvcjovL3RvdH...........VU0gmS2V5UGFpckxlbmd0aD0yMDQ4JlNTRT1CYXNlMzI=",
    "qrCodeImgType": "PNG"
}

The value for qrCodeContent should be decoded using a base64decoder. The decoded string should then be entered in a QR Code Generator. Scan the QR code generated with an authenticator, such as Oracle Mobile Authenticator. As this is a PUSH enrollment, enrollment will then happen automatically.

Example of Request Body for Offline TOTP Factor Enrollment

Note:

In the request body, you must pass the following attribute:

value: the userId

You can make a GET call to {{HOST}}/admin/v1/Me to get the userId value.

The following example shows the contents of the POST request body in JSON format:

{
  "schemas": [
    "urn:ietf:params:scim:schemas:oracle:idcs:AuthenticationFactorEnroller"
  ],
  "user": {
    "value": "4d7ef2bed0e64ab9befa13bddf0e7440",
    "$ref": "https://tenant-base-url/admin/v1/Users/4d7ef2bed0e64ab9befa13bddf0e7440"
  },
  "authnFactors": [
    "TOTP"
  ],
  "isDeviceOffline": true
}

Example of Response Body for Offline TOTP Factor Enrollment

The following example shows the contents of the response body in JSON format:

{
    "schemas": [
        "urn:ietf:params:scim:schemas:oracle:idcs:AuthenticationFactorEnroller"
    ],
    "user": {
        "value": "4d7ef2bed0e64ab9befa13bddf0e7440",
        "$ref": "https://tenant-base-url/admin/v1/Users/4d7ef2bed0e64ab9befa13bddf0e7440"
    },
    "authnFactors": [
        "TOTP"
    ],
    "isDeviceOffline": true,
    "meta": {
        "resourceType": "MyAuthenticationFactorEnroller",
        "location": "https://tenant-base-url/admin/v1/MyAuthenticationFactorEnroller"
    },
    "deviceId": "ddbeca400f5841bd82e0a324068e1b0b",
    "displayName": "Joe's Phone",
    "requestId": "30f61b36-a942-4db1-bca6-fbc63003190a",
    "qrCodeImgContent": "aVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQVBv.......QUFBQUJKUlU1RXJrSmdnZz09",
    "qrCodeContent": "b3RwYXV0aDovL3RvdHAvcmhvZGdzb............JMZW5ndGg9MjA0OCZTU0U9QmFzZTMy",
    "qrCodeImgType": "PNG"
}

The value for qrCodeContent should be decoded using a base64decoder. The decoded string should then be entered in a QR Code Generator. Scan the QR code generated with an authenticator, such as Oracle Mobile Authenticator.

Back to Top