Check Password of Specified User or App

post

/admin/v1/PasswordAuthenticator

Request

Supported Media Types
Query Parameters
  • A multi-valued list of strings indicating the return type of attribute definition. The specified set of attributes can be fetched by the return type of the attribute. One or more values can be given together to fetch more than one group of attributes. If "attributes" query parameter is also available, union of the two is fetched. Valid values - all, always, never, request, default. Values are case-insensitive.
    Allowed Values: [ "all", "always", "never", "request", "default" ]
  • A comma-delimited string that specifies the names of resource attributes that should be returned in the response. By default, a response that contains resource attributes contains only attributes that are defined in the schema for that resource type as returned=always or returned=default. An attribute that is defined as returned=request is returned in a response only if the request specifies its name in the value of this query parameter. If a request specifies this query parameter, the response contains the attributes that this query parameter specifies, as well as any attribute that is defined as returned=always.
Header Parameters
  • The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested.
  • Media Type
  • An endpoint-specific schema version number to use in the Request. Allowed version values are Earliest Version or Latest Version as specified in each REST API endpoint description, or any sequential number inbetween. All schema attributes/body parameters are a part of version 1. After version 1, any attributes added or deprecated will be tagged with the version that they were added to or deprecated in. If no version is provided, the latest schema version is returned.
Body ()
PasswordAuthenticator schema.

Before you specify an attribute-value in a request to create a resource, please check the 'mutability' property of that attribute in the resource-type schema below. Clicking on an attribute-row will expand that row to show the SCIM++ Properties of that attribute.

  • Your request to create, update or replace a resource may specify in its payload a value for any attribute that is defined as mutability:readWrite or mutability:writeOnly or mutability:immutable:

    • The SCIM APIs to create a resource will ignore silently any value that you specify for an attribute that is defined as mutability:readOnly.
    • The SCIM APIs to update or replace a resource will fail with an error 400 Bad Request if you specify a value for an attribute that is defined as mutability:readOnly.
    • Similarly, the SCIM APIs to update or replace a resource will fail with an error 400 Bad Request if you specify any value for an attribute that is defined as mutability:immutable and that already has a value in the specified resource.

Also, before you use the query-parameter attributes to request specific attributes, please check the 'returned' property of that attribute in the resource-type schema below:

  • Your request to read a resource (or to search a resource-type) can specify as the value of attributes any attributes that are defined as returned:default or returned:request or returned:always:

    • If you request a specific set of attributes, the SCIM APIs to read a resource (or to search a resource-type) will return in each resource the set of attributes that you requested, as well as any attribute that is defined as returned:always.
    • If you do not request a specific set of attributes, the SCIM APIs to read a resource (or to search a resource-type) will return in each resource the the set of attributes defined as returned:default, as well as any attribute that is defined as returned:always.
    • The SCIM APIs to read a resource (or to search a resource-type) will ignore silently any request to return an attribute that is defined as returned:never.

Root Schema : PasswordAuthenticator
Type: object
Schema for password authenticator
Show Source
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: request
    • type: boolean
    • uniqueness: none
    Account Recovery Status of the User. True indicates account recovery is required for the user.
  • Minimum Length: 2
    Maximum Length: 100
    SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: writeOnly
    • returned: never
    • idcsSearchable: true
    • caseExact: false
    • uniqueness: none
    Display name of the application. If the request specifies a value for \"appName\", \"appId\", \"appServiceInstanceIdentifier\", or \"appDisplayName\", then the \"appRoles\" claim in the response must contain only the values that have matching values of subattributes \"appName\",\"appId\", \"appServiceInstanceIdentifier\", or \"appId\" derived from \"appDisplayName\".
  • Minimum Length: 2
    Maximum Length: 100
    SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: writeOnly
    • returned: never
    • idcsSearchable: true
    • caseExact: false
    • uniqueness: none
    Id of the application. If the request specifies a value for \"appName\", \"appId\", \"appServiceInstanceIdentifier\", or \"appDisplayName\", then the \"appRoles\" claim in the response must contain only the values that have matching values of subattributes \"appName\",\"appId\", \"appServiceInstanceIdentifier\", or \"appId\" derived from \"appDisplayName\".
  • applicableAuthenticationTargetApp
    SCIM++ Properties:
    • idcsCompositeKey: [value]
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: request
    • type: complex
    • uniqueness: none
    The app against which the user will authenticate. The value is not persisted but rather calculated. If the user's delegatedAuthenticationTargetApp is set, that value is returned. Otherwise, the app returned by evaluating the user's applicable Delegated Authentication Policy is returned. Value is returned only if authentication is not aginst IDCS.
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: true
    • mutability: readOnly
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Account recovery applicable factors
  • Minimum Length: 2
    Maximum Length: 100
    SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: writeOnly
    • returned: never
    • idcsSearchable: true
    • caseExact: false
    • uniqueness: none
    Name of the application. If the request specifies a value for \"appName\", \"appId\", \"appServiceInstanceIdentifier\", or \"appDisplayName\", then the \"appRoles\" claim in the response must contain only the values that have matching values of subattributes \"appName\",\"appId\", \"appServiceInstanceIdentifier\", or \"appId\" derived from \"appDisplayName\".
  • appRoles
    SCIM++ Properties:
    • type: complex
    • multiValued: true
    • required: false
    • idcsCompositeKey: [value]
    • mutability: readOnly
    • returned: request
    • uniqueness: none
    A list of AppRoles granted to the specified Subject (User or App).
  • Minimum Length: 2
    Maximum Length: 100
    SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: writeOnly
    • returned: never
    • idcsSearchable: false
    • caseExact: false
    • uniqueness: none
    Service-instance identifier of the application. If the request specifies a value for \"appName\", \"appId\", \"appServiceInstanceIdentifier\", or \"appDisplayName\", then the \"appRoles\" claim in the response must contain only the values that have matching values of subattributes \"appName\",\"appId\", \"appServiceInstanceIdentifier\", or \"appId\" derived from \"appDisplayName\".
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    • idcsPii: true
    City in user's primary address
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: writeOnly
    • returned: never
    • uniqueness: none
    • idcsSearchable: false
    Client IP address
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    • idcsPii: true
    Country in user's primary address
  • SCIM++ Properties:
    • type: boolean
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    If true, this indicates that the authenticated subject is logged in as a CSR user. This attribute is returned in the response to a successful authentication request.
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
  • groups
    SCIM++ Properties:
    • type: complex
    • multiValued: true
    • required: false
    • idcsCompositeKey: [value]
    • mutability: readOnly
    • returned: request
    • uniqueness: none
    A list of groups of which the User or App is a member, either thorough direct membership, nested groups, or dynamically calculated
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: always
    • type: string
    • uniqueness: global
    Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.
  • idcsCreatedBy
    SCIM++ Properties:
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: true
    • returned: default
    • type: complex
    The User or App who created the Resource
  • idcsLastModifiedBy
    SCIM++ Properties:
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: complex
    The User or App who modified the Resource
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: request
    • type: string
    • uniqueness: none
    The release number when the resource was upgraded.
  • Allowed Values: [ "replace", "update", "delete" ]
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: true
    • mutability: readOnly
    • required: false
    • returned: request
    • type: string
    • uniqueness: none
    Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
  • SCIM++ Properties:
    • type: boolean
    • multiValued: false
    • required: false
    • mutability: writeOnly
    • returned: never
    • uniqueness: none
    If true, indicates that the \"groups\" attribute and \"appRoles\" attribute should be included in the response if this request is successful.
  • SCIM++ Properties:
    • type: boolean
    • multiValued: false
    • required: false
    • mutability: writeOnly
    • returned: never
    • uniqueness: none
    If true, indicates that MFA attributes will be included in the response.
  • SCIM++ Properties:
    • type: boolean
    • multiValued: false
    • required: false
    • mutability: writeOnly
    • returned: never
    • uniqueness: none
    If true, indicates that the \"sffAuthKeys\" attribute should be included in the response if this request is successful.
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: writeOnly
    • required: false
    • returned: never
    • type: boolean
    • uniqueness: none
    if and only if true( treated as false if unspecified), the SignOn Policy accesss allow/deny result is considered in addition to the user credential validity to determine the authenticator success/failure
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    Locale supported by IDCS.This attribute contains calculated value of user preferred locale, which is closest IDCS supported locale. This attribute is intended for IDCS internal applications. This attribute is returned in the response to a successful authentication request.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readWrite
    • returned: default
    • uniqueness: none
    If provided, the attribute 'mappingAttribute' together with 'mappingAttributeValue' identify the User or App against which the 'password' will be checked. For example, a requester might specify \"username\" as the value of 'mappingAttribute', and \"jdoe\" as the value of 'mappingAttributeValue'. Together, these values should form a filter -- e.g., \"username\" eq \"jdoe\" -- that selects exactly one User or App. The value of mappingAttribute must be a valid attribute name that is available in User or App schema. If not provided, the default value is \"username\" for User and \"name\" for App. Initially for App, \"name\" is the only supported attribute from App schema
  • Minimum Length: 1
    Maximum Length: 256
    SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: true
    • mutability: readWrite
    • returned: default
    • uniqueness: none
    The attribute 'mappingAttributeValue' or together with 'mappingAttribute', if provided, identify the User or App against which the 'password' will be checked. For example, a requester might specify \"username\" as the value of 'mappingAttribute', and \"jdoe\" as the value of 'mappingAttributeValue'. Together, these values should form a filter -- e.g., \"username\" eq \"jdoe\" -- that selects exactly one User or App. The value of mappingAttribute must be a valid attribute name that is available in User or App schema. If not provided, the default value is \"username\" for User and \"name\" for App. Initially for App, \"name\" is the only supported attribute from App schema
  • meta
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • idcsCsvAttributeNameMappings: [[columnHeaderName:Created Date, mapsTo:meta.created]]
    • type: complex
    A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: true
    • mutability: readOnly
    • required: false
    • returned: request
    • type: string
    • uniqueness: none
    User MFA Ignored Apps Identifiers
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: request
    • type: string
    • uniqueness: none
    MFA Preferred Authentication Factor
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: request
    • type: string
    • uniqueness: none
    MFA Preferred Device
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: request
    • type: string
    • uniqueness: none
    MFA Preferred Third Party vendor name
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: request
    • type: string
    • uniqueness: none
    MFA Status of the User
  • Minimum Length: 1
    Maximum Length: 500
    SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: true
    • mutability: writeOnly
    • returned: never
    • idcsSensitive: hash
    • uniqueness: none
    The value of this attribute is passed as an input-parameter. This PasswordAuthenticator must compare the its value to the credential of the User or App.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    • idcsPii: true
    Postal code in user's primary address
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    Preferred language supported by IDCS. This attribute contains calculated value of user preferred language, which is closest IDCS supported language. This attribute is intended for IDCS internal applications. This attribute is returned in the response to a successful authentication request.
  • SCIM++ Properties:
    • caseExact: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    Boolean value which indicates whether his primary email is verified or not
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: true
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard \"enterprise\" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
  • SCIM++ Properties:
    • type: boolean
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    • uniqueness: none
    If true, indicates that User has setup already setup Security Questions.
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: request
    • type: string
    • uniqueness: none
    SFF auth keys clob
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    • idcsPii: true
    State in user's primary address
  • tags
    SCIM++ Properties:
    • idcsCompositeKey: [key, value]
    • idcsSearchable: true
    • multiValued: true
    • mutability: readWrite
    • required: false
    • returned: request
    • type: complex
    • uniqueness: none
    A list of tags on this resource.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    This attribute identifies the name of the tenant (also known as identity-domain) in which the subject User or App is defined. This attribute is returned in the response to a successful authentication request.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    User's time zone
  • Allowed Values: [ "User", "App" ]
    SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    • uniqueness: none
    A label indicating the type of the specified identity--either 'User' or 'App'.
  • SCIM++ Properties:
    • caseExact: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    Indicates whether a user can set recovery email
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    • uniqueness: none
    User display name
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: always
    • uniqueness: none
    • idcsPii: true
    User's primary email. This attribute is returned in the response to a successful authentication request.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    • caseExact: true
    • idcsSearchable: false
    User's native locale. This attribute is intended for external applications to read user's native locale. This attribute is returned in the response to a successful authentication request.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    • uniqueness: none
    • idcsPii: true
    User name
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    • caseExact: true
    • idcsSearchable: false
    User's native preferred language. This attribute is intended for external applications to read user's native language. This attribute is returned in the response to a successful authentication request.
Nested Schema : applicableAuthenticationTargetApp
Type: object
SCIM++ Properties:
  • idcsCompositeKey: [value]
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: request
  • type: complex
  • uniqueness: none
The app against which the user will authenticate. The value is not persisted but rather calculated. If the user's delegatedAuthenticationTargetApp is set, that value is returned. Otherwise, the app returned by evaluating the user's applicable Delegated Authentication Policy is returned. Value is returned only if authentication is not aginst IDCS.
Show Source
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: request
    • type: reference
    • uniqueness: none
    Display Name for the Authn Target App. In case of AD App it will be the domain name
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    App Display Name
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    A label that indicates whether this is an App or IdentitySource.
  • SCIM++ Properties:
    • caseExact: true
    • multiValued: false
    • mutability: readWrite
    • returned: default
    • type: string
    • uniqueness: none
    App identifier
Nested Schema : appRoles
Type: array
SCIM++ Properties:
  • type: complex
  • multiValued: true
  • required: false
  • idcsCompositeKey: [value]
  • mutability: readOnly
  • returned: request
  • uniqueness: none
A list of AppRoles granted to the specified Subject (User or App).
Show Source
Nested Schema : groups
Type: array
SCIM++ Properties:
  • type: complex
  • multiValued: true
  • required: false
  • idcsCompositeKey: [value]
  • mutability: readOnly
  • returned: request
  • uniqueness: none
A list of groups of which the User or App is a member, either thorough direct membership, nested groups, or dynamically calculated
Show Source
Nested Schema : idcsCreatedBy
Type: object
SCIM++ Properties:
  • idcsSearchable: true
  • multiValued: false
  • mutability: readOnly
  • required: true
  • returned: default
  • type: complex
The User or App who created the Resource
Show Source
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: reference
    • uniqueness: none
    The URI of the SCIM resource that represents the User or App who created this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The displayName of the User or App who created this Resource
  • Allowed Values: [ "User", "App" ]
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The type of resource, User or App, that created this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    The ID of the SCIM resource that represents the User or App who created this Resource
Nested Schema : idcsLastModifiedBy
Type: object
SCIM++ Properties:
  • idcsSearchable: true
  • multiValued: false
  • mutability: readOnly
  • required: false
  • returned: default
  • type: complex
The User or App who modified the Resource
Show Source
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: reference
    • uniqueness: none
    The URI of the SCIM resource that represents the User or App who modified this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The displayName of the User or App who modified this Resource
  • Allowed Values: [ "User", "App" ]
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The type of resource, User or App, that modified this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    The ID of the SCIM resource that represents the User or App who modified this Resource
Nested Schema : meta
Type: object
SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: true
  • multiValued: false
  • mutability: readOnly
  • required: false
  • returned: default
  • idcsCsvAttributeNameMappings: [[columnHeaderName:Created Date, mapsTo:meta.created]]
  • type: complex
A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
Show Source
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: dateTime
    • uniqueness: none
    The DateTime the Resource was added to the Service Provider
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: dateTime
    • uniqueness: none
    The most recent DateTime that the details of this Resource were updated at the Service Provider. If this Resource has never been modified since its initial creation, the value MUST be the same as the value of created. The attribute MUST be a DateTime.
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The URI of the Resource being returned. This value MUST be the same as the Location HTTP response header.
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Name of the resource type of the resource--for example, Users or Groups
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The version of the Resource being returned. This value must be the same as the ETag HTTP response header.
Nested Schema : tags
Type: array
SCIM++ Properties:
  • idcsCompositeKey: [key, value]
  • idcsSearchable: true
  • multiValued: true
  • mutability: readWrite
  • required: false
  • returned: request
  • type: complex
  • uniqueness: none
A list of tags on this resource.
Show Source
Nested Schema : appRoles
Type: object
A list of AppRoles granted to the specified Subject (User or App).
Show Source
  • SCIM++ Properties:
    • type: reference
    • multiValued: false
    • required: false
    • idcsSearchable: false
    • mutability: readOnly
    • returned: default
    • uniqueness: none
    The URI of the AppRole.
  • SCIM++ Properties:
    • type: boolean
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    • idcsSearchable: false
    • uniqueness: none
    If true, the AppRole confers administrative privileges within the App that defines it. Otherwise, the AppRole confers only functional privileges.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • idcsSearchable: false
    • returned: default
    • uniqueness: none
    The ID of the App that defines the AppRole.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    • idcsSearchable: false
    • uniqueness: none
    The name of the App that defines this AppRole.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • idcsSearchable: false
    • returned: default
    • uniqueness: none
    The display-name of the AppRole.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • idcsSearchable: false
    • returned: default
    • uniqueness: none
    The name of the legacy group associated with this AppRole.
  • Allowed Values: [ "direct", "indirect" ]
    SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • idcsSearchable: true
    • returned: request
    • uniqueness: none
    A label indicating how the AppRole was granted. A value of 'direct' indicates that the AppRole was granted directly to the Subject User or App. A value of 'indirect' indicates that the AppRole was granted to a Group of which the Subject User is a member.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: true
    • caseExact: false
    • mutability: readOnly
    • returned: default
    • idcsSearchable: true
    • uniqueness: none
    The ID of the AppRole.
Nested Schema : groups
Type: object
A list of groups that the password policy belongs to.
Show Source
  • Added In: 20.1.3

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: reference
    • uniqueness: none
    The URI of the corresponding Group resource to which the password policy belongs
  • Added In: 20.1.3

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Group Display Name
  • Maximum Length: 40
    Added In: 20.1.3

    SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: true
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: always
    • type: string
    • uniqueness: none
    The identifier of the group.
Nested Schema : tags
Type: object
A list of tags on this resource.
Show Source
  • Maximum Length: 256
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Key or name of the tag.
  • Maximum Length: 256
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Value of the tag.
Back to Top

Response

Supported Media Types

201 Response

The request was successful.
Body ()
Root Schema : PasswordAuthenticator
Type: object
Schema for password authenticator
Show Source
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: request
    • type: boolean
    • uniqueness: none
    Account Recovery Status of the User. True indicates account recovery is required for the user.
  • Minimum Length: 2
    Maximum Length: 100
    SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: writeOnly
    • returned: never
    • idcsSearchable: true
    • caseExact: false
    • uniqueness: none
    Display name of the application. If the request specifies a value for \"appName\", \"appId\", \"appServiceInstanceIdentifier\", or \"appDisplayName\", then the \"appRoles\" claim in the response must contain only the values that have matching values of subattributes \"appName\",\"appId\", \"appServiceInstanceIdentifier\", or \"appId\" derived from \"appDisplayName\".
  • Minimum Length: 2
    Maximum Length: 100
    SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: writeOnly
    • returned: never
    • idcsSearchable: true
    • caseExact: false
    • uniqueness: none
    Id of the application. If the request specifies a value for \"appName\", \"appId\", \"appServiceInstanceIdentifier\", or \"appDisplayName\", then the \"appRoles\" claim in the response must contain only the values that have matching values of subattributes \"appName\",\"appId\", \"appServiceInstanceIdentifier\", or \"appId\" derived from \"appDisplayName\".
  • applicableAuthenticationTargetApp
    SCIM++ Properties:
    • idcsCompositeKey: [value]
    • idcsSearchable: false
    • multiValued: false
    • mutability: readWrite
    • required: false
    • returned: request
    • type: complex
    • uniqueness: none
    The app against which the user will authenticate. The value is not persisted but rather calculated. If the user's delegatedAuthenticationTargetApp is set, that value is returned. Otherwise, the app returned by evaluating the user's applicable Delegated Authentication Policy is returned. Value is returned only if authentication is not aginst IDCS.
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: true
    • mutability: readOnly
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Account recovery applicable factors
  • Minimum Length: 2
    Maximum Length: 100
    SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: writeOnly
    • returned: never
    • idcsSearchable: true
    • caseExact: false
    • uniqueness: none
    Name of the application. If the request specifies a value for \"appName\", \"appId\", \"appServiceInstanceIdentifier\", or \"appDisplayName\", then the \"appRoles\" claim in the response must contain only the values that have matching values of subattributes \"appName\",\"appId\", \"appServiceInstanceIdentifier\", or \"appId\" derived from \"appDisplayName\".
  • appRoles
    SCIM++ Properties:
    • type: complex
    • multiValued: true
    • required: false
    • idcsCompositeKey: [value]
    • mutability: readOnly
    • returned: request
    • uniqueness: none
    A list of AppRoles granted to the specified Subject (User or App).
  • Minimum Length: 2
    Maximum Length: 100
    SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: writeOnly
    • returned: never
    • idcsSearchable: false
    • caseExact: false
    • uniqueness: none
    Service-instance identifier of the application. If the request specifies a value for \"appName\", \"appId\", \"appServiceInstanceIdentifier\", or \"appDisplayName\", then the \"appRoles\" claim in the response must contain only the values that have matching values of subattributes \"appName\",\"appId\", \"appServiceInstanceIdentifier\", or \"appId\" derived from \"appDisplayName\".
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    • idcsPii: true
    City in user's primary address
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: writeOnly
    • returned: never
    • uniqueness: none
    • idcsSearchable: false
    Client IP address
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    • idcsPii: true
    Country in user's primary address
  • SCIM++ Properties:
    • type: boolean
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    If true, this indicates that the authenticated subject is logged in as a CSR user. This attribute is returned in the response to a successful authentication request.
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    A boolean flag indicating this resource in the process of being deleted. Usually set to true when synchronous deletion of the resource would take too long.
  • groups
    SCIM++ Properties:
    • type: complex
    • multiValued: true
    • required: false
    • idcsCompositeKey: [value]
    • mutability: readOnly
    • returned: request
    • uniqueness: none
    A list of groups of which the User or App is a member, either thorough direct membership, nested groups, or dynamically calculated
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: always
    • type: string
    • uniqueness: global
    Unique identifier for the SCIM Resource as defined by the Service Provider. Each representation of the Resource MUST include a non-empty id value. This identifier MUST be unique across the Service Provider's entire set of Resources. It MUST be a stable, non-reassignable identifier that does not change when the same Resource is returned in subsequent requests. The value of the id attribute is always issued by the Service Provider and MUST never be specified by the Service Consumer. bulkId: is a reserved keyword and MUST NOT be used in the unique identifier.
  • idcsCreatedBy
    SCIM++ Properties:
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: true
    • returned: default
    • type: complex
    The User or App who created the Resource
  • idcsLastModifiedBy
    SCIM++ Properties:
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: complex
    The User or App who modified the Resource
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: request
    • type: string
    • uniqueness: none
    The release number when the resource was upgraded.
  • Allowed Values: [ "replace", "update", "delete" ]
    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: true
    • mutability: readOnly
    • required: false
    • returned: request
    • type: string
    • uniqueness: none
    Each value of this attribute specifies an operation that only an internal client may perform on this particular resource.
  • SCIM++ Properties:
    • type: boolean
    • multiValued: false
    • required: false
    • mutability: writeOnly
    • returned: never
    • uniqueness: none
    If true, indicates that the \"groups\" attribute and \"appRoles\" attribute should be included in the response if this request is successful.
  • SCIM++ Properties:
    • type: boolean
    • multiValued: false
    • required: false
    • mutability: writeOnly
    • returned: never
    • uniqueness: none
    If true, indicates that MFA attributes will be included in the response.
  • SCIM++ Properties:
    • type: boolean
    • multiValued: false
    • required: false
    • mutability: writeOnly
    • returned: never
    • uniqueness: none
    If true, indicates that the \"sffAuthKeys\" attribute should be included in the response if this request is successful.
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: writeOnly
    • required: false
    • returned: never
    • type: boolean
    • uniqueness: none
    if and only if true( treated as false if unspecified), the SignOn Policy accesss allow/deny result is considered in addition to the user credential validity to determine the authenticator success/failure
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    Locale supported by IDCS.This attribute contains calculated value of user preferred locale, which is closest IDCS supported locale. This attribute is intended for IDCS internal applications. This attribute is returned in the response to a successful authentication request.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readWrite
    • returned: default
    • uniqueness: none
    If provided, the attribute 'mappingAttribute' together with 'mappingAttributeValue' identify the User or App against which the 'password' will be checked. For example, a requester might specify \"username\" as the value of 'mappingAttribute', and \"jdoe\" as the value of 'mappingAttributeValue'. Together, these values should form a filter -- e.g., \"username\" eq \"jdoe\" -- that selects exactly one User or App. The value of mappingAttribute must be a valid attribute name that is available in User or App schema. If not provided, the default value is \"username\" for User and \"name\" for App. Initially for App, \"name\" is the only supported attribute from App schema
  • Minimum Length: 1
    Maximum Length: 256
    SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: true
    • mutability: readWrite
    • returned: default
    • uniqueness: none
    The attribute 'mappingAttributeValue' or together with 'mappingAttribute', if provided, identify the User or App against which the 'password' will be checked. For example, a requester might specify \"username\" as the value of 'mappingAttribute', and \"jdoe\" as the value of 'mappingAttributeValue'. Together, these values should form a filter -- e.g., \"username\" eq \"jdoe\" -- that selects exactly one User or App. The value of mappingAttribute must be a valid attribute name that is available in User or App schema. If not provided, the default value is \"username\" for User and \"name\" for App. Initially for App, \"name\" is the only supported attribute from App schema
  • meta
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • idcsCsvAttributeNameMappings: [[columnHeaderName:Created Date, mapsTo:meta.created]]
    • type: complex
    A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: true
    • mutability: readOnly
    • required: false
    • returned: request
    • type: string
    • uniqueness: none
    User MFA Ignored Apps Identifiers
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: request
    • type: string
    • uniqueness: none
    MFA Preferred Authentication Factor
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: request
    • type: string
    • uniqueness: none
    MFA Preferred Device
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: request
    • type: string
    • uniqueness: none
    MFA Preferred Third Party vendor name
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: request
    • type: string
    • uniqueness: none
    MFA Status of the User
  • Minimum Length: 1
    Maximum Length: 500
    SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: true
    • mutability: writeOnly
    • returned: never
    • idcsSensitive: hash
    • uniqueness: none
    The value of this attribute is passed as an input-parameter. This PasswordAuthenticator must compare the its value to the credential of the User or App.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    • idcsPii: true
    Postal code in user's primary address
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    Preferred language supported by IDCS. This attribute contains calculated value of user preferred language, which is closest IDCS supported language. This attribute is intended for IDCS internal applications. This attribute is returned in the response to a successful authentication request.
  • SCIM++ Properties:
    • caseExact: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    Boolean value which indicates whether his primary email is verified or not
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: true
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    REQUIRED. The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for User, Group, and a standard \"enterprise\" extension. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior.
  • SCIM++ Properties:
    • type: boolean
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    • uniqueness: none
    If true, indicates that User has setup already setup Security Questions.
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: request
    • type: string
    • uniqueness: none
    SFF auth keys clob
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    • idcsPii: true
    State in user's primary address
  • tags
    SCIM++ Properties:
    • idcsCompositeKey: [key, value]
    • idcsSearchable: true
    • multiValued: true
    • mutability: readWrite
    • required: false
    • returned: request
    • type: complex
    • uniqueness: none
    A list of tags on this resource.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    This attribute identifies the name of the tenant (also known as identity-domain) in which the subject User or App is defined. This attribute is returned in the response to a successful authentication request.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    User's time zone
  • Allowed Values: [ "User", "App" ]
    SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    • uniqueness: none
    A label indicating the type of the specified identity--either 'User' or 'App'.
  • SCIM++ Properties:
    • caseExact: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: boolean
    • uniqueness: none
    Indicates whether a user can set recovery email
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    • uniqueness: none
    User display name
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: always
    • uniqueness: none
    • idcsPii: true
    User's primary email. This attribute is returned in the response to a successful authentication request.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    • caseExact: true
    • idcsSearchable: false
    User's native locale. This attribute is intended for external applications to read user's native locale. This attribute is returned in the response to a successful authentication request.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    • uniqueness: none
    • idcsPii: true
    User name
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    • caseExact: true
    • idcsSearchable: false
    User's native preferred language. This attribute is intended for external applications to read user's native language. This attribute is returned in the response to a successful authentication request.
Nested Schema : applicableAuthenticationTargetApp
Type: object
SCIM++ Properties:
  • idcsCompositeKey: [value]
  • idcsSearchable: false
  • multiValued: false
  • mutability: readWrite
  • required: false
  • returned: request
  • type: complex
  • uniqueness: none
The app against which the user will authenticate. The value is not persisted but rather calculated. If the user's delegatedAuthenticationTargetApp is set, that value is returned. Otherwise, the app returned by evaluating the user's applicable Delegated Authentication Policy is returned. Value is returned only if authentication is not aginst IDCS.
Show Source
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: request
    • type: reference
    • uniqueness: none
    Display Name for the Authn Target App. In case of AD App it will be the domain name
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    App Display Name
  • SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    A label that indicates whether this is an App or IdentitySource.
  • SCIM++ Properties:
    • caseExact: true
    • multiValued: false
    • mutability: readWrite
    • returned: default
    • type: string
    • uniqueness: none
    App identifier
Nested Schema : appRoles
Type: array
SCIM++ Properties:
  • type: complex
  • multiValued: true
  • required: false
  • idcsCompositeKey: [value]
  • mutability: readOnly
  • returned: request
  • uniqueness: none
A list of AppRoles granted to the specified Subject (User or App).
Show Source
Nested Schema : groups
Type: array
SCIM++ Properties:
  • type: complex
  • multiValued: true
  • required: false
  • idcsCompositeKey: [value]
  • mutability: readOnly
  • returned: request
  • uniqueness: none
A list of groups of which the User or App is a member, either thorough direct membership, nested groups, or dynamically calculated
Show Source
Nested Schema : idcsCreatedBy
Type: object
SCIM++ Properties:
  • idcsSearchable: true
  • multiValued: false
  • mutability: readOnly
  • required: true
  • returned: default
  • type: complex
The User or App who created the Resource
Show Source
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: reference
    • uniqueness: none
    The URI of the SCIM resource that represents the User or App who created this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The displayName of the User or App who created this Resource
  • Allowed Values: [ "User", "App" ]
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The type of resource, User or App, that created this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    The ID of the SCIM resource that represents the User or App who created this Resource
Nested Schema : idcsLastModifiedBy
Type: object
SCIM++ Properties:
  • idcsSearchable: true
  • multiValued: false
  • mutability: readOnly
  • required: false
  • returned: default
  • type: complex
The User or App who modified the Resource
Show Source
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: reference
    • uniqueness: none
    The URI of the SCIM resource that represents the User or App who modified this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The displayName of the User or App who modified this Resource
  • Allowed Values: [ "User", "App" ]
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The type of resource, User or App, that modified this Resource
  • SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    The ID of the SCIM resource that represents the User or App who modified this Resource
Nested Schema : meta
Type: object
SCIM++ Properties:
  • caseExact: false
  • idcsSearchable: true
  • multiValued: false
  • mutability: readOnly
  • required: false
  • returned: default
  • idcsCsvAttributeNameMappings: [[columnHeaderName:Created Date, mapsTo:meta.created]]
  • type: complex
A complex attribute that contains resource metadata. All sub-attributes are OPTIONAL.
Show Source
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: dateTime
    • uniqueness: none
    The DateTime the Resource was added to the Service Provider
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: dateTime
    • uniqueness: none
    The most recent DateTime that the details of this Resource were updated at the Service Provider. If this Resource has never been modified since its initial creation, the value MUST be the same as the value of created. The attribute MUST be a DateTime.
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The URI of the Resource being returned. This value MUST be the same as the Location HTTP response header.
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Name of the resource type of the resource--for example, Users or Groups
  • SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    The version of the Resource being returned. This value must be the same as the ETag HTTP response header.
Nested Schema : tags
Type: array
SCIM++ Properties:
  • idcsCompositeKey: [key, value]
  • idcsSearchable: true
  • multiValued: true
  • mutability: readWrite
  • required: false
  • returned: request
  • type: complex
  • uniqueness: none
A list of tags on this resource.
Show Source
Nested Schema : appRoles
Type: object
A list of AppRoles granted to the specified Subject (User or App).
Show Source
  • SCIM++ Properties:
    • type: reference
    • multiValued: false
    • required: false
    • idcsSearchable: false
    • mutability: readOnly
    • returned: default
    • uniqueness: none
    The URI of the AppRole.
  • SCIM++ Properties:
    • type: boolean
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    • idcsSearchable: false
    • uniqueness: none
    If true, the AppRole confers administrative privileges within the App that defines it. Otherwise, the AppRole confers only functional privileges.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • idcsSearchable: false
    • returned: default
    • uniqueness: none
    The ID of the App that defines the AppRole.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • returned: default
    • idcsSearchable: false
    • uniqueness: none
    The name of the App that defines this AppRole.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • idcsSearchable: false
    • returned: default
    • uniqueness: none
    The display-name of the AppRole.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • idcsSearchable: false
    • returned: default
    • uniqueness: none
    The name of the legacy group associated with this AppRole.
  • Allowed Values: [ "direct", "indirect" ]
    SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: false
    • mutability: readOnly
    • idcsSearchable: true
    • returned: request
    • uniqueness: none
    A label indicating how the AppRole was granted. A value of 'direct' indicates that the AppRole was granted directly to the Subject User or App. A value of 'indirect' indicates that the AppRole was granted to a Group of which the Subject User is a member.
  • SCIM++ Properties:
    • type: string
    • multiValued: false
    • required: true
    • caseExact: false
    • mutability: readOnly
    • returned: default
    • idcsSearchable: true
    • uniqueness: none
    The ID of the AppRole.
Nested Schema : groups
Type: object
A list of groups that the password policy belongs to.
Show Source
  • Added In: 20.1.3

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: reference
    • uniqueness: none
    The URI of the corresponding Group resource to which the password policy belongs
  • Added In: 20.1.3

    SCIM++ Properties:
    • idcsSearchable: false
    • multiValued: false
    • mutability: readOnly
    • required: false
    • returned: default
    • type: string
    • uniqueness: none
    Group Display Name
  • Maximum Length: 40
    Added In: 20.1.3

    SCIM++ Properties:
    • caseExact: true
    • idcsSearchable: true
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: always
    • type: string
    • uniqueness: none
    The identifier of the group.
Nested Schema : tags
Type: object
A list of tags on this resource.
Show Source
  • Maximum Length: 256
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Key or name of the tag.
  • Maximum Length: 256
    SCIM++ Properties:
    • caseExact: false
    • idcsSearchable: true
    • multiValued: false
    • mutability: readWrite
    • required: true
    • returned: default
    • type: string
    • uniqueness: none
    Value of the tag.

400 Response

Bad or invalid request
Body ()
Root Schema : Error
Type: object
The SCIM Protocol uses the HTTP status response status codes defined in Section 6 [RFC7231] to indicate operation success or failure. Refer the available status codes here : Status Codes.
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
Show Source
  • A detailed, human readable message. OPTIONAL
  • Allowed Values: [ "urn:ietf:params:scim:api:messages:2.0:Error", "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error" ]
    The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for SCIM specified Error and Extn Error Schema. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
  • The HTTP status code (see Section 6 [RFC7231]) expressed as a JSON String
  • urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
    Extension schema for error messages providing more details with the exception status.
    Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Nested Schema : urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
Type: object
Extension schema for error messages providing more details with the exception status.
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Show Source
Nested Schema : additionalData
Type: object
Contains Map based additional data for the exception message (as key-value pair). All keys and values are in string format.

401 Response

The supplied credentials, if any, are not sufficient to access the resource.
Body ()
Root Schema : Error
Type: object
The SCIM Protocol uses the HTTP status response status codes defined in Section 6 [RFC7231] to indicate operation success or failure. Refer the available status codes here : Status Codes.
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
Show Source
  • A detailed, human readable message. OPTIONAL
  • Allowed Values: [ "urn:ietf:params:scim:api:messages:2.0:Error", "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error" ]
    The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for SCIM specified Error and Extn Error Schema. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
  • The HTTP status code (see Section 6 [RFC7231]) expressed as a JSON String
  • urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
    Extension schema for error messages providing more details with the exception status.
    Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Nested Schema : urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
Type: object
Extension schema for error messages providing more details with the exception status.
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Show Source
Nested Schema : additionalData
Type: object
Contains Map based additional data for the exception message (as key-value pair). All keys and values are in string format.

404 Response

The requested resource was not found.
Body ()
Root Schema : Error
Type: object
The SCIM Protocol uses the HTTP status response status codes defined in Section 6 [RFC7231] to indicate operation success or failure. Refer the available status codes here : Status Codes.
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
Show Source
  • A detailed, human readable message. OPTIONAL
  • Allowed Values: [ "urn:ietf:params:scim:api:messages:2.0:Error", "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error" ]
    The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for SCIM specified Error and Extn Error Schema. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
  • The HTTP status code (see Section 6 [RFC7231]) expressed as a JSON String
  • urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
    Extension schema for error messages providing more details with the exception status.
    Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Nested Schema : urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
Type: object
Extension schema for error messages providing more details with the exception status.
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Show Source
Nested Schema : additionalData
Type: object
Contains Map based additional data for the exception message (as key-value pair). All keys and values are in string format.

500 Response

We couldn't return the representation due to an internal server error.
Body ()
Root Schema : Error
Type: object
The SCIM Protocol uses the HTTP status response status codes defined in Section 6 [RFC7231] to indicate operation success or failure. Refer the available status codes here : Status Codes.
In addition to returning a HTTP response code implementers MUST return the errors in the body of the response in the client requested format containing the error response and, per the HTTP specification, human- readable explanations.
Show Source
  • A detailed, human readable message. OPTIONAL
  • Allowed Values: [ "urn:ietf:params:scim:api:messages:2.0:Error", "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error" ]
    The schemas attribute is an array of Strings which allows introspection of the supported schema version for a SCIM representation as well any schema extensions supported by that representation. Each String value must be a unique URI. This specification defines URIs for SCIM specified Error and Extn Error Schema. All representations of SCIM schema MUST include a non-zero value array with value(s) of the URIs supported by that representation. Duplicate values MUST NOT be included. Value order is not specified and MUST not impact behavior. REQUIRED.
  • The HTTP status code (see Section 6 [RFC7231]) expressed as a JSON String
  • urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
    Extension schema for error messages providing more details with the exception status.
    Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Nested Schema : urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error
Type: object
Extension schema for error messages providing more details with the exception status.
Returns messageId corresponding to the detailed error message and optionally additional data related to the error condition - for example reason for authentication failure such as user is disabled or locked.
Show Source
Nested Schema : additionalData
Type: object
Contains Map based additional data for the exception message (as key-value pair). All keys and values are in string format.
Back to Top

Examples

The following example shows how to check the password of a user or an app by submitting a POST request on the REST resource using cURL. For more information about cURL, see Use cURL.

cURL Command

Note:

The command in this example uses the URL structure https://tenant-base-url/resource-path, where tenant-base-url represents the Identity Service URL, and the resource path represents the Identity Service API. See Send Requests for the appropriate URL structure to use.
curl
-X POST
-H "Content-Type:application/scim+json"
-H "Authorization: Bearer <Access Token Value>"
https://tenant-base-url/admin/v1/PasswordAuthenticator

Example of Request Body

User Examples

The following shows an example of the request body in JSON format to check the password for a specified user:

{
  "mappingAttribute": "userName",
  "mappingAttributeValue": "admin@example.com",
  "password": "Welc0me@1",
  "schemas": [
    "urn:ietf:params:scim:schemas:oracle:idcs:PasswordAuthenticator"
  ]
}

Example of Response Body

The following example shows the contents of the response body in JSON format:

{
  "id": "707b11e73504407f9dd66fcfc5cc6a9b",
  "userEmail": "admin@example.com",
  "userDisplayName": "admin opc",
  "locale": "en",
  "preferredLanguage": "en",
  "timezone": "America/Chicago",
  "csr": false,
  "tenantName": "integtenant",
  "type": "User",
  "mappingAttributeValue": "admin@example.com",
  "schemas": [
    "urn:ietf:params:scim:schemas:oracle:idcs:PasswordAuthenticator"
  ]
}

Example Request Body

The following shows an example of the request body in JSON format to check the password for a specific user who has approles assigned.

{
  "mappingAttributeValue": "admin@example.com",
  "password": "Welc0me@1",
  "schemas": ["urn:ietf:params:scim:schemas:oracle:idcs:PasswordAuthenticator"],
  "includeMemberships": true
} 

Example Response Body

The following example shows the contents of the response body in JSON format where the user has three approles assigned. There is no filtering criteria supplied, so all approle memberships are returned in the response:

{
  "id": "ac3f20f1b4ce427188885047e042752f",
  "userEmail": "admin@example.com",
  "userDisplayName": "admin opc",
  "locale": "en",
  "preferredLanguage": "en",
  "timezone": "America/Chicago",
  "csr": false,
  "tenantName": "tenant1",
  "type": "User",
  "mappingAttributeValue": "admin@example.com",
  "mappingAttribute": "userName",
  "schemas": [
    "urn:ietf:params:scim:schemas:oracle:idcs:PasswordAuthenticator"
  ],
  "groups": [
    {
      "display": "OPCAPP1.Administrator for OPCApp1",
      "value": "e75096b138cb407ebe018c69fdd55fa0",
      "$ref": "https://tenant-base-url/admin/v1/IDSGroups/e75096b138cb407ebe018c69fdd55fa0"
    }

    ,
    {
      "display": "OPCAPP2.Administrator for OPCApp2",
      "value": "4b8eb6efd4444833ba8716cc1b3260a6",
      "$ref": "https://tenant-base-url/admin/v1/IDSGroups/4b8eb6efd4444833ba8716cc1b3260a6"
    }

  ],
  "appRoles": [
    {
      "value": "61b9ec56053f459dbf6496b889a8943f",
      "adminRole": true,
      "appId": "IDCSAppId",
      "appName": "IDCSApp",
      "display": "Identity Domain Administrator",
      "$ref": "https://tenant-base-url/admin/v1/AppRoles/61b9ec56053f459dbf6496b889a8943f"
    }

    ,
    {
      "value": "e75096b138cb407ebe018c69fdd55fa0",
      "adminRole": true,
      "legacyGroupName": "OPCAPP1.Administrator for OPCApp1",
      "appId": "5744effc0d50468fbe2b60bad84e4234",
      "appName": "OPCAPP1_APPID",
      "display": "Administrator for OPCApp1",
      "$ref": "https://tenant-base-url/admin/v1/AppRoles/e75096b138cb407ebe018c69fdd55fa0"
    }

    ,
    {
      "value": "4b8eb6efd4444833ba8716cc1b3260a6",
      "adminRole": true,
      "legacyGroupName": "OPCAPP2.Administrator for OPCApp2",
      "appId": "8e741ce1e1a542149a436de70d08966e",
      "appName": "OPCAPP2_APPID",
      "display": "Administrator for OPCApp2",
      "$ref": "https://tenant-base-url/admin/v1/AppRoles/4b8eb6efd4444833ba8716cc1b3260a6"
    }

  ]
}

Example Request Body

The following example shows the contents of a request to check the password of a user where the App service instance identifier is included in the filter criteria:

{
  "mappingAttributeValue": "admin@example.com",
  "password": "Welc0me@1",
  "schemas": ["urn:ietf:params:scim:schemas:oracle:idcs:PasswordAuthenticator"],
  "includeMemberships": true,
  "appServiceInstanceIdentifier": "0436F9D6C3F04E6ABD0E5F19492565EA"
} 

Example Response Body

The following example shows the contents of the response body in JSON format:

{
  "id": "ac3f20f1b4ce427188885047e042752f",
  "userEmail": "admin@example.com",
  "userDisplayName": "admin opc",
  "locale": "en",
  "preferredLanguage": "en",
  "timezone": "America/Chicago",
  "csr": false,
  "tenantName": "tenant1",
  "type": "User",
  "mappingAttributeValue": "admin@example.com",
  "mappingAttribute": "userName",
  "schemas": [
    "urn:ietf:params:scim:schemas:oracle:idcs:PasswordAuthenticator"
  ],
  "groups": [
    {
      "display": "OPCAPP1.Administrator for OPCApp1",
      "value": "e75096b138cb407ebe018c69fdd55fa0",
      "$ref": "https://tenant-base-url/admin/v1/IDSGroups/e75096b138cb407ebe018c69fdd55fa0"
    }

  ],
  "appRoles": [
    {
      "value": "e75096b138cb407ebe018c69fdd55fa0",
      "adminRole": true,
      "legacyGroupName": "OPCAPP1.Administrator for OPCApp1",
      "appId": "5744effc0d50468fbe2b60bad84e4234",
      "appName": "OPCAPP1_APPID",
      "display": "Administrator for OPCApp1",
      "$ref": "https://tenant-base-url/admin/v1/AppRoles/e75096b138cb407ebe018c69fdd55fa0"
    }

  ]
}

Example Request Body

The following example shows the contents of a request to check the password of a user with invalid credentials:

{
  "mappingAttribute": "userName",
  "mappingAttributeValue": "jdoe",
  "password": "Password123",
  "schemas": [
    "urn:ietf:params:scim:schemas:oracle:idcs:PasswordAuthenticator"
  ]
}

Example Response Body

The following example shows the contents of the invalid credentials response body in JSON format:

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:Error",
    "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
  ],
  "detail": "INVALID_CREDENTIALS",
  "status": "400",
  "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
    "additionalData": {
      "csr": false,
      "tenantName": "integtenant",
      "id": "856d1aec99364d4981ca8509def64a00",
      "displayName": "John Doe",
      "locale": "en",
      "preferredLanguage": "en",
      "timezone": "America/Chicago"
    }
  }
}

Example Request Body

The following example shows the contents of a request to check the password of a user with a disabled account:

{
  "mappingAttribute": "userName",
  "mappingAttributeValue": "jdoe",
  "password": "Password123",
  "schemas": [
    "urn:ietf:params:scim:schemas:oracle:idcs:PasswordAuthenticator"
  ]
}

Example Response Body

The following example shows the contents of the user disabled response body in JSON format:

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:Error",
    "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
  ],
  "detail": "USER_DISABLED_RESPONSE",
  "status": "400",
  "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
    "additionalData": {
      "csr": false,
      "tenantName": "integtenant",
      "id": "856d1aec99364d4981ca8509def64a00",
      "displayName": "John Doe",
      "locale": "en",
      "preferredLanguage": "en",
      "timezone": "America/Chicago"
    }
  }
}

Example Request Body

The following example shows the contents of a request to check a password for a user that isn???t found:

{
  "mappingAttribute": "userName",
  "mappingAttributeValue": "jdoe",
  "password": "Password123",
  "schemas": [
    "urn:ietf:params:scim:schemas:oracle:idcs:PasswordAuthenticator"
  ]
}

Example Response Body

The following example shows the contents of the user not found response:

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:Error",
    "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
  ],
  "detail": "USER_NOT_FOUND",
  "status": "400",
  "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
    "additionalData": {
      "csr": false,
      "tenantName": "integtenant"
    }
  }
}

Example Request Body

The following example shows the contents of a request to check a password for a user that is locked:

{
  "mappingAttribute": "userName",
  "mappingAttributeValue": "jdoe",
  "password": "Password123",
  "schemas": [
    "urn:ietf:params:scim:schemas:oracle:idcs:PasswordAuthenticator"
  ]
}

Example Response Body

The following example shows the contents of the user locked response:

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:Error",
    "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
  ],
  "detail": "USER_LOCKED_RESPONSE",
  "status": "400",
  "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
    "additionalData": {
      "csr": false,
      "tenantName": "integtenant",
      "id": "856d1aec99364d4981ca8509def64a00",
      "displayName": "John Doe",
      "locale": "en",
      "preferredLanguage": "en",
      "timezone": "America/Chicago"
    }
  }
}

Example Request Body

The following example shows the contents of a request to check a password for a user who must change their password:

{
  "mappingAttribute": "userName",
  "mappingAttributeValue": "jdoe",
  "password": "Password123",
  "schemas": [
    "urn:ietf:params:scim:schemas:oracle:idcs:PasswordAuthenticator"
  ]
}

Example Response Body

The following example shows the contents of the password must change response:

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:Error",
    "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
  ],
  "detail": "PASSWORD_MUST_CHANGE_RESPONSE",
  "status": "400",
  "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
    "additionalData": {
      "csr": false,
      "tenantName": "integtenant",
      "id": "856d1aec99364d4981ca8509def64a00",
      "displayName": "John Doe",
      "locale": "en",
      "preferredLanguage": "en",
      "timezone": "America/Chicago"
    }
  }
}

Example Request Body

The following example shows the contents of a request to check a password for a user with an expired password:

{
  "mappingAttribute": "userName",
  "mappingAttributeValue": "jdoe",
  "password": "Password123",
  "schemas": [
    "urn:ietf:params:scim:schemas:oracle:idcs:PasswordAuthenticator"
  ]
}

Example Response Body

The following example shows the contents of the password expired response:

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:Error",
    "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
  ],
  "detail": "PASSWORD_EXPIRED_RESPONSE",
  "status": "400",
  "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
    "additionalData": {
      "csr": false,
      "tenantName": "integtenant",
      "id": "856d1aec99364d4981ca8509def64a00",
      "displayName": "John Doe",
      "locale": "en",
      "preferredLanguage": "en",
      "timezone": "America/Chicago"
    }
  }
}

Example Request Body

The following example shows the contents of a request that includes the includeMemberships for the IDCSApp app:

{
  "mappingAttributeValue": "admin@example.com",
  "password": "Welc0me@1",
  "includeMemberships": true,
  "appName": "IDCSApp",
  "schemas": [
    "urn:ietf:params:scim:schemas:oracle:idcs:PasswordAuthenticator"
  ]
}

Example Response Body

The following example shows the contents of the response body in JSON format from a request that includes the includeMemberships for the IDCSApp app:

{
  "id": "707b11e73504407f9dd66fcfc5cc6a9b",
  "userEmail": "admin@example.com",
  "userDisplayName": "admin opc",
  "locale": "en",
  "preferredLanguage": "en",
  "timezone": "America/Chicago",
  "csr": false,
  "tenantName": "integtenant",
  "type": "User",
  "mappingAttributeValue": "admin@example.com",
  "schemas": [
    "urn:ietf:params:scim:schemas:oracle:idcs:PasswordAuthenticator"
  ],
  "groups": [
    {
      "display": "TenantAdminGroup",
      "value": "e024aa4fc54440389a187a49cfb32018",
      "$ref": "http://tenant-base-url/admin/v1/IDSGroups/e024aa4fc54440389a187a49cfb32018"
    }
  ],
  "appRoles": [
    {
      "value": "b3b3ab5e71b3462a8c19bea7ffbd90dd",
      "$ref": "http://tenant-base-url/admin/v1/AppRoles/b3b3ab5e71b3462a8c19bea7ffbd90dd",
      "appName": "IDCSApp",
      "display": "Identity Domain Administrator",
      "appId": "IDCSAppId",
      "adminRole": true,
      "legacyGroupName": "TenantAdminGroup"
    }
  ]
}

Example Request Body

The following example shows the contents of a request body in JSON format that includes the includeMemberships for the Identity Domain Administrator app:

{
  "mappingAttributeValue": "admin@example.com",
  "password": "Welc0me@1",
  "includeMemberships": true,
  "appDisplayName": "Identity Domain Administrator",
  "schemas": [
    "urn:ietf:params:scim:schemas:oracle:idcs:PasswordAuthenticator"
  ]
}

Example Response Body

The following example shows the contents of the response body in JSON format from a request that includes the includeMemberships for the Identity Domain Administrator app:

{
  "id": "707b11e73504407f9dd66fcfc5cc6a9b",
  "userEmail": "admin@example.com",
  "userDisplayName": "admin opc",
  "locale": "en",
  "preferredLanguage": "en",
  "timezone": "America/Chicago",
  "csr": false,
  "tenantName": "integtenant",
  "type": "User",
  "mappingAttributeValue": "admin@example.com",
  "schemas": [
    "urn:ietf:params:scim:schemas:oracle:idcs:PasswordAuthenticator"
  ],
  "groups": [
    {
      "display": "TenantAdminGroup",
      "value": "e024aa4fc54440389a187a49cfb32018",
      "$ref": "http://tenant-base-url/admin/v1/IDSGroups/e024aa4fc54440389a187a49cfb32018"
    }
  ],
  "appRoles": [
    {
      "value": "b3b3ab5e71b3462a8c19bea7ffbd90dd",
      "$ref": "http://tenant-base-url/admin/v1/AppRoles/b3b3ab5e71b3462a8c19bea7ffbd90dd",
      "appName": "IDCSApp",
      "display": "Identity Domain Administrator",
      "appId": "IDCSAppId",
      "adminRole": true,
      "legacyGroupName": "TenantAdminGroup"
    }
  ]
}

App Examples

Example Request Body

The following example shows the contents of a request body in JSON format for an app that has approles assigned and specifying no filter criteria:

{
  "mappingAttributeValue": "TestAPP1_APPID",
  "password": "f864d2df-2a8f-44d6-aaed-d04d08df81d2",
  "schemas": ["urn:ietf:params:scim:schemas:oracle:idcs:PasswordAuthenticator"],
  "includeMemberships": true
} 

Example Response Body

The following example shows the contents of the response body in JSON format for an app that has two approles assigned:

{
  "mappingAttributeValue": "TestAPP1_APPID",
  "mappingAttribute": "name",
  "tenantName": "tenant1",
  "type": "App",
  "schemas": [
    "urn:ietf:params:scim:schemas:oracle:idcs:PasswordAuthenticator"
  ],
  "groups": [
    {
      "display": "OPCAPP1.Administrator for OPCApp1",
      "value": "e75096b138cb407ebe018c69fdd55fa0",
      "type": "direct",
      "$ref": "https://tenant-base-url/admin/v1/IDSGroups/e75096b138cb407ebe018c69fdd55fa0"
    }

    ,
    {
      "display": "OPCAPP2.Administrator for OPCApp2",
      "value": "4b8eb6efd4444833ba8716cc1b3260a6",
      "type": "direct",
      "$ref": "https://tenant-base-url/admin/v1/IDSGroups/4b8eb6efd4444833ba8716cc1b3260a6"
    }

  ],
  "appRoles": [
    {
      "value": "e75096b138cb407ebe018c69fdd55fa0",
      "$ref": "https://tenant-base-url/admin/v1/AppRoles/e75096b138cb407ebe018c69fdd55fa0",
      "appId": "5744effc0d50468fbe2b60bad84e4234",
      "display": "Administrator for OPCApp1",
      "type": "direct",
      "appName": "OPCAPP1_APPID",
      "adminRole": true,
      "legacyGroupName": "OPCAPP1.Administrator for OPCApp1"
    }

    ,
    {
      "value": "4b8eb6efd4444833ba8716cc1b3260a6",
      "$ref": "https://tenant-base-url/admin/v1/AppRoles/4b8eb6efd4444833ba8716cc1b3260a6",
      "appId": "8e741ce1e1a542149a436de70d08966e",
      "display": "Administrator for OPCApp2",
      "type": "direct",
      "appName": "OPCAPP2_APPID",
      "adminRole": true,
      "legacyGroupName": "OPCAPP2.Administrator for OPCApp2"
    }

  ]
}

Example Request Body

The following example shows the contents of a request body in JSON format for an app where the appServiceInstanceIdentifier is specified as filter criteria:

{
  "mappingAttributeValue": "TestAPP1_APPID",
  "password": "f864d2df-2a8f-44d6-aaed-d04d08df81d2",
  "schemas": ["urn:ietf:params:scim:schemas:oracle:idcs:PasswordAuthenticator"],
  "includeMemberships": true,
  "appServiceInstanceIdentifier": "0436F9D6C3F04E6ABD0E5F19492565EA"
} 

Example Response Body

The following example shows the contents of the response body in JSON format:

{
  "mappingAttributeValue": "TestAPP1_APPID",
  "mappingAttribute": "name",
  "tenantName": "tenant1",
  "type": "App",
  "schemas": [
    "urn:ietf:params:scim:schemas:oracle:idcs:PasswordAuthenticator"
  ],
  "groups": [
    {
      "display": "OPCAPP1.Administrator for OPCApp1",
      "value": "e75096b138cb407ebe018c69fdd55fa0",
      "type": "direct",
      "$ref": "https://tenant-base-url/admin/v1/IDSGroups/e75096b138cb407ebe018c69fdd55fa0"
    }

  ],
  "appRoles": [
    {
      "value": "e75096b138cb407ebe018c69fdd55fa0",
      "$ref": "https://tenant-base-url/admin/v1/AppRoles/e75096b138cb407ebe018c69fdd55fa0",
      "appId": "5744effc0d50468fbe2b60bad84e4234",
      "display": "Administrator for OPCApp1",
      "type": "direct",
      "appName": "OPCAPP1_APPID",
      "adminRole": true,
      "legacyGroupName": "OPCAPP1.Administrator for OPCApp1"
    }

  ]
}

Example Request Body

The following example shows the contents of a request body in JSON format for an app that is disabled:

{
  "mappingAttributeValue": "STORAGE27_APPID",
  "password": "Password123",
  "schemas": [
    "urn:ietf:params:scim:schemas:oracle:idcs:PasswordAuthenticator"
  ]
}

Example Response Body

The following example shows the contents of the disabled app response body in JSON format:

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:Error",
    "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error"
  ],
  "detail": "APP_DISABLE_RESPONSE",
  "status": "400",
  "urn:ietf:params:scim:api:oracle:idcs:extension:messages:Error": {
    "messageId": "APP_DISABLE_RESPONSE"
  }
}
Back to Top