Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Showing results for 
Search instead for 
Did you mean: 
yogananda
Product and Topic Expert
Product and Topic Expert
14,395
Dear All,
 
This article is mainly for partners and customers who want to automate internal & external users sync (on-boarding) to SAP IAS by using the below SCIM APIs from your external system or applications. I have listed out all the examples for you to understand..

This below flow makes you understand automating Users Sync from any of your 3rd party applications, so once user is on-boarded they would get appropriate access to SAP Applications


Note :

SAP Cloud Identity Services offers standard user provisioning sync through SAP IPS for user sync process with SCIM 2.0


IAS SCIM REST API provides developers to Create & Manage users, groups and custom schemas in the cloud.

For more information, see the latest SCIM API Documentation: Identity Directory SCIM REST APIInformation published on SAP siteThe identity directory provides a System for Cross-domain Identity Management (SCIM) 2.0 REST API for managing resources (users, groups and custom schema)

API Documentation for SAP IAS is available under SAP Cloud Identity Services

Get's Started


Read Users

 

###  https://api.sap.com/api/IdDS_SCIM/resource Identity Directory Service

GET https://<iastenant>.accounts.ondemand.com/scim/Users
Content-Type: application/scim+json
Authorization: Basic @{{token}}

 

This is how you compare 2 different results from Deprecated API endpoint vs latest API endpoint


Filter Method

 

#### Filter on userName 

GET https://<iastenant>.accounts.ondemand.com/scim/Users?filter=userName eq "sapscaadmin@sap.com"

Authorization: Basic @{{token}}

 

Another example using sub filter on Json value

 

#### Filter on emails.value

GET https://<iastenant>.accounts.ondemand.com/scim/Users?filter=emails.value eq "sapscaadmin@sap.com"

Authorization: Basic @{{token}}

 


Another example to filter Users based on count and Index

 

###  https://api.sap.com/api/IdDS_SCIM/resource Identity Directory Service

GET https://<iastenant>.accounts.ondemand.com/scim/Users?startIndex=2&count=5

Content-Type: application/scim+json

Authorization: Basic @{{token}}

 


Create User

 

###

POST https://<iastenant>.accounts.ondemand.com/scim/Users
Content-Type: application/scim+json
Authorization: Basic @{{token}}

{
  "emails": [
    {
      "primary": true,
      "value": "abc@domain.com"
    }
  ],
  "active":"True",
  "name": {
    "familyName": "Muthaiah",
    "givenName": "Yogananda"
  },
  "schemas": [
    "urn:ietf:params:scim:schemas:core:2.0:User"
  ],
  "userName": "yoga"
}

 


Delete a User

 

#### Delete the user

DELETE https://<iastenant>.accounts.ondemand.com/scim/Users/280b8446-7ce2-4a91-b6a0-18777d1ffea2
Authorization: Basic @{{token}}

id refers Users GUID

 


Read Groups

 

###

GET https://<iastenant>.accounts.ondemand.com/scim/Groups

Content-Type: application/scim+json

Authorization: Basic @{{token}}

 


Create Groups

 

###
POST https://<iastenant>.accounts.ondemand.com/scim/Groups
Content-Type: application/scim+json
Authorization: Basic @{{token}}

{
  "displayName": "New group name",
  "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Group",
        "urn:sap:cloud:scim:schemas:extension:custom:2.0:Group"
      ]
}

 


Assign Group to a User

 

###
PATCH https://<iastenant>.accounts.ondemand.com/scim/Groups/e26f6138-c382-4be5-addb-459186030f6e
Content-Type: application/scim+json
Authorization: Basic @{{token}}

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
  ],
  "Operations": [
    {
      "op": "add",
      "path": "members",
      "value": [
        {
          "display": "yoga",
          "value": "280b8446-7ce2-4a91-b6a0-18777d1ffea2"
        }
      ]
    }
  ]
}

 

26 Comments