My
SAP Analytics Cloud User and Team Provisioning SCIM API Sample Scripts recently received an update to version 0.8. This blog post is for those who already use the samples and would like to understand what’s new and a few tips on updating to this version from 0.7.
Highlights
- Support for managing dormant users is the key highlight. A significant update to the AdminToolKit sample was made, and a number of scenarios were added. The technical aspect is discussed below, but my blog post provides a high-level practical use-case explanation which explains the business benefits of why these changes were needed: Managing dormant users.
Other updates:
- All the samples now create teams without a team folder, saving you the need to delete the folders.
- Renaming:
- All the script numbers now precede with a ‘SCIM 1’, ‘001’ becomes ‘SCIM 1001’, etc.
- I needed to do this so the preceding number signifies the API version. ‘1’ means it’s predominantly version 1, ‘2’ implies version 2. I added ‘SCIM’ as there are now many other samples for different use cases, so it made sense to make it more obvious this way.
- All the sample data files were renamed with a preceding ‘x’.
- Currently, it doesn’t serve much purpose, but the idea is to signify the data file will work with both version 1 and version 2 variants. For example, the folder ‘101’ becomes ‘x101’, and the data file ‘101 sample example 1.csv’ becomes ‘x101 sample example 1.csv’. As and when I update the sample scripts for version 2, they will share the data files.
- Two new samples:
- Lists teams. This is my first ‘pair’ of sample scripts, one for each version of the API:
- SCIM 1601-All_T-List all teams
- SCIM 2601-All_T-List all teams
- 1601 uses API version 1, and 2601 uses API version 2.
- Neither of these scripts makes any changes; they are pretty harmless. It’s a common ask how to list all the teams.
- Six new scenarios to support dormant users.
- User guide
- Hundreds, probably thousands, of edits were made to improve its readability and make it easier to understand.
- The prerequisites section was rewritten, so the option ‘Ignore Content Namespace For Teams’ is recommended compared to the previous IMPLEMENT_WORKAROUND_FOR_SCIM_GROUPS when using version 1 of the API. Guidance has also been provided if you’ve already used IMPLEMENT_WORKAROUND_FOR_SCIM_GROUPS.
- A few samples have been retired as these updated a user property ‘isActive’ that is now read-only (1402, 1405, 1452, 1455). These samples are no longer available.
Support for managing dormant users
The AdminToolKit sample ‘
1665-All_U-Uc-Uu-Oarrieei-Fj-Es-AdminToolKit’ received a significant update, with many new ‘tests’ added:
Tests identifying users
by creation date:
- created over X days ago (created_more_than_days_ago)
Tests identifying users
by login activity (it does this by accessing the
/api/v1/audit/activities/exportActivities endpoint):
- with their most recent login was at least X days ago (with_most_recent_login_at_least_days_ago)
- with their most recent login within the last X days (with_most_recent_login_within_last_days)
- that have fewer logins than X (with_fewer_logins_than)
- that have at least X logins (with_greater_logins_than)
All the login activity tests have an additional control to restrict login events to the last Y days, i.e. only login events within the last Y days count. This prevents a problem where the activities log doesn’t have enough history, in which case the script will abort. And it solves a situation where too many historic login events skew the figures.
Tests identifying users
by repository content (it does this by accessing the
/api/v1/Repositories😞
- with private folder content (with_private_folder_content),
- without private folder content (without_private_folder_content)
- that created public folder content (that_created_public_content)
- that did not create public folder content (that_did_not_create_public_content)
All but a few of the data file
fields are now optional, which means the data files for this sample are
greatly simplified. All the sample data files are now streamlined, but a ‘
master template’ version exists with all the tests.
As new endpoints are used, I added a
new test sample, ‘
SCIM 1002-Test-Es-Tests Single Environment Advanced Setup’, which validates all the endpoints, as additional OAuth client access is required. ‘
Activities’ is now needed in addition to ‘User Provisioning’ within the OAuth client.
How to update to version 0.8
You’ll need to import all the new samples into Postman and download the new set of example data files.
All the existing data files will continue to work. Still, you may wish to simplify significantly the data files for ‘1665 AdminToolKit’, as the vast majority of the fields are now optional. Take a look at the new
examples.
If you'd like to use the updated '1665 AdminToolKit’ you'll need to create a new OAuth client so it has the 'activities' access.
Postman remains optional
Should your organisation prohibit using Postman, you can still use these samples since a free, open-source command-line option is available. It means:
- You’ll need to update the ‘environment’ by editing a .json file rather than using the user interface.
- You’ll need to use the command line to run a script (Collection) rather than the user interface.
- There is no need to download the Postman app, connect to any Postman website or web service or register with Postman. The open-source option doesn’t require any internet connectivity to operate.
Feedback
- Feedback is very welcome.
- I’d love to hear if you like the new updates.
- However, please comment on the main blog post so others can find it all in one place.
Many thanks
Matthew Shaw @MattShaw_on_BI
Former Member