Create IAS Users (for SAP Jam) using Postman

florian_buech · ‎12-20-2017

Background:

As you may know, SAP Jam Collaboration comes in different versions from a technical foundation perspective. There are two different applications, where customers handle access management & user creation. SAP Jam doesn't have a standalone user management built in and no "native" login either. The two options are:

1) Based on SuccessFactors platform

2) Based on SAP Cloud Platform Identity Authentication Service (IAS). Here is a detailed blog on the general setup of IAS and SAP Jam.

IAS Basics:

For option 2) there are three different ways to create user records, which will then be automatically provisioned to SAP Jam.

Manual creation in the IAS web admin console (Link)

Bulk import using CSV. Note: only some fields are supported (Link)

Using the IAS SCIM API. Allows creation of full user record.

--> To fully automate the user provisioning customers usually choose the IAS SCIM API. While uploading users via CSV seems like the obvious option for quick tests, it’s quite limited because it only provides a subset of profile fields. Therefore I’d like to show how easy it is to use the SCIM API via Postman:

Part 1: Prepare IAS Admin User

To be able to create users in IAS using the SCIM API you need a technical user. Here’s how you create one:

Login to the IAS tenant admin console (https://<tenant ID>.accounts.ondemand.com/admin)

Open the Administrators tile

Create a new Admin User, with type = System

Enter a name for the admin / technical user & save your changes

Configure a secure password (I recommend to generate a password in e.g. Password Depot)

These credentials will be required for the basic authentication in Postman

Part 2: Prepare Postman

Make sure you have Postman installed (depending on your experience with Postman, you can create a new collection to store this new request)
- It can be downloaded here: https://www.getpostman.com/

Pick POST with the following endpoint: https://<tenant ID>.accounts.ondemand.com/service/scim/Users

Authorization:
- Select Basic Auth and enter the credentials from the System admin user you have created in IAS in part 1

Headers:
- Authorization = automatically generated based on the Basic Auth information
- Content-Type = application/scim+json

Body:
- Select raw and Text

Part 3: Creating Users

Paste / create a sample JSON for a user you want to create in IAS -> SAP Jam

A full example can be found here (Link)

Some fields (e.g. department) have pre-defined values. Adding custom ones via this SCIM API call won't work - you have to update the tenant master data texts using a separate API (Link); there is no UI available for this and it's required to perform this step in advance of using any of the desired custom values for e.g. department.

Example JSON:

{

    

    "userName": "johnsmithexample",



    "name": {



        "givenName": "John",



        "familyName": "Smith",



        "honorificPrefix": "Mr."



    },



    "emails": [{



        "value": "john.smith@example.com"



    }]

    

}

Part 4: Results

You've successfully created a user record in IAS using the SCIM API:

ParagJain · ‎05-22-2018

Very helpful Florian. Can we also assign groups while creating the user ? Or do that post user creation using the API ?

Regards,

Parag.

ParagJain · ‎05-22-2018

One more question. Can we set initial password as well (sendMail = false option)?

Regards,

Parag

former_member695296 · ‎05-18-2021

Thank you so much! This has been very helpful. I have been trying the update option. Can we create/update users on a mass basis?

florian_buech · ‎05-18-2021

Yes, initial password can be set (and activation e-mail sent / not sent). Same goes for creating / updating group assignments, also possible via the same API(s). Details are here: Manage Users SCIM REST API - SAP Help Portal

florian_buech · ‎05-18-2021

You could use for instance Postman Collection Runner for this purpose: Using the Collection Runner | Postman Learning Center

That's not a productive scenario / setup, as you of course still need to "trigger" the mass update / creation via this tool. Instead, you could then for instance use Identity Provisioning, to provision users into IAS (target system): Identity Authentication - SAP Help Portal

former_member743230 · ‎06-22-2021

Hi florian.buech ,

Thanks for the blog, very helpful.

I was looking for a way in generating token in postman for custom IDP (SAP IAS in my case). I followed this for default IDP it worked well for custom I could not find any way.

Your suggestions would be really helpful.

Thanks in advance!

dhiraj_jaiswal · ‎09-15-2021

Hi florian.buech , I'm trying to use client credentials to access the scim api but i'm getting 403 forbidden response . Can you please suggest the correct steps to achieve this?

florian_buech · ‎01-11-2022

Yes, groups can be assigned to the user entity directly - although the better approach would be using the "Groups" entity and assigning users to these objects directly instead. See here: Overview | Identity Directory Service | SAP API Business Hub

florian_buech · ‎01-11-2022

Hi Dhiraj, I would recommend using the newly added Overview | Identity Directory Service | SAP API Business Hub API instead of the SCIM REST API (which is deprecated).

sstan · ‎09-12-2023

Hi florian.buech , may I know how to setup the integration from another system to IAS and then change user password via API in IAS? Thanks.