Skip to Content
Author's profile photo Florian Buech

Create IAS Users (for SAP Jam) using Postman

Background:

As you may know, SAP Jam Collaboration comes in different versions from a technical foundation perspective. There are two different applications, where customers handle access management &  user creation. SAP Jam doesn’t have a standalone user management built in and no “native” login either. The two options are:

1) Based on SuccessFactors platform

2) Based on SAP Cloud Platform Identity Authentication Service (IAS). Here is a detailed blog on the general setup of IAS and SAP Jam.

IAS Basics:

For option 2) there are three different ways to create user records, which will then be automatically provisioned to SAP Jam.

  1. Manual creation in the IAS web admin console (Link)
  2. Bulk import using CSV.  Note: only some fields are supported (Link)
  3. Using the IAS SCIM API. Allows creation of full user record.

–> To fully automate the user provisioning customers usually choose the IAS SCIM API. While uploading users via CSV seems like the obvious option for quick tests, it’s quite limited because it only provides a subset of profile fields. Therefore I’d like to show how easy it is to use the SCIM API via Postman:

Part 1: Prepare IAS Admin User

To be able to create users in IAS using the SCIM API you need a technical user. Here’s how you create one:

  • Login to the IAS tenant admin console (https://<tenant ID>.accounts.ondemand.com/admin)
  • Open the Administrators tile
  • Create a new Admin User, with type = System
  • Enter a name for the admin / technical user & save your changes
  • Configure a secure password (I recommend to generate a password in e.g. Password Depot)
  • These credentials will be required for the basic authentication in Postman

Part 2: Prepare Postman

  • Make sure you have Postman installed (depending on your experience with Postman, you can create a new collection to store this new request)
  • Pick POST with the following endpoint: https://<tenant ID>.accounts.ondemand.com/service/scim/Users
  • Authorization:
    • Select Basic Auth and enter the credentials from the System admin user you have created in IAS in part 1
  • Headers:
    • Authorization = automatically generated based on the Basic Auth information
    • Content-Type = application/scim+json
  • Body:
    • Select raw and Text

Part 3: Creating Users

  • Paste / create a sample JSON for a user you want to create in IAS -> SAP Jam
  • A full example can be found here (Link)
  • Some fields (e.g. department) have pre-defined values. Adding custom ones via this SCIM API call won’t work – you have to update the tenant master data texts using a separate API (Link); there is no UI available for this and it’s required to perform this step in advance of using any of the desired custom values for e.g. department.
  • Example JSON:
    • {
          
          "userName": "johnsmithexample",
      
          "name": {
      
              "givenName": "John",
      
              "familyName": "Smith",
      
              "honorificPrefix": "Mr."
      
          },
      
          "emails": [{
      
              "value": "john.smith@example.com"
      
          }]
          
      }

 

Part 4: Results

  • You’ve successfully created a user record in IAS using the SCIM API:

Assigned Tags

      9 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Parag Jain
      Parag Jain

      Very helpful Florian. Can we also assign groups while creating the user ? Or do that post user creation using the API ?

      Regards,

      Parag.

      Author's profile photo Florian Buech
      Florian Buech
      Blog Post Author

      Yes, groups can be assigned to the user entity directly - although the better approach would be using the "Groups" entity and assigning users to these objects directly instead. See here: Overview | Identity Directory Service | SAP API Business Hub

      Author's profile photo Parag Jain
      Parag Jain

      One more question. Can we set initial password as well  (sendMail = false option)?

      Regards,

      Parag

      Author's profile photo Florian Buech
      Florian Buech
      Blog Post Author

      Yes, initial password can be set (and activation e-mail sent / not sent). Same goes for creating / updating group assignments, also possible via the same API(s). Details are here: Manage Users SCIM REST API - SAP Help Portal

      Author's profile photo Kamalika Barua
      Kamalika Barua

      Thank you so much! This has been very helpful. I have been trying the update option. Can we create/update users on a mass basis?

      Author's profile photo Florian Buech
      Florian Buech
      Blog Post Author

      You could use for instance Postman Collection Runner for this purpose: Using the Collection Runner | Postman Learning Center

      That's not a productive scenario / setup, as you of course still need to "trigger" the mass update / creation via this tool. Instead, you could then for instance use Identity Provisioning, to provision users into IAS (target system): Identity Authentication - SAP Help Portal

      Author's profile photo varun bhargav
      varun bhargav

      Hi Florian Buech ,

      Thanks for the blog, very helpful.

      I was looking for a way in generating token in postman for custom IDP (SAP IAS in my case). I followed this for default IDP it worked well for custom I could not find any way.

      Your suggestions would be really helpful.

       

      Thanks in advance!

      Author's profile photo Dhiraj Jaiswal
      Dhiraj Jaiswal

      Hi Florian Buech , I'm trying to use client credentials to access the scim api but i'm getting 403 forbidden response . Can you please suggest the correct steps to achieve this?

      Author's profile photo Florian Buech
      Florian Buech
      Blog Post Author

      Hi Dhiraj, I would recommend using the newly added Overview | Identity Directory Service | SAP API Business Hub API instead of the SCIM REST API (which is deprecated).