Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Showing results for 
Search instead for 
Did you mean: 
yogananda
Product and Topic Expert
Product and Topic Expert


Dear All,


This article is mainly for partners and customers who wants to automate internal & external users sync (on-boarding) to SAP IAS by using the below SCIM APIs from your external system or applications. I have listed out all the examples for you to understand..

This below flow makes you understand to automate Users Sync from any of your 3rd party applications, so once user is on-boarded they would get appropriate access to SAP Applications










Note :


SAP Cloud Identity Services offers standard user provisioning sync through SAP IPS for user sync process with SCIM 2.0



IAS SCIM REST API provides developers to Create & Manage users, groups and custom schemas in the cloud.





For more information, see the latest SCIM API Documentation: Identity Directory SCIM REST APIInformation published on SAP site.

The identity directory provides a System for Cross-domain Identity Management (SCIM) 2.0 REST API for managing resources (users, groups and custom schema)





API Documentation for SAP IAS is available under SAP Cloud Identity Services



Get's Started






Read Users


###  https://api.sap.com/api/IdDS_SCIM/resource Identity Directory Service
GET https://<iastenant>.accounts.ondemand.com/scim/Users
Content-Type: application/scim+json
Authorization: Basic @{{token}}


This is how you compare 2 different results from Deprecated API endpoint vs latest API endpoint




Filter Method


#### Filter on userName 
GET https://<iastenant>.accounts.ondemand.com/scim/Users?filter=userName eq "sapscaadmin@sap.com"
Authorization: Basic @{{token}}


Another example using sub filter on Json value
#### Filter on emails.value
GET https://<iastenant>.accounts.ondemand.com/scim/Users?filter=emails.value eq "sapscaadmin@sap.com"
Authorization: Basic @{{token}}


Another example to filter Users based on count and Index
###  https://api.sap.com/api/IdDS_SCIM/resource Identity Directory Service
GET https://<iastenant>.accounts.ondemand.com/scim/Users?startIndex=2&count=5
Content-Type: application/scim+json
Authorization: Basic @{{token}}







Create User


###
POST https://<iastenant>.accounts.ondemand.com/scim/Users
Content-Type: application/scim+json
Authorization: Basic @{{token}}

{
"emails": [
{
"primary": true,
"value": "abc@domain.com"
}
],
"active":"True",
"name": {
"familyName": "Muthaiah",
"givenName": "Yogananda"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "yoga"
}







Delete a User


#### Delete the user
DELETE https://<iastenant>.accounts.ondemand.com/scim/Users/280b8446-7ce2-4a91-b6a0-18777d1ffea2
Authorization: Basic @{{token}}

id refers Users GUID







Read Groups


###
GET https://<iastenant>.accounts.ondemand.com/scim/Groups
Content-Type: application/scim+json
Authorization: Basic @{{token}}







Create Groups


###
POST https://<iastenant>.accounts.ondemand.com/scim/Groups
Content-Type: application/scim+json
Authorization: Basic @{{token}}

{
"displayName": "New group name",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group",
"urn:sap:cloud:scim:schemas:extension:custom:2.0:Group"
]
}







Assign Group to a User


###
PATCH https://<iastenant>.accounts.ondemand.com/scim/Groups/e26f6138-c382-4be5-addb-459186030f6e
Content-Type: application/scim+json
Authorization: Basic @{{token}}

{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "add",
"path": "members",
"value": [
{
"display": "yoga",
"value": "280b8446-7ce2-4a91-b6a0-18777d1ffea2"
}
]
}
]
}

19 Comments