Organization REST API
The Organization endpoint allows managing your organization's structure.
In ActivID Appliance, an organization resource represents a Security Domain A specific data instance in the ActivID Appliance database. It provides a complete segregation of data for different business units within a single deployment..
In the federation use case, one tenant (federating) can perform operations defined by the scope of permissions in the other tenant (federated). The federating tenant uses the organizationDelegation attributes of the SCIM API when creating a federated tenant.
See also the Create an Organization Adapter tutorial.
To use the version-specific parameters/attributes, you must add api-version=N to the query parameter.
Previous versions of the API are also supported with the corresponding functionality.
Method Details
HTTPS Method | Entity Action | Request URI | Description |
---|---|---|---|
GET |
Read |
/scim/{tenant}/v2/Organization/ |
Get all organizations filtered by attributes |
GET |
Read |
/scim/{tenant}/v2/Organization/{id}:(String) |
Retrieve an organization |
POST |
Create |
/scim/{tenant}/v2/Organization/ |
Create new organization |
POST |
Search |
/scim/{tenant}/v2/Organization/.search |
Search for organization |
PUT |
Replace |
/scim/{tenant}/v2/Organization/{id}:(String) |
Fully replace a known organization |
DELETE |
Delete |
/scim/{tenant}/v2/Organization/{id}:(String) |
Delete a known organization |
Required Permissions
Function | Required Permissions |
---|---|
GET |
|
CREATE |
|
REPLACE |
|
DELETE |
|
SEARCH |
|
Create an Organization
[POST] /Organization
Accept: application/scim+json
Sample Request
{
"id": "MY_ORG",
"externalId": "MY_ORGANIZATION_EXTERNALID",
"type": "TEMENOS",
"initialPassword": "myInitialPassword",
"publicAttributes": [{
"name": "param1",
"type": "string",
"value": "value1",
"readOnly": false
}, {
"name": "param2",
"type": "string",
"value": "value2",
"readOnly": false
}
],
"organizationDelegation": {
"schemas": ["urn:hid:scim:api:idp:2.0:OrganizationDelegation"],
"idProof": "dGhpc0lzQVJhbmRvbVNlbnRlbmNl",
"id": "id",
"delegatedRoles": [
"RL_1",
"RL_2"
]
},
"organizationBranding": {
"hidApproveCustoFiles": [{
"filename": "myCustoFile0.json",
"fileAsBase64": "<myCustoFile0 b64>"
}, {
"filename": "myCustoFile1.json",
"fileAsBase64": "<myCustoFile1 b64>"
}
],
"authPortalCustoFile": {
"filename": "myCustoFile.json",
"fileAsBase64": "<myCustoFile b64>"
}
}
}
Sample Response
HTTP 200 OK
{
"schemas": ["urn:hid:scim:api:idp:2.0:Organization"],
"id": "MY_ORG",
"externalId": "MY_ORGANIZATION_EXTERNALID",
"meta": {
"resourceType": "Organization",
"location": "https://[base-server-url]/scim/tenant/v2/Organization/MY_ORG",
"version": "1"
},
"type": "TEMENOS",
"initialPassword": "myInitialPassword",
"publicAttributes": [
{
"name": "param1",
"type": "string",
"value": "value1",
"readOnly": false
},
{
"name": "param2",
"type": "string",
"value": "value2",
"readOnly": false
}
],
"organizationDelegation": {
"schemas": ["urn:hid:scim:api:idp:2.0:OrganizationDelegation"],
"id": "id",
"idProof": "dGhpc0lzQVJhbmRvbVNlbnRlbmNl",
"delegatedRoles": [
"RL_1",
"RL_2"
]
},
"organizationBranding": {
"hidApproveCustoFiles": [
{
"filename": "myCustoFile0.json"
},
{
"filename": "myCustoFile1.json"
}
],
"authPortalCustoFile": {
"filename": "myCustoFile.json"
}
}
}
Get an Organization
[GET] /Organization/{id}
Sample Response
{
"schemas": ["urn:hid:scim:api:idp:2.0:Organization"],
"id": "MY_ORG",
"externalId": "MY_ORGANIZATION_EXTERNALID",
"publicAttributes": [
{
"name": "param1",
"type": "string",
"value": "value1",
"readOnly": false
},
{
"name": "param2",
"type": "string",
"value": "value2",
"readOnly": false
}
],
"organizationDelegation": {
"schemas": ["urn:hid:scim:api:idp:2.0:OrganizationDelegation"],
"id": "DELEG_ORGANIZATION_ID",
"externalId": "DELEG-ORG-EXTERNALID",
"idProof": "dGhpc0lzQVJhbmRvbVNlbnRlbmNl",
"delegatedRoles": [
"RL_1",
"RL_2"
]
}
}
Replace an Organization
The implementation is the same as for Create an Organization:
-
externalId is required.
-
An organizationDelegation can be specified.
-
An organizationBranding can be specified.
Also, the uid in the URL must match the id in the request body.
PUT /scim/{tenant}/v2/Organization/{uid}
{
"schemas": ["urn:hid:scim:api:idp:2.0:Organization"],
"id": "{uid}",
...
}
Search for an Organization
Supported search criteria are:
SCIM Attribute | Operators supported |
---|---|
type |
eq |
externalid |
eq |
id |
eq |
Sample Request
{
"schemas":["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],
"filter": "type eq mytype and id eq myid and externalid eq myexternalid and MYPARAM eq MYVALUE and MYPARAM1 eq MYVALUE1"
}
Where:
-
Other filter names can be used to search organizations by their parameters.
-
You can use the and operator within the filters.
For further information, see Searching with the SCIM API.
Sample Response
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
"totalResults": 2,
"resources": [
{
"schemas": ["urn:hid:scim:api:idp:2.0:Organization"],
"id": "1111",
"externalId": "MYORG"
},
{
"schemas": ["urn:hid:scim:api:idp:2.0:Organization"],
"id": "2222",
"externalId": "MYORG"
}
]
}
If you are using the provided organization adapter sample, search organization will always return the sample response above.
If you enable DEBUG server logs and if you are using the provided organization adapter sample, filters value are logged in the following order:
externalid
id
type
- param name - param value
For example, the sample request above will log:
2017-10-23 14:06:12,084 [default task-6] DEBUG (OrganizationAdapterSample.java:89) - search organization
2017-10-23 14:06:12,084 [default task-6] DEBUG (OrganizationAdapterSample.java:91) - myexternalid
2017-10-23 14:06:12,085 [default task-6] DEBUG (OrganizationAdapterSample.java:92) - myid
2017-10-23 14:06:12,085 [default task-6] DEBUG (OrganizationAdapterSample.java:93) - mytype
2017-10-23 14:06:12,085 [default task-6] DEBUG (OrganizationAdapterSample.java:100) - MYPARAM - MYVALUE
2017-10-23 14:06:12,086 [default task-6] DEBUG (OrganizationAdapterSample.java:100) - MYPARAM1 - MYVALUE1
For further information, see Searching with the SCIM API.
Delete an Organization
All the delete endpoints follow the same standard pattern and can be reached through the following URL pattern:
Accept: application/scim+json