Extending Core SCIM User

The SCIM core objects can be extended by attaching several objects and declaring these in the object schema. This section details which objects can be attached to the User object.

By only using these extensions, the service is compatible with clients that know nothing about the API extensions, as they can simply ignore them. For the creations of User and Group objects, as long as the calling client is SCIM compliant (and the data is valid), then they are able to use the API.

Note: The API version supported by HID Authentication Service is 10.3.0.

To use the version-specific parameters/attributes, you must add api-version=N to the query parameter.

Previous versions of the API are also supported with the corresponding functionality. For details of the version updates, see SCIM API Revision History.

urn:hid:scim:api:idp:2.0:UserAttribute

Optionally attached to User, the list of updateable attributes for the resource.

Verb usage: GET(read), POST(create), PUT(replace)

Attributes – an array of urn:hid:scim:api:idp:2.0:Attribute:

  • name – the name of the attribute. Required for all calls.

  • type – the type of attribute from (STRING). Only returned.

  • multiValued - defines if the attribute can contain an array of multiple values. Only returned for custom attributes.

  • value – the value of the attribute. Required for all calls.

    For custom attributes, this property must contain an array of one or multiple values if multiValued is true.

    If multiValued is true and the value is not an array, an error is returned.

  • readOnly – if the attribute is allowed to be updated as some are read only. Only returned.

Copy

Example

"urn:hid:scim:api:idp:2.0:UserAttribute": {
    "attributes": [
        {
            "name": "FIRSTNAME",
            "type": "string",
            "value": "John",
            "readOnly": false
        },
        {
            "name": "CUSTOM_ATTRIBUTE_OFFICE",
            "type": "string",
            "multiValued": true,
            "value": [
                "London",
                "Paris"
            ],
            "readOnly": false
        }
    ]
}

urn:hid:scim:api:idp:2.0:UserDevice

Optionally attached to User, the list of devices bound to the user.

Verb usage: GET(read), PUT(replace), POST .search

Devices – an array of urn:hid:scim:api:idp:2.0:MemberRef:

  • display – the serial number of the device

  • friendlyName – the friendly name of the device (returned only if query parameter api-version=2 or later is used)

  • value – the internal device ID. Required for all calls

  • lastSuccessfulDate - timestamp for the last successful authentication with the device (returned only if query parameter api-version=7 or later is used)

  • lastSuccessfulAuthPolicy - authentication policy used for the last successful authentication with the device (returned only if query parameter api-version=7 or later is used)

  • $ref – url to find the device. Only returned.

Copy

Example

"urn:hid:scim:api:idp:2.0:UserDevice": {
    "devices":    [{    
        "display": "969c082357acb375f051d4897f9f1518",
        "value": "13527",
        "friendlyName": "HID Crescendo Key",
        "lastSuccessfulDate": "2023-02-17T16:18:06Z",
        "lastSuccessfulAuthPolicy": "AT_FIDO",
        "$ref": "https://[base-server-url]/SCIM/tenant/v2/Device/13527"
    }]
}

urn:hid:scim:api:idp:2.0:UserAuthenticator

Optionally attached to User, this lists the User Authenticators.

Verb usage: GET(read), to update see Create an Authenticator

Authenticators – an array of urn:hid:scim:api:idp:2.0:MemberRef:

  • value – the internal user id and authentication type code. Required for all calls.

  • $ref – URL to find the authenticator. Only returned.

Copy

Example

"urn:hid:scim:api:idp:2.0:UserAuthenticator": {
    "authenticators": [{
        "value": "12345667.AT_UP",
        "$ref": " https://[base-server-url]/SCIM/tenant/v2/Authenticator/12345667.AT_UP"
    }]
}

urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

Optionally attached to User, this lists the user’s company name using the organization parameter.

Verb usage: POST, GET(read), PUT, PATCH(add/replace/remove).

Attributes – an array of urn:hid:scim:api:idp:2.0:Attribute:

  • name – CMPNY_NAME

  • type – the type of attribute from (STRING). Only returned.

  • value – the value of the CMPNY_NAME attribute.

  • readOnly – if the attribute is allowed to be updated by the caller, as some are read only. Only returned.

Copy

Example

"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
    "organization": "COMPANY_1"
    },
    "urn:hid:scim:api:idp:2.0:UserAttribute": {
        "attributes": [
            {
                "name": "CMPNY_NAME",
                "type": "string",
                "value": "COMPANY_1",
                "readOnly": false
            },
            {
                "name": "EXTERNALID",
                "type": "string",
                "value": "user@company.com",
                "readOnly": false
            }
        ]
    }
}