Freelancers
Cancel
 Sign In
Join Now

This article is mainly for partners and customers who wants to automate internal & external users sync (on-boarding) to SAP IAS by using the below SCIM APIs from your external system or applications. I have listed out all the examples for you to understand..

This below flow makes you understand to automate Users Sync from any of your 3rd party applications, so once user is on-boarded they would get appropriate access to SAP Applications

Note :

SAP Cloud Identity Services offers standard user provisioning sync through SAP IPS for user sync process with SCIM 2.0

IAS SCIM REST API provides developers to Create & Manage users, groups and custom schemas in the cloud.

For more information, see the latest SCIM API Documentation: Identity Directory SCIM REST APIInformation published on SAP site.

The identity directory provides a System for Cross-domain Identity Management (SCIM) 2.0 REST API for managing resources (users, groups and custom schema)

API Documentation for SAP IAS is available under SAP Cloud Identity Services

Get’s Started

Read Users

###  https://api.sap.com/api/IdDS_SCIM/resource Identity Directory Service
GET https://<iastenant>.accounts.ondemand.com/scim/Users
Content-Type: application/scim+json
Authorization: Basic @{{token}}

This is how you compare 2 different results from Deprecated API endpoint vs latest API endpoint

Filter Method

#### Filter on userName 
GET https://<iastenant>.accounts.ondemand.com/scim/Users?filter=userName eq "sapscaadmin@sap.com"
Authorization: Basic @{{token}}

Another example using sub filter on Json value

#### Filter on emails.value
GET https://<iastenant>.accounts.ondemand.com/scim/Users?filter=emails.value eq "sapscaadmin@sap.com"
Authorization: Basic @{{token}}

Another example to filter Users based on count and Index

###  https://api.sap.com/api/IdDS_SCIM/resource Identity Directory Service
GET https://<iastenant>.accounts.ondemand.com/scim/Users?startIndex=2&count=5
Content-Type: application/scim+json
Authorization: Basic @{{token}}

Create User

###
POST https://<iastenant>.accounts.ondemand.com/scim/Users
Content-Type: application/scim+json
Authorization: Basic @{{token}}

{
  "emails": [
    {
      "primary": true,
      "value": "abc@domain.com"
    }
  ],
  "active":"True",
  "name": {
    "familyName": "Muthaiah",
    "givenName": "Yogananda"
  },
  "schemas": [
    "urn:ietf:params:scim:schemas:core:2.0:User"
  ],
  "userName": "yoga"
}

Delete a User

#### Delete the user
DELETE https://<iastenant>.accounts.ondemand.com/scim/Users/280b8446-7ce2-4a91-b6a0-18777d1ffea2
Authorization: Basic @{{token}}

id refers Users GUID

Read Groups

###
GET https://<iastenant>.accounts.ondemand.com/scim/Groups
Content-Type: application/scim+json
Authorization: Basic @{{token}}

Create Groups

###
POST https://<iastenant>.accounts.ondemand.com/scim/Groups
Content-Type: application/scim+json
Authorization: Basic @{{token}}

{
  "displayName": "New group name",
  "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:Group",
        "urn:sap:cloud:scim:schemas:extension:custom:2.0:Group"
      ]
}

Assign Group to a User

###
PATCH https://<iastenant>.accounts.ondemand.com/scim/Groups/e26f6138-c382-4be5-addb-459186030f6e
Content-Type: application/scim+json
Authorization: Basic @{{token}}

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
  ],
  "Operations": [
    {
      "op": "add",
      "path": "members",
      "value": [
        {
          "display": "yoga",
          "value": "280b8446-7ce2-4a91-b6a0-18777d1ffea2"
        }
      ]
    }
  ]
}

Tags: Identity Authentication Identity Provisioning SAP Cloud Identity Access Governance SAP Commissions SAP Identity Management
Sara Sampaio

Sara Sampaio

Author Since: March 10, 2022

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x