SCIM
SCIM is a System for Cross Domain Identity Management, allowing external user management systems to publish user information into i-net PDFC. This is especially useful for importing user data from Microsoft Entra ID. SCIM is defined in RFC 7643 and 7644.
The Web API serves as an endpoint for connecting services and can also be used for customized programs to access user and group information.
Commands
The following commands are available for the Task Planner Web API:
Command | Description |
---|---|
/Me | Access information about the currently logged-in user |
/Users | Access information about users |
/Groups | Access information about user groups |
/ServiceProviderConfiguration | Returns the configuration of the SCIM end-point |
/ResourceTypes | Returns the registered SCIM resource types |
/Schemas | Returns the schemas of the SCIM end-point |
Notes and Limitation
The SCIM implementation of i-net PDFC does not fully support all features as defined in the RFC, specifically it does not support complex attribute filtering and sorting of results.
Also, bulk operations as well as the .search
handler are not supported.
Attribute Filters
As per section 3.9 of RFC 7644 you can filter response attributes using a parameter attributes
and excludedAttributes
. However, you may only use the dot-notation to address sub-attributes. Multiple attributes are separated by a comma.
Filtering response attributes allows retrieving smaller response objects.
Filter Support
Limited filter functions are available for the /Users handler, using the parameter filter
. Only top-level attributes can be filtered, such as userName
. There is no support for sub-attribute filtering, such name.givenName
.
For the filtering syntax, see section 3.4.2.2 of RFC 7644.
Example:
# Return users with a username that equals one of bjensen or jsmith, only if the users' age is above 24. filter='(userName eq "bjensen" or userName eq "jsmith") and age gt "24"'