Understand the SCIM Implementation
Before provisioning and managing users with SCIM, get familiar with the Salesforce SCIM implementation. For example, see the available services and schema and learn about supported resource types, entitlements, roles, and groups.
Required Editions
| Available in: Salesforce Classic and Lightning Experience |
| Available in: All Editions |
Look at these example SCIM implementations.
Access Services
To request the capabilities of the Salesforce SCIM implementation, send a GET request to ServiceProviderConfigs endpoint, as shown in
this example.
Request:
GET https://mycompany.my.salesforce.com/services/scim/v2/ServiceProviderConfigsResponse:
HTTP/1.1 200 OK
...
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"
],
"documentationUri": "https://help.salesforce.com/HTViewHelpDoc?id=identity_scim_overview.htm",
"patch": {
"supported": true
},
"bulk": {
"supported": false,
"maxOperations": 0,
"maxPayloadSize": 0
},
"filter": {
"supported": true,
"maxResults": 200
},
"changePassword": {
"supported": true
},
"sort": {
"supported": false
},
"etag": {
"supported": false
},
"authenticationSchemes": [
{
"type": "oauth2",
"name": "OAuth v2.0",
"description": "Authentication Scheme using the OAuth Standard",
"specUri": "http://tools.ietf.org/html/rfc6749",
"documentationUri": "https://help.salesforce.com/apex/HTViewHelpDoc?id=remoteaccess_authenticate.htm",
"primary": true
}
],
"meta": {
"location": "https://mycompany.my.salesforce.com/services/scim/v2/ServiceProviderConfig/",
"resourceType": "ServiceProviderConfig",
"version": "9d36b0f3f1a75a151ca1cfe16d99f7dc2a575b9c"
}
}
Access Schema
To see what fields are available for each schema, send a GET request to the Schemas endpoint. Here’s an example.
Request:
GET https://mycompany.my.salesforce.com/services/scim/v2/SchemasResponse:
HTTP/1.1 200 OK
...
{
"totalResults": 9,
"itemsPerPage": 9,
"startIndex": 1,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"Resources": [
{
"id": "urn:ietf:params:scim:schemas:core:2.0:User",
"name": "User",
"description": "SCIM core resource for representing users",
"attributes": [
{
"name": "id",
"type": "string",
"multiValued": false,
"description": "Unique identifier for the SCIM resource as defined by the Service Provider.",
"mutability": "readOnly",
"required": false,
"caseExact": false,
"uniqueness": "server"
},
...
"meta": {
"location": "https://mycompany.my.salesforce.com/services/scim/v2/Schemas/urn:salesforce:schemas:extension:2.0",
"resourceType": "Schema"
}
}
],
"meta": {
"location": "https://mycompany.my.salesforce.com/services/scim/v2/Schemas",
"resourceType": "ListResponse"
}
}
Access Resource Types
To see what resources are available for each schema and what they can be used for, send a GET request to the ResourceTypes endpoint, as shown in this example.
Request:
GET https://mycompany.my.salesforce.com/services/scim/v2/ResourceTypesResponse:
HTTP/1.1 200 OK
...
{
"totalResults": 4,
"itemsPerPage": 4,
"startIndex": 1,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"Resources": [
{
"id": "urn:ietf:params:scim:schemas:core:2.0:User",
"name": "User",
"description": "Resource type for Users. Users are things that can login.",
"endpoint": "/Users",
"schema": "urn:ietf:params:scim:schemas:core:2.0:User",
"schemaExtensions": [
{
"schema": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
{
"id": "urn:ietf:params:scim:schemas:core:2.0:Group",
"name": "Group",
"description": "Resource type for Groups. Group govern some access and sharing.",
"endpoint": "/Groups",
"schema": "urn:ietf:params:scim:schemas:core:2.0:Group",
"meta": {
"location": "https://mycompany.my.salesforce.com/services/scim/v2/Groups",
"resourceType": "ResourceType"
}
},
{
"id": "urn:salesforce:schemas:extension:1.0:Entitlement",
"name": "Entitlement",
"description": "Resource type for Entitlements. Entitlements including Profiles and Permission Sets.",
"endpoint": "/Entitlements",
"schema": "urn:salesforce:schemas:extension:1.0:Entitlement",
"meta": {
"location": "https://mycompany.my.salesforce.com/services/scim/v2/Entitlements",
"resourceType": "ResourceType"
}
},
{
"id": "urn:salesforce:schemas:extension:1.0:Role",
"name": "Role",
"description": "Resource type for Roles. Roles can control sharing.",
"endpoint": "/Roles",
"schema": "urn:salesforce:schemas:extension:1.0:Role",
"meta": {
"location": "https://mycompany.my.salesforce.com/services/scim/v2/Roles",
"resourceType": "ResourceType"
}
}
],
"meta": {
"location": "https://mycompany.my.salesforce.com/services/scim/v2/ResourceTypes",
"resourceType": "ListResponse",
"version": "14d2be21268f9999b31b55fed2ae855f604af8c0"
}
}
Access Profiles and Permission Sets
To see what profiles and permission sets are available, send a GET request to the Entitlements endpoint. This example shows a System Administrator profile.
Request:
GET https://mycompany.my.salesforce.com/services/scim/v2/EntitlementsResponse:
HTTP/1.1 200 OK
...
{
"totalResults": 50,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"Resources": [
{
"schemas": [
"urn:salesforce:schemas:extension:1.0:Entitlement"
],
"id": "00e4W000002Kw0XQAS",
"displayName": "System Administrator",
"type": "Profile",
"members": [
{
"value": "0054W00000CUpYBQA1",
"display": "User Name",
"$ref": "https://mycompany.my.salesforce.com/services/scim/v2/Users/0054W0..."
}
],
"meta": {
"created": "2020-10-22T09:14:27Z",
"lastModified": "2020-10-22T09:16:24Z",
"location":
...
}
}
]
}
Access Roles
To see what roles are available, send a GET request to the Roles endpoint. Here’s an example of the Manager role.
Request:
GET https://mycompany.my.salesforce.com/services/scim/v2/RolesResponse:
HTTP/1.1 200 OK
...
{
"totalResults": 1,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"Resources": [
{
"schemas": [
"urn:salesforce:schemas:extension:1.0:Role"
],
"id": "00ERM000001...",
"displayName": "Manager",
"members": [],
"meta": {
"lastModified": "2020-10-19T08:19:50Z",
"location": "https://mycompany.my.salesforce.com/services/scim/v2/Roles/00ERM00...",
"resourceType": "Role",
"version": "7dbe0bfe915bb9e6b87dfae045280c7b2d2e7aa7"
}
}
]
}
Access Groups
To see what groups are available, send a GET request to the Groups endpoint, as shown here.
Request:
GET https://mycompany.my.salesforce.com/services/scim/v2/GroupsResponse:
HTTP/1.1 200 OK
...
{
"totalResults": 1,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"Resources": [
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"id": "00GRM000001byNa2AI",
"displayName": "Stamford",
"type": "Regular",
"members": [],
"meta": {
"created": "2020-09-03T09:07:05Z",
"lastModified": "2020-09-03T09:07:05Z",
"location": "https://mycompany.my.salesforce.com/services/scim/v2/Groups/00GRM0000...",
"resourceType": "Group",
"version": "7d132cc25b599ed67dbd6290a9da095a7364333e"
}
}
]
}
In this example, the GET request returns a maximum of 200 results. To override this maximum return limit, use this GET request instead.
GET https://mycompany.my.salesforce.com/services/scim/v2/Groups/*Did this article solve your issue?
Let us know so we can improve!
