This endpoint has several restrictions.
The only operations you in practice can perform on an existing user through the PATCH endpoint are:
-Change roles
-Change ‘active-status’ (Soft delete)
Endpoint | Method |
---|---|
| PATCH |
This endpoint is a PATCH endpoint and supports 1 or more changes through a list of Operation elements
Request-object:
{ "Operations": [ { "op": "<Operation>", "path": "<property-path", "value": "<new-property-value>" } , { "op": "<Operation>", "path": "<property-path", "value": "<new-property-value>" } ] }
Property | Type | Required |
|
---|---|---|---|
op | Type of operation. | yes |
|
path | The path to the property to change | yes | |
value | The value of the property to change | yes |
Sample-Request:
curl --location --request PATCH '[API-URL]/scim/Users/a3792aca-8f99-4d4b-a1f2-2b31e871b634' \ --header 'Authorization: Bearer [API-TOKEN]' \ --header 'Content-Type: application/json' \ --data-raw '{ "Operations": [ { "op": "Replace", "path": "externalId", "value": "externalId-changed" }, { "op": "Replace", "path": "userName", "value": "newUsername@domain.com" }, { "op": "Replace", "path": "active", "value": true }, { "op": "Replace", "path": "name.givenName", "value": "NewFirstname" }, { "op": "Replace", "path": "name.familyName", "value": "NewLastname" }, { "op": "Add", "path": "roles", "value": [ { "value": "{\"value\":\"TalentechGroupTest1\"}" }, { "value": "{\"value\":\"TalentechGroupTest2\"}" } ] } ] }'
Special Notes:
Roles-path : Alway use OP=ADD and supply ALL roles the user should have
When using the path 'Roles, the operationtype(op) MUST be of value “Add”.
The Value parameter should contain ALL the roles the user should have, not just the roles you want added.
This is a known limitation/discrepancy in the API currently.
Each “value” element inside the “value” array, must contain a serialized string of an object with a “value” property.
The reasoning behind this, is that this is how AzureAD has currently implemented the usage of SCIM, and how they send data.
Violation of Uniqueness for ExternalId and Username results in 500-Exception
If a user within the same integration has the same ExternalId or Username ,the API will throw a 500 exception without any further explanations
Username-change causes user to be placed in sync-quarantine
TalentechAdmin does currently not support username-changes. Users who have their username changed will be placed in quarantine. The change will not be synced to Talentechadmin and the username for a TalentechId account will not be changed.
Firstname & lastname change will NOT propagate
TalentechAdmin does currently not support changing a users firstname and lastname.
These changes will not propagate to Talentechadmin or the TalentechId accounts.
Responses:
200 OK | |
---|---|
Statuscode | 200 |
Response-body: The User after the change Sample-response: { "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {}, "active": true, "meta": { "resourceType": "User" }, "name": { "familyName": "NewLastname", "givenName": "NewFirstname" }, "roles": [ { "display": "TalentechGroupTest1", "value": "TalentechGroupTest1", "type": "WindowsAzureActiveDirectoryRole", "primary": false }, { "display": "TalentechGroupTest2", "value": "TalentechGroupTest2", "type": "WindowsAzureActiveDirectoryRole", "primary": false } ], "userName": "newUsername@domain.com", "externalId": "externalId-changed", "id": "a3792aca-8f99-4d4b-a1f2-2b31e871b634", "schemas": [ "urn:ietf:params:scim:schemas:core:2.0:User", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" ] }
|