Skip to content

Groups

In the context of the SCIM protocol, "Groups" refer to a collection of users. A group has a unique identifier and consists of members, which are typically users. Groups are used to manage common access to resources across multiple users. SCIM provides a standardized way to create, read, update, and delete group resources through a RESTful API. The group resources are represented as JSON objects, and include information such as the group's display name, members, and other relevant attributes.

List Groups

To list all groups with the SCIM protocol, you would send a GET request to the /Groups endpoint. This will return a list of all group resources in a JSON format.

Each group resource in the list will include information such as the group's unique identifier, display name, and members. The members are typically represented as an array of user identifiers.

/Groups

List Groups Including Members

SCIM permits the return of attributes only when specifically requested. The attributes parameter can be used to specify which attributes should be returned. Typically, the members attribute is returned only upon explicit request.

/Groups?attributes=members

Create Group

Create a group by sending a POST HTTP request to the /Groups endpoint.

Note

The SCIM specification does not define attribute name for Groups. However, attribute displayName is defined and is required.

/Groups
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"displayName": "Administrators"
}

Create Group with Members

Although uncommon, it is allowed to create a group and assign members in a single request.

/Groups
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"displayName": "Team X",
"members": [
{
"value": "Click to fill ⚡"
}
]
}

Assign User to Group

/Groups/Click to fill ⚡
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "add",
"path": "members",
"value": [
{
"value": "Click to fill ⚡"
}
]
}
]
}

Remove User from Group

There are multiple methods available for removing users from groups. This SCIM server currently supports the following method. You may specify multiple members to be removed.

/Groups/Click to fill ⚡
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "remove",
"path": "members",
"value": [
{
"value": "Click to fill ⚡"
}
]
}
]
}

Note that the following alternative request achieves the same result.

/Groups/Click to fill ⚡
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "remove",
"path": "members[value eq \"Click to fill ⚡\"]"
}
]
}

Patch Group

/Groups/Click to fill ⚡
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
],
"Operations": [
{
"op": "replace",
"path": "displayName",
"value": "Global Administrators"
}
]
}