Users
In the context of access management, users are individuals or entities that are granted access to specific resources. These resources can include applications, data, and other digital assets. Managing users is a critical aspect of access management, as it ensures that only authorized individuals or entities can access sensitive information or perform certain actions. In order to effectively manage users, access management systems often include features such as user authentication, authorization, and user account provisioning and deprovisioning.
At idaas.nl, you can manage users through the graphical user interface or the SCIM 2.0 API. This documentation focuses on managing users via SCIM 2.0.
TIP
In a federated setup, you may choose to rely on third-party identity providers such as Microsoft Entra ID to provide user data, eliminating the need to create users on your idaas.nl tenant. This approach can simplify user management and reduce the risk of errors or inconsistencies in user data. Read more about the concept of headless identity.
Search
SCIM 2.0 provides many possibilities for eaching. The example below provides an overview of the capabilities.
GET /api/scim/v2/Users?sortBy=id&sortOrder=descending&count=20&startIndex=0&filter=emails.value%20co%20%22ri%22 HTTP/1.1
Host: login.manage.idaas.nl
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjZiMmU0Y2M2OThiMmQ5ZGQ5ZmIzNDUzMTMzYjM4YTc0M2MyYmNiNTNhMGRkN2NkNzg2Yzc0NmFiYWZmNzMxZWZkNDgxNDJkNWFlZGVkZGRhIn0.eyJhdWQiOiI4ZWMzM2RiZi1kZDZlLTQxNDctYmYyMS0xZWNkM2MzNmUzMTEiLCJqdGkiOiI2YjJlNGNjNjk4YjJkOWRkOWZiMzQ1MzEzM2IzOGE3NDNjMmJjYjUzYTBkZDdjZDc4NmM3NDZhYmFmZjczMWVmZDQ4MTQyZDVhZWRlZGRkYSIsImlhdCI6MTU3OTU0ODY5NiwibmJmIjoxNTc5NTQ4Njk2LCJleHAiOjE1Nzk1NTIyOTUsInN1YiI6IjhmYThiYmUxLTg2OGUtNDVjZC1iMDI1LTBlMTgzYWU3YWE2ZCIsInNjb3BlcyI6WyJvcGVuaWQiLCJhcHBsaWNhdGlvbnM6bWFuYWdlIl19.KSKcExtSjwK7vNspfBLEAZgXFNwUgITwgTK66dYJc0b649aewr8Os2fZNSykljl4bvj5xPT7f7uoiNyajladSu175jZWU-j0Otb57EyGVvA-Sn6Zt5zWHVMaqnsrwrcKs4LGhBW21PB0WEXbSFfHGP72PTHAGbr8DqYS6J0wiyfA1omMzWlVTp2-jVBk_TOHUDohSQtJ9w_7e8mej1EnoyJonksp9-DN36oMR95DQLeid47IXqg265z5PdQT95YDbvn1yWrB9jsRmwhFYt_AiZQqOvQKTF2jQ9Uy25hFQ2h25hQyJ2mMamOI77pkyF64STWCTX84GiSJWgfQy4OfPQGET /api/scim/v2/Users?sortBy=id&sortOrder=descending&count=20&startIndex=0&filter=emails.value%20co%20%22ri%22 HTTP/1.1
Host: login.manage.idaas.nl
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImp0aSI6IjZiMmU0Y2M2OThiMmQ5ZGQ5ZmIzNDUzMTMzYjM4YTc0M2MyYmNiNTNhMGRkN2NkNzg2Yzc0NmFiYWZmNzMxZWZkNDgxNDJkNWFlZGVkZGRhIn0.eyJhdWQiOiI4ZWMzM2RiZi1kZDZlLTQxNDctYmYyMS0xZWNkM2MzNmUzMTEiLCJqdGkiOiI2YjJlNGNjNjk4YjJkOWRkOWZiMzQ1MzEzM2IzOGE3NDNjMmJjYjUzYTBkZDdjZDc4NmM3NDZhYmFmZjczMWVmZDQ4MTQyZDVhZWRlZGRkYSIsImlhdCI6MTU3OTU0ODY5NiwibmJmIjoxNTc5NTQ4Njk2LCJleHAiOjE1Nzk1NTIyOTUsInN1YiI6IjhmYThiYmUxLTg2OGUtNDVjZC1iMDI1LTBlMTgzYWU3YWE2ZCIsInNjb3BlcyI6WyJvcGVuaWQiLCJhcHBsaWNhdGlvbnM6bWFuYWdlIl19.KSKcExtSjwK7vNspfBLEAZgXFNwUgITwgTK66dYJc0b649aewr8Os2fZNSykljl4bvj5xPT7f7uoiNyajladSu175jZWU-j0Otb57EyGVvA-Sn6Zt5zWHVMaqnsrwrcKs4LGhBW21PB0WEXbSFfHGP72PTHAGbr8DqYS6J0wiyfA1omMzWlVTp2-jVBk_TOHUDohSQtJ9w_7e8mej1EnoyJonksp9-DN36oMR95DQLeid47IXqg265z5PdQT95YDbvn1yWrB9jsRmwhFYt_AiZQqOvQKTF2jQ9Uy25hFQ2h25hQyJ2mMamOI77pkyF64STWCTX84GiSJWgfQy4OfPQCreate
Create an user by executing a POST HTTP request to the designated endpoint.
POST /api/scim/v2/Users HTTP/1.1
Host: login.manage.idaas.nl
content-type: application/scim+json
Authorization: Bearer ...
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"urn:ietf:params:scim:schemas:core:2.0:User": {
"userName": "johndoe",
"password": "password123",
"active": false,
"emails": [
{
"value": "johndoe@example.com"
}
]
}
}POST /api/scim/v2/Users HTTP/1.1
Host: login.manage.idaas.nl
content-type: application/scim+json
Authorization: Bearer ...
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"urn:ietf:params:scim:schemas:core:2.0:User": {
"userName": "johndoe",
"password": "password123",
"active": false,
"emails": [
{
"value": "johndoe@example.com"
}
]
}
}Update
For updating an user you can choose between PATCH and PUT requests. The first allows updating a single attribute. The latter allows replacing the complete User object. Depending on your use case you should pick one of them, or in some scenarios, use both.
Example for how to activate the user created in the previous example with PUT.
PUT /api/scim/v2/Users/8624242 HTTP/1.1
Host: login.manage.idaas.nl
content-type: application/scim+json
Authorization: Bearer ...
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"urn:ietf:params:scim:schemas:core:2.0:User": {
"userName": "johndoe",
"password": "password123",
"active": true,
"emails": [
{
"value": "johndoe@example.com"
}
]
}
}PUT /api/scim/v2/Users/8624242 HTTP/1.1
Host: login.manage.idaas.nl
content-type: application/scim+json
Authorization: Bearer ...
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"urn:ietf:params:scim:schemas:core:2.0:User": {
"userName": "johndoe",
"password": "password123",
"active": true,
"emails": [
{
"value": "johndoe@example.com"
}
]
}
}Delete
DELETE /api/scim/v2/Users/8fa8bc07-3c93-4d11-a3f5-c843436da9e4 HTTP/1.1
Host: login.manage.idaas.nl
Authorization: Bearer ...DELETE /api/scim/v2/Users/8fa8bc07-3c93-4d11-a3f5-c843436da9e4 HTTP/1.1
Host: login.manage.idaas.nl
Authorization: Bearer ...DANGER
A deleted user cannot be restored. Therefore, it is sometimes better to choose to de-activate an user instead.
Attributes
Both when creating and updating a user you may provide a set of attributes. Out of the box, idaas.nl supports the following attributes.
User Name
A username the user can log in with.
urn:ietf:params:scim:schemas:core:2.0:User:userNameurn:ietf:params:scim:schemas:core:2.0:User:userNameDisplay Name
Shown in the user listing.
E-mail
Used to log in
Phone number
Retrievable via the scope `phone.