Skip to content

Build SCIM 2.0 user creation payloads

This guide provides information on building user creation payloads that align with the SCIM 2.0 specification. Follow the steps below to ensure your user creation payload meets the standard requirements.

Step 1 : Determine the associated schema

Asgardeo maps user attributes to the following SCIM 2.0 schemas:

  • Core Schema
  • User Schema
  • Enterprise Schema
  • Custom Schema

The first step of building a SCIM 2.0 payload is to identify the schema mapping for your user attribute.

Note

For a user attribute,

  • if it is mapped to the Core Schema or the User Schema, the schema URI does not need to be included in the SCIM payload.

    {
      "name": {
        "givenName": "Kim",
        "familyName": "Berry"
      },
      "username": "kimberry"  
    }
    
  • If it is mapped to Enterprise Schema or Custom Schema, it needs to be placed under the namespace of the corresponding schema.

    {
     "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
       "employeeNumber": "1234A"
     },
     "urn:scim:wso2:schema": {
       "customAttribute": "xyz"
     }
    }
    

Step 2 : Identify the attribute type

Each SCIM attribute belongs to one of the following types, which determine how the attribute is formatted in the payload.

  • Single-valued Attributes contain a single value.

    • Simple Attributes contain a single attribute.

      {
        "userName": "kim"
      }
      
    • Complex Attributes contain multiple sub-attributes.

      {
        "name": {
          "givenName": "Kim",
          "familyName": "Berry"
        }
      }
      
  • Multi-Valued Attributes hold multiple values

    • Simple Attributes contain a single attribute.

      {
          "devices": ["d1", "d2"]
      }
      
    • Complex Attributes contain multiple sub-attributes.

      {
        "emails": [
          {
            "value": "[email protected]",
            "primary": true
          },
          {
            "type": "work",
            "value": "[email protected]"
          }
        ]
      }
      

Info

The following references provide comprehensive information about SCIM attribute types and their respective definitions. These details can help identify the type of attributes used in SCIM 2.0 payloads:

  • For attributes under core schema, user schema and SCIM2 specification-defined enterprise schema, refer to RFC 7643 Section 8.7.1.

  • For custom schema attributes, check the dataType meta attribute of the mapped local attribute.

Step 3: Build the payload

Let's combine the two steps above and build the payload for each attribute type.

For Core and User schemas

The schema URI does not need to be included in the user creation payload. Therefore, you can simply add the attributes and their values to the payload as shown below.

  • Single-valued simple attributes

    {
      "userName": "kim"
    }
    
  • Single-valued complex attributes.

    {
      "name": {
        "givenName": "Kim",
        "familyName": "Berry"
      }
    }
    
  • Multi-Valued complex attributes

    Note

    By default, core schema, user schema, and enterprise schema do not have multi-valued simple attributes.

    {
      "emails": [
        {
          "value": "[email protected]",
          "primary": true
        },
        {
          "type": "work",
          "value": "[email protected]"
        }
      ]
    }
    

For other schemas

The schema URI needs to be included in the user creation payload. Therefore, when you are adding such an attribute be sure to do so under the relevant schema.

  • Single-valued simple attributes

    {
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":
      "employeeNumber": "1234A"
    }
    
  • Single-valued complex attributes.

    {
      "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": 
        "manager": {
          "value": "Taylor",
          "displayName": "Taylor Smith"
        }
    }
    
  • Multi-valued simple attributes

    {
      "urn:scim:wso2:schema":
        "devices": ["d1", "d2"]
    }
    

Example Payload

{
 "schemas": [
   "urn:ietf:params:scim:schemas:core:2.0:User",
   "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
   "urn:scim:wso2:schema"
 ],
 "userName": "kim",
 "password": "MyPa33w@rd",
 "name": {
   "givenName": "Kim",
   "familyName": "Berry"
 },
 "emails": [
   {
     "value": "[email protected]",
     "primary": true
   },
   {
     "type": "work",
     "value": "[email protected]"
   }
 ],
 "phoneNumbers": [
   {
     "type": "mobile",
     "value": "+1234567890"
   },
   {
     "type": "work",
     "value": "+0987654321"
   }
 ],
 "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
   "employeeNumber": "1234A",
   "division": "R&D",
   "manager": {
     "value": "Taylor",
     "displayName": "Taylor Smith"
   }
 },
 "urn:scim:wso2:schema": {
   "customAttribute": "customValue",
   "devices": ["d1", "d2"]
 }
}