search

SCIM2 Users

SCIM 2.0 compliant endpoints for user provisioning and management. These endpoints follow the System for Cross-domain Identity Management (SCIM) 2.0 specification.

Learn more about SCIM 2.0arrow-up-right

hashtag
List all users

get

Retrieves a list of users in SCIM 2.0 format with support for filtering and pagination.

hashtag
SCIM 2.0 Compliance

This endpoint follows the SCIM 2.0 specification for listing resources.

hashtag
Supported Filters

hashtag
Important Notes!

  • Only active users are returned in the list

  • Pagination uses 1-based indexing per SCIM specification

  • The filter parameter supports SCIM filter syntax

Authorizations
AuthorizationstringRequired

API authentication using Bearer tokens. Include your API token in the Authorization header: Authorization: Bearer <your-api-token>

Tokens can be obtained from the Opsera platform's API token management interface.

Query parameters
filterstringOptional

SCIM filter expression

Example: userName eq "[email protected]"
startIndexinteger · min: 1Optional

1-based index of the first result

Default: 1
countinteger · min: 1Optional

Number of results per page

Default: 100
Responses
chevron-right
200

Successfully retrieved users list

application/scim+json
schemasstring[]OptionalExample: ["urn:ietf:params:scim:api:messages:2.0:ListResponse"]
totalResultsintegerOptional

Total number of results

startIndexintegerOptional

Starting index of results

itemsPerPageintegerOptional

Number of items per page

Resourcesobject[]Optional
get
/api/v2/scim/v2/Users

hashtag
Create a new user

post

Creates a new user in the system using SCIM 2.0 format.

hashtag
SCIM 2.0 Compliance

This endpoint follows the SCIM 2.0 specification for creating resources.

hashtag
Required Fields

  • schemas - Must include "urn:ietf:params:scim:schemas:core:2.0:User"

  • name.givenName - User's first name

  • name.familyName - User's last name

  • emails - At least one email with primary set to true

hashtag
Supported Roles

  • administrator - Full admin access

  • powerUser - Power user access

  • user - Standard user access (default)

  • auditor - Auditor access

  • securityManager - Security manager access

  • guest - Guest access

hashtag
Important Notes!

  • If the user already exists, the endpoint will return the existing user (200 status)

  • If no role is provided, the user will be assigned the "user" role by default

  • The userName is set to the user's email address

Authorizations
AuthorizationstringRequired

API authentication using Bearer tokens. Include your API token in the Authorization header: Authorization: Bearer <your-api-token>

Tokens can be obtained from the Opsera platform's API token management interface.

Body
schemasstring[]RequiredExample: ["urn:ietf:params:scim:schemas:core:2.0:User"]
idstringOptional

Unique identifier for the user

externalIdstringOptional

External identifier

userNamestringRequired

User email address

displayNamestringOptional

Display name

activebooleanOptional

User active status

Responses
chevron-right
200

User already exists, returning existing user

application/scim+json
schemasstring[]RequiredExample: ["urn:ietf:params:scim:schemas:core:2.0:User"]
idstringOptional

Unique identifier for the user

externalIdstringOptional

External identifier

userNamestringRequired

User email address

displayNamestringOptional

Display name

activebooleanOptional

User active status

post
/api/v2/scim/v2/Users

hashtag
Get a user by ID

get

Retrieves a specific user by their unique identifier in SCIM 2.0 format.

hashtag
SCIM 2.0 Compliance

This endpoint follows the SCIM 2.0 specification for retrieving a single resource.

Authorizations
AuthorizationstringRequired

API authentication using Bearer tokens. Include your API token in the Authorization header: Authorization: Bearer <your-api-token>

Tokens can be obtained from the Opsera platform's API token management interface.

Path parameters
userIdstringRequired

The unique identifier of the user

Example: 64d7c869b5760b001e46c1a2
Responses
chevron-right
200

Successfully retrieved user

application/scim+json
schemasstring[]RequiredExample: ["urn:ietf:params:scim:schemas:core:2.0:User"]
idstringOptional

Unique identifier for the user

externalIdstringOptional

External identifier

userNamestringRequired

User email address

displayNamestringOptional

Display name

activebooleanOptional

User active status

get
/api/v2/scim/v2/Users/{userId}

hashtag
Replace a user

put

Replaces all attributes of a user with the provided values using SCIM 2.0 format.

hashtag
SCIM 2.0 Compliance

This endpoint follows the SCIM 2.0 specification for replacing a resource.

hashtag
Supported Updates

  • active - Activate or deactivate the user

  • roles - Update user roles

hashtag
Important Notes!

  • Email and username cannot be changed

  • The _id and email fields from the existing user are preserved

  • Setting active to false will deactivate the user

Authorizations
AuthorizationstringRequired

API authentication using Bearer tokens. Include your API token in the Authorization header: Authorization: Bearer <your-api-token>

Tokens can be obtained from the Opsera platform's API token management interface.

Path parameters
userIdstringRequired

The unique identifier of the user to update

Example: 64d7c869b5760b001e46c1a2
Body
schemasstring[]RequiredExample: ["urn:ietf:params:scim:schemas:core:2.0:User"]
idstringOptional

Unique identifier for the user

externalIdstringOptional

External identifier

userNamestringRequired

User email address

displayNamestringOptional

Display name

activebooleanOptional

User active status

Responses
chevron-right
200

User updated successfully

application/scim+json
schemasstring[]RequiredExample: ["urn:ietf:params:scim:schemas:core:2.0:User"]
idstringOptional

Unique identifier for the user

externalIdstringOptional

External identifier

userNamestringRequired

User email address

displayNamestringOptional

Display name

activebooleanOptional

User active status

put
/api/v2/scim/v2/Users/{userId}

hashtag
Delete (deactivate) a user

delete

Deactivates a user in the system. In Opsera, users are soft-deleted (deactivated) rather than permanently removed.

hashtag
SCIM 2.0 Compliance

This endpoint follows the SCIM 2.0 specification for deleting resources.

hashtag
Important Notes!

  • Users are deactivated, not permanently deleted

  • Deactivated users can be reactivated via PATCH or POST operations

  • Returns 204 No Content on successful deletion

Authorizations
AuthorizationstringRequired

API authentication using Bearer tokens. Include your API token in the Authorization header: Authorization: Bearer <your-api-token>

Tokens can be obtained from the Opsera platform's API token management interface.

Path parameters
userIdstringRequired

The unique identifier of the user to delete

Example: 64d7c869b5760b001e46c1a2
Responses
delete
/api/v2/scim/v2/Users/{userId}
No content

hashtag
Partially update a user

patch

Partially updates a user using SCIM 2.0 PATCH operations.

hashtag
SCIM 2.0 Compliance

This endpoint follows the SCIM 2.0 specification for patching resources.

hashtag
Supported Operations

  • add - Add a value to an attribute

  • replace - Replace the value of an attribute

  • remove - Remove a value from an attribute

hashtag
Supported Paths

  • active - Update user active status (activate/deactivate)

  • roles - Update user roles

  • roles[primary eq "true"].value - Update primary role

hashtag
Important Notes!

  • Email and username cannot be changed via PATCH

  • Setting active to false will deactivate the user

  • Setting active to true will reactivate a deactivated user

Authorizations
AuthorizationstringRequired

API authentication using Bearer tokens. Include your API token in the Authorization header: Authorization: Bearer <your-api-token>

Tokens can be obtained from the Opsera platform's API token management interface.

Path parameters
userIdstringRequired

The unique identifier of the user

Example: 64d7c869b5760b001e46c1a2
Body
schemasstring[]RequiredExample: ["urn:ietf:params:scim:api:messages:2.0:PatchOp"]
Responses
chevron-right
200

User updated successfully

application/scim+json
schemasstring[]RequiredExample: ["urn:ietf:params:scim:schemas:core:2.0:User"]
idstringOptional

Unique identifier for the user

externalIdstringOptional

External identifier

userNamestringRequired

User email address

displayNamestringOptional

Display name

activebooleanOptional

User active status

patch
/api/v2/scim/v2/Users/{userId}

hashtag
Search users

post

Searches for users using SCIM 2.0 POST-based search with filter support.

hashtag
SCIM 2.0 Compliance

This endpoint follows the SCIM 2.0 specification for searching resources via POST.

hashtag
Supported Filters

hashtag
Important Notes!

  • Request body cannot be empty

  • Use this endpoint for complex searches that may exceed URL length limits

  • Pagination uses 1-based indexing per SCIM specification

Authorizations
AuthorizationstringRequired

API authentication using Bearer tokens. Include your API token in the Authorization header: Authorization: Bearer <your-api-token>

Tokens can be obtained from the Opsera platform's API token management interface.

Body
filterstringOptional

SCIM filter expression

Example: userName eq "[email protected]"
startIndexinteger · min: 1Optional

1-based index of the first result

Default: 1
countinteger · min: 1Optional

Number of results per page

Default: 100
Responses
chevron-right
200

Successfully retrieved search results

application/scim+json
schemasstring[]OptionalExample: ["urn:ietf:params:scim:api:messages:2.0:ListResponse"]
totalResultsintegerOptional

Total number of results

startIndexintegerOptional

Starting index of results

itemsPerPageintegerOptional

Number of items per page

Resourcesobject[]Optional
post
/api/v2/scim/v2/Users/.search
PreviousLineajeNextSCIM2 Groups

Last updated