SCIM Users
The SCIM Users API is a tool to help you manage users in the BigPanda system, enabling you to bulk manage even large and complex userbases. SCIM specifications allow you to leverage an existing Lightweight Directory Access Protocol (LDAP), external directories, or SSO integrations.
SCIM
The SCIM Users API is based on the open standard System for Cross-domain Identity Management (SCIM): Protocol 1.1. SCIM is an open standard used for automating the exchange of user identity information between identity domains or IT systems. Its purpose is to facilitate and ease the management of user identities in cloud based applications. BigPanda uses JSON-based formats for SCIM.
Relevant Permissions
Roles with the following permission can use the SCIM Users API:
Permission | Description |
|---|---|
User Management | View, add, edit and delete Users in BigPanda Settings and the SCIM Users API. |
Permission access levels can be adjusted by selecting either View or Full Access. To learn more about how BigPanda's permissions work, see the Roles Management guide.
Authentication
All BigPanda APIs require Bearer Token Authorization in the call headers.
This API uses the User API Key type of Authorization token.
Rate limitations
To maintain quality of service, the SCIM Users API is limited to 2 requests per route, per second.
Additional requests will return a 429 response code and the request will need to be retried.
Service Provider Config Object
API Endpoint | https://api.bigpanda.io/resources/v2.0/scim/ServiceProviderConfigs |
Supported Methods |
|
Parameters
The Service Provider Configuration object schema includes the following attributes.
Attribute | Description | Type |
|---|---|---|
schemas | Array of the ids of the schemas available through the Service Provider Configuration | Array |
id | Unique identifier of the schema | String |
patch | Determines whether users are able to send patch calls | Boolean |
bulk | Bulk and return operations settings Attributes: supported - Determines whether bulk returns are available during SCIM API calls maxOperations - The maximum number of users that can be returned per bulk API calls maxPayloadSize - The character limit for bulk API call returns | Object |
filter | Bulk and return operations settings Attributes: supported - Determines whether users are able to use a filter on GET calls maxResults - The maximum number of users that can be returned per API call | Object |
changePassword | Password change settings Attributes: supported - Determines whether a patch call can be sent to update a user’s password field. | Object |
sort | Sort settings Attributes: supported - Determines whether users are able to change the order results are listed in | Object |
etag | Etag support settings Attributes: supported - Determines whether users are able to use the etag feature. | Object |
authenticationSchemas | Array of the authentication schemas that will be accepted by SCIM API calls Attributes: type - What type of authentication token the authentication uses name - The name of the authentication schema as set by IETF standard description - The description of the authentication schema as set by IETF standard specUrl - The URL link to specifications for the authentication primary - Determines whether this is the default authentication type for SCIM calls | Array of Objects |
xmlDataFormat | xml format support options Attributes: supported - Determines whether SCIM user data can be sent in an xml file | Object |
Sample Object:
```A Sample Service Provider Config
{
"schemas": [
"urn:scim:schemas:core:1.0"
],
"id": "urn:scim:schemas:core:1.0",
"patch": {
"supported": true
},
"bulk": {
"supported": false,
"maxOperations": 10000,
"maxPayloadSize": 10000000
},
"filter": {
"supported": true,
"maxResults": 1000
},
"changePassword": {
"supported": false
},
"sort": {
"supported": true
},
"etag": {
"supported": false
},
"authenticationSchemes": [
{
"type": "oauthbearertoken",
"name": "OAuth Bearer Token",
"description": "Authentication Scheme using the OAuth Bearer Token Standard",
"specUrl": "http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-01",
"primary": true
}
],
"xmlDataFormat": {
"supported": false
}
}
```User Object
API Endpoint |
|
Supported Methods |
|
Parameters
The Users object schema includes the following attributes.
Attribute | Description | Type |
|---|---|---|
id | Unique identifier for the SCIM Resource as defined by the Service Provider | String |
userName | Unique identifier for the User, typically used by the user to directly authenticate to BigPanda | String |
displayName | The name of the user as displayed in the BigPanda UI | String |
meta | Tags containing metadata about the user account. Attributes: created - The DateTime ( ISO 8601) the resource was added to the Service Provider location - The URI of the resource being returned | Object |
active | Indicates if the user's administrative status is active and can authenticate to BigPanda. | Boolean |
password | The user's initial clear text password. This attribute is used to specify an initial password when creating a new User. This value will never be returned by a Service Provider in any form | String |
phoneNumbers | The user’s phone number. BigPanda supports only 1 phone number per user Attributes: value - the string with the phone number type - what type of number. Options are: work, home, other | Object |
roles | A list of BigPanda roles assigned to the user | Array of Strings |
Sample Object:
```A Sample User Object
{
"id": "5f82d3495558352a180e51cb",
"userName": "[email protected]",
"displayName": "Stella R",
"active": true,
"meta": {
"created": "2020-10-11T09:41:29.372Z",
"location": "https://api.bigpanda.io/resources/v2.0/scim/Users/5f82d3495558352a180e51cb"
},
"schemas": [
"urn:scim:schemas:core:1.0"
],
"roles": [
"admin",
"user"
],
"phoneNumbers": [
{
"value": "+555-634-5375",
"type": "other"
}
]
}
```