Generic SCIM Endpoint - Update Group
The Update Group endpoint updates the requested role. Group patching is the most complex operation currently supported in the strongDM SCIM API.
Request
Endpoint
/provisioning/generic/v2/Groups/<ID>
HTTP method
PATCH
Path variables
Variable | Description | Required? | Notes | Example |
---|---|---|---|---|
ID | The Role ID | Required | Returns a 404 if the Role ID is not found | r-00001 |
Request body attributes
Attribute | Description | Notes | Example |
---|---|---|---|
Operations | An array of objects, including the op , path , and value subattributes. The value provided for op indicates what Patch operation will be performed. Possible values for value are id (User ID) and displayName (the new Role name). | Returns a 400 if the displayName provided is empty. Returns a 404 if User IDs are not found. Ignores the request if a User ID to be removed from the Role is not in the Role, or if a User ID to be removed from the Role does not match any Users. | {"op": "replace", "value": {"id": "r-274512e66171c631", "displayName": "newName"}} |
schemas | The schema URI for representing groups | Include the value as indicated in the example. | "urn:ietf:params:scim:api:messages:2.0:PatchOp" |
Potential Patch operations
- Add members to the Role:
{"op": "add", "path": "members", "value": [{"value":"a-0001","display":"myUser@example.test"}]}
- Update the Role's name:
{"op": "replace", "value": {"displayName: "newName"}}
- Replace the members assigned to the Role by removing all existing members and setting it to a new set of members:
{"op": "replace", "path": "members", "value": [{"value":"a-0001","display":"myUser@example.test"}]}
- Remove Role members by ID:
{"op": "remove", "path": "members[value eq "a-0001"]}
Response Codes
Code | Description |
---|---|
204 | The result of all Patch operations does not change the Role. |
400 | The request body does not match one of the example formats (in some cases, additional fields to those detailed may be allowed, but they will be ignored). A 400 can also mean a filter other than members[value eq "userID"] was provided to be removed from the Role. |
Example Requests and Responses
Example request and response to set a name
PATCH /provisioning/generic/v2/Groups/r-274512e66171c631
{"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations": [{"op": "replace","value": {"id": "r-274512e66171c631","displayName": "newName"}}]}
Response:
{"displayName": "newName","id": "r-274512e66171c631","members": [],"meta": { "resourceType": "Group", "location": "Groups/r-274512e66171c631" },"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"]}
Example request and response to set a member
PATCH /provisioning/generic/v2/Groups/r-3b084f5b6171c6ce
{"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations": [{"op": "replace","path": "members","value": [{"value": "a-1717153b6171c6ce","display": "userEmail@example.test"}]}]}
Response:
{"displayName": "RoleName","id": "r-3b084f5b6171c6ce","members": [{"display": "testhelper-U1UFN9YW@example.sdm","value": "a-1717153b6171c6ce"}],"meta": { "resourceType": "Group", "location": "Groups/r-3b084f5b6171c6ce" },"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"]}
Example request to remove a member
PATCH /provisioning/generic/v2/Groups/r-2792813a6171c916
{"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],"Operations": [{"op": "remove","path": "members[value eq \"a-4fa1a3466171c916\"]"}]}
Response:
{"displayName": "RoleName","id": "r-2792813a6171c916","members": [],"meta": { "resourceType": "Group", "location": "Groups/r-2792813a6171c916" },"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"]}