Hanzo
PlatformHanzo IAMSCIM

Overview

Provision and manage users in Hanzo IAM via the SCIM 2.0 API.

SCIM is an HTTP-based standard for provisioning and managing identity data. Hanzo IAM can act as a SCIM service provider so external systems can create, read, update, and delete users via SCIM.

Supported resources

Hanzo IAM currently supports the User resource only. You manage users with these endpoints:

EndpointMethodDescription
/scim/ServiceProviderConfigGETSupported SCIM features and resources
/scim/SchemasGETService provider schemas
/scim/ResourceTypesGETResource type metadata
/scim/Users/:idGETGet user by id
/scim/UsersGETList users (query params: startIndex, count)
/scim/UsersPOSTCreate user
/scim/Users/:idPUTReplace user
/scim/Users/:idPATCHPartial update
/scim/Users/:idDELETEDelete user

See RFC 7644 for the full SCIM spec.

User attribute mapping

SCIM User attributes map to Hanzo IAM User fields as follows:

User Resource Schema (SCIM)User (Hanzo IAM)
idId
meta.createdCreatedTime
meta.lastModifiedUpdatedTime
meta.versionUpdatedTime
externalIdExternalId
userNameName
passwordPassword
displayNameDisplayName
profileUrlHomepage
userTypeType
name.givenNameFirstName
name.familyNameLastName
emails[0].valueEmail
phoneNumbers[0].valuePhone
photos[0].valueAvatar
addresses[0].localityLocation
addresses[0].regionRegion
addresses[0].countryCountryCode

Since Hanzo IAM use Organization to manage User, where each User belongs to a specific Organization, the organization attribute should be passed in Enterprise User Schema Extension (identified by the schema URI urn:ietf:params:scim:schemas:extension:enterprise:2.0:User). Here is a User Resource Schema SCIM representation in JSON format:

{
    "active": true,
    "addresses": [
        {
            "country": "CN",
            "locality": "Shanghai",
            "region": "CN"
        }
    ],
    "displayName": "Bob~",
    "emails": [
        {
            "value": "test1@iam.com"
        }
    ],
    "externalId": "1234123543234234",
    "id": "ceacbcb6-40d0-48f1-af23-0990232d570a",
    "meta": {
        "resourceType": "User",
        "created": "2023-10-08T23:51:55+08:00",
        "lastModified": "2023-10-12T20:38:49+08:00",
        "location": "Users/ceacbcb6-40d0-48f1-af23-0990232d570a",
        "version": "2023-10-12T20:38:49+08:00"
    },
    "name": {
        "familyName": "bob",
        "formatted": "alice bob",
        "givenName": "alice"
    },
    "nickName": "Bob~",
    "phoneNumbers": [
        {
            "value": "18700006475"
        }
    ],
    "photos": [
        {
            "value": "https://cdn.hanzo.ai/img/casbin.svg"
        }
    ],
    "profileUrl": "https://test.com/profile/built-in/scim_test_user2",
    "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:User",
        "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
    ],
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { // The enterprise User extension is identified using this schema URI
        "organization": "built-in" // This attribute MUST be passed
    },
    "userName": "scim_test_user2",
    "userType": "normal-user"
}

How is this guide?

Last updated on

Overview

Run Hanzo IAM as a RADIUS server for network access and accounting.

Webhooks

Send Hanzo IAM events to your application via HTTP webhooks for real-time integration.

On this page

Supported resources
User attribute mapping