Skip to main content

Updates an existing User.​

The endpoint used to update a User resource. There are attributes marked as 'returned only by request', such as roles, which must be provided as part of the attributes query parameter in order to be included in the response.

In order for Lifecycle Events to have access to previous Identity values, a new IdentityArchive object is created and saved to the database. This feature is turned on by default and could have an impact on the overall performance of the SCIM update. It is not expected for the impact of this change to be noticeable, but in cases where it is, and when configured Lifecycle Events are not dependent on the previous Identity attributes, the creation of the IdentityArchive object during a SCIM update is configurable. By default, the IdentityArchive creation during a SCIM update is enabled. To disable the creation of the IdentityArchive object during SCIM updates, the following attribute can be set on the SystemConfiguration object:

<entry key="scimTriggerSnapshots" value="false">

Path Parameters
  • userId string required

    The id of User resource. If lookupByName is set to true, this path parameter should be set to the userName of the User.

Query Parameters
  • attributes string

    A comma-separated list of attributes to return in the response. This query parameter supersedes excludedAttributes, so providing the same attribute(s) to both will result in the attribute(s) being returned.

  • excludedAttributes string

    A comma-separated list of attributes to exclude from the response. Some attributes cannot be excluded.

  • lookupByName boolean

    A boolean value that determines if the User resource will be looked up by userName instead of userId (value in path parameter 'userId'). Setting this query parameter to true will cause the value pulled from the 'userId' path parameter to be treated as a userName when searching for the resource.

    Example: scim/v2/Users/Mock.User?lookupByName=true

Request Body required
  • userName string required

    Unique identifier for the User. Typically used to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the entire set of Users. This attribute cannot be changed.

  • name

    The components of the User’s real name. Providers may return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.

  • formatted string

    The full name, including all middle names, titles, and suffixes as appropriate, formatted for display.

  • familyName string

    The family name of the User, or Last Name in most Western languages

  • givenName string

    The given name of the User, or First Name in most Western languages

  • displayName string

    The name of the User, suitable for display to end-users. The name should be the full name of the User being described.

  • userType string

    The type of the User, identifying the relationship between the organization and the User.

  • active boolean

    A Boolean value indicating the User’s administrative status.

  • password string

    The User's case-sensitive cleartext password. This attribute is intended to be used as a means to specify an initial password when creating a new User or to reset an existing User's password. This attribute will never be returned in a response.

  • emails undefined[]

    Email addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g., bjensen@example.com instead of bjensen@EXAMPLE.COM. Canonical Type values of work, home, and other.

  • type string

    Type of email address (work, home, other).

  • value email

    Canonicalized email address.

  • primary boolean

    A Boolean value indicating the primary e-mail address. The primary attribute value 'true' MUST appear no more than once.

  • urn:ietf:params:scim:schemas:sailpoint:1.0:User
  • capabilities string[]

    Capabilities assigned to this User.

  • administrator

    The Administrator of the RPA or Service Account. This attribute is only applicable if the User type is RPA/Bots or Service.

  • displayName string

    The display name of the Administrator of RPA user or Service account.

  • value string

    The id of the SCIM resource representing the Administrator of RPA user or Service account.

  • $ref string

    The URI of the SCIM resource representing the Administrator of RPA user or Service Account.

  • softwareVersion string

    The software version of the RPA/Bots.

  • empId string

    Employee id associated with this User.

  • dn string

    Distinguished name for this User.

  • region string

    The region this User is assigned to.

  • regionOwner

    The User who owns the region that this resource (User) belongs to.

  • displayName string

    Display name of the region owner.

  • value string

    The id of the region owner.

  • $ref string

    URI reference of the region owner resource.

  • location string

    The location this User is assigned to.

  • locationOwner object

    The User who owns the location that this resource (User) belongs to.

  • displayName string

    Display name of the location owner.

  • value string

    The id of the location owner.

  • $ref string

    URI reference to the location owner resource.

  • Department string

    Department this User is assigned to.

  • costcenter string[]

    Cost centers this User is associated with.

  • jobtitle string

    Job title given to this User.

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

    Enterprise User Schema. Contains the manager of the User.

  • manager

    Manager of the user.

  • displayName string

    Display name of the manager.

  • value string

    The id of the manager.

  • $ref string

    Reference to the manager resource.

Responses

Updates an existing User and returns that User.

Schema
  • id string

    IdentityIQ id of the User.

  • userName string

    Unique identifier for the User. Typically used to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the entire set of Users. Cannot be changed.

  • name

    The components of the User’s real name. Providers may return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both. If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.

  • formatted string

    The full name, including all middle names, titles, and suffixes as appropriate, formatted for display.

  • familyName string

    The family name of the User, or Last Name in most Western languages

  • givenName string

    The given name of the User, or First Name in most Western languages

  • displayName string

    The name of the User, suitable for display to end-users. The name should be the full name of the User being described.

  • userType string

    The type of the User, identifying the relationship between the organization and the User.

  • active boolean

    A Boolean value indicating the User’s administrative status.

  • emails undefined[]

    Email addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g., bjensen@example.com instead of bjensen@EXAMPLE.COM. Canonical Type values of work, home, and other.

  • type string

    Type of email address (work, home, other).

  • value email

    Canonicalized email address.

  • primary boolean

    A Boolean value indicating the primary e-mail address. The primary attribute value 'true' MUST appear no more than once.

  • urn:ietf:params:scim:schemas:sailpoint:1.0:User object

    Additional attributes of the User.

  • accounts undefined[]

    Simple representation of the Account (or Link) ResourceType.

  • displayName string

    The display name of the Account.

  • value string

    The id of the SCIM resource representing the Account.

  • $ref string

    The URI of the SCIM resource representing the Account.

  • entitlements undefined[]

    Entitlements of the User. Returned in response only if requested using the 'attributes' query parameter.

  • value string

    The value of the Entitlement.

  • display string

    The display name of the Entitlement.

  • type string

    The type of Entitlement (Entitlement, Permission, etc.).

  • application string

    The name of the Application this Entitlement applies to.

  • accountName string

    The account this Entitlement was sourced from.

  • $ref string

    The URI of the SCIM resource representing the Entitlement.

  • roles undefined[]

    Roles of the User. Returned only if requested. Returned in response only if requested using the 'attributes' query parameter.

  • value string

    The value of the Role.

  • display string

    The display name of the Role.

  • type string

    The type of Role (IT, Business, etc.).

  • acquired string

    Indicates how this Role was acquired. Assigned or Detected.

  • application string

    The name of the Application where this Role came from.

  • accountName string

    The name of the Account this Role was sourced from.

  • $ref string

    The URI of the SCIM resource representing the Role.

  • capabilities string[]

    Capabilities assigned to this User.

  • riskScore integer

    Composite Risk Score of this User.

  • isManager boolean

    A Boolean value that determines if this User is a manager.

  • administrator

    The Administrator of the RPA or Service Account. This attribute is only applicable if the User type is RPA/Bots or Service.

  • displayName string

    The display name of the Administrator of RPA user or Service account.

  • value string

    The id of the SCIM resource representing the Administrator of RPA user or Service account.

  • $ref string

    The URI of the SCIM resource representing the Administrator of RPA user or Service Account.

  • softwareVersion string

    The software version of the RPA/Bots.

  • empId string

    Employee id associated with this User.

  • dn string

    Distinguished name for this User.

  • region string

    The region this User is assigned to.

  • regionOwner

    The User who owns the region that this resource (User) belongs to.

  • displayName string

    Display name of the region owner.

  • value string

    The id of the region owner.

  • $ref string

    URI reference of the region owner resource.

  • location string

    The location this User is assigned to.

  • locationOwner object

    The User who owns the location that this resource (User) belongs to.

  • displayName string

    Display name of the location owner.

  • value string

    The id of the location owner.

  • $ref string

    URI reference to the location owner resource.

  • Department string

    Department this User is assigned to.

  • costcenter string[]

    Cost centers this User is associated with.

  • jobtitle string

    Job title given to this User.

  • lastRefresh date-time

    Datetime representation of the last refresh for this User.

  • urn:ietf:params:scim:schemas:extension:enterprise:2.0:User

    Enterprise User Schema. Contains the manager of the User.

  • manager

    Manager of the User.

  • displayName string

    Display name of the User's manager.

  • value string

    The id of the SCIM resource representing the User’s manager.

  • $ref string

    The URI of the SCIM resource representing the User’s manager.

  • meta

    Metadata of the resource.

  • created date-time

    Datetime this resource was created.

  • location string

    The location of the resource.

  • lastModified date-time

    Datetime the resource was last modified.

  • version string

    The version of the resource.

  • resourceType string

    The SCIM resource type.

  • schemas string[]

    The schemas involved in the SCIM resource.

Loading...