# SCIM group API reference
You can use the SCIM group API to access, create, and modify groups.
BastionXP uses SCIM to import groups from Okta, Azure AD and custom-built applications. The groups in these identity providers map one-to-one with BastionXP groups.
# HTTP Headers
- Authorization (Required):
Bearer <access_token> - Content-Type:
application/scim+json - Accept-Encoding:
utf-8 - Accept-Charset:
utf-8
# Group attributes
You can specify group (that is, a role) attributes in the body of the API requests as key-value pairs in JSON format. These pairs contain information about the group, such as the group’s display name. Identity providers can specify their own key names for each attribute.
BastionXP supports the following SCIM attributes for group lifecycle management. Attributes are writable unless otherwise noted.
| SCIM Group Attribute | BastionXP Group Attribute | Type | Description |
|---|---|---|---|
| id | id | String | The immutable, unique identifier (GUID) of the role in BastionXP. BastionXP does not return this value. |
| displayName | displayName | String | The text shown in the user interface when referring to the group. |
| members.value | N/A | String | The id of the user who is a member of the group. |
| schemas | N/A | String | An array of strings to indicate the namespace URIs. For example, urn:ietf:params:scim:schemas:core:2.0:Group. |
# Get details about a group by displayName
# Method and endpoint
GET /scim/v2/Groups?filter=displayName eq "{ { group_name } }"
# Description
Returns details about a group associated with the displayName query parameter.
Returns the HTTP response status code 200 if the HTTP request successfully completed.
Get details about a group by groupId
# Method and endpoint
GET /scim/v2/Groups/
# Description
Returns details about a group associated with the group_id path parameter.
Returns the HTTP response status code 200 if the HTTP request successfully completed.
# Create a group
# Method and endpoint
POST /scim/v2/Groups
# Description
Creates a new group in BastionXP.
Returns the HTTP response status code 201 if the HTTP request successfully completed.
# Examples
Create a group with the displayName set to scim_test_group2:
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
"displayName":"scim_test_group2"
}
# Update a group
# Method and endpoint
PATCH /scim/v2/Groups/{ { group_id } }
# Description
Updates the display name attribute or group membership of the group associated with the group_id path parameter.
You must set op to add or replace to perform this HTTP request.
Returns a 200 or 204 HTTP response status code if the HTTP request successfully completed. A 200 status code indicates the SCIM client is Okta.
# Examples
Update a group displayName, remove a member and add a member:
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [{
"op": "replace",
"value": { "displayName": "updated_name" }
},
{
"op" : "remove",
"path": "members[value eq \"user_id_1\"]"
},
{
"op": "add",
"value": [{ "value": "user_id_2" }]
}]
}
# Delete a group
# Method and endpoint
DELETE /scim/v2/Groups/{ { group_id } }
# Description
Deletes the group associated with the group_id path parameter.