{ "openapi": "3.0.0", "info": { "title": "User provisioning", "version": "1.0", "description": "Rest APIs" }, "x-atlassian-narrative": { "documents": [ { "title": "About the user provisioning REST API", "anchor": "about", "body": "Use this REST API to integrate your organization with an identity provider.\n\n The User provisioning REST API integrates your organization with an identity provider. Use this API to:\n - Create, get and update users\n - Create, get and update groups by ID\n - Get schemas and resources\n\n To manage accounts, use the [User management REST API](https://developer.atlassian.com/cloud/admin/user-management/rest/intro/).\n \n To manage your organization, use the [Organizations REST API](https://developer.atlassian.com/cloud/admin/organization/rest/intro/)." }, { "title": "Authentication and authorization", "anchor": "auth", "body": "### Directory Token Authentication\nTo manage users and groups using the User Provisioning APIs, you will require an API key (distinct from your Cloud admin API key). This unique key grants you full administrative control over your organization's directory, enabling you to create and update user attributes as well as modify user group memberships. To authenticate your script and administer your directory, utilize this API key as a Bearer access token.\n\nFurthermore, each directory is distinguished by a Unique ID, specifically the directoryId found after 'directory/' in the Directory's base URL. For instance, if the Directory base URL is https://api.atlassian.com/scim/directory/abcdeg1234, the directoryId is abcdeg1234.\n\nLearn more about [Configuring user provisioning](https://confluence.atlassian.com/x/_w2eOQ).\n\nTo make requests to the API with the client/tool of your choice, follow these steps to create an API key and obtain the directory ID\n\n1. Go to [admin.atlassian.com](https://admin.atlassian.com/) and select your organization.\n2. From the top menu, navigate to **Security**, and then select **Identity providers** from the left-hand panel.\n3. Choose the relevent Directory.\n4. Click the three dots menu located under the User Provisioning section (bottom right-hand side).\n5. Select **Regenerate API key**.\n6. Select **Regenerate key**.\n7. Copy the value of Directory base URL and the API key and keep them in a safe place. We won’t show them to you again.\n8. Click **Done** to end the process.\n\n### Organization API Token Authentication\nTo access certain Admin APIs w/ relation to SCIM, you can use the Organization API token. [Create an api key and get the organization ID.](https://support.atlassian.com/organization-administration/docs/manage-an-organization-with-the-admin-apis/)\nNote that this is the same API key that's generated for the [Organizations REST API](https://developer.atlassian.com/cloud/admin/organization/rest/intro/)." }, { "title": "Version and URI", "anchor": "uri", "body": "### Group and User SCIM URI\nThis documentation is for version 1 of the user provisioning REST API. The URIs for resources \nhave the following structure:\n\n```\nhttps://api.atlassian.com/scim/\n```\n\n### Org API Token URI\n```\nhttps://api.atlassian.com/admin/user-provisioning/\n```" }, { "title": "Pagination", "anchor": "Pagination", "body": "The user provisioning REST API uses pagination to conserve server resources and\nlimit response size. If there are more results available after the current page, \na link to the next page of results is included in the JSON. You can use the `cursor` \nparameter to set a specific starting point for the results." }, { "title": "Status codes", "anchor": "status codes", "body": "We follow the standard HTTP status code definition.\nSee [W3C Status Code Definitions](https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html) \nfor the detailed code definitions." }, { "title": "Limitations", "anchor": "limitations", "body": "### User limitations\n\n* Deleting a managed user account via the user provisioning API is not supported. The DELETE operation\n deactivates the managed user account in Adminhub, which is the same as setting the `active` flag to `false`.\n* There is a 150,000 user limit per directory. This limit is enforced for compatibility with products\n that have an upper bound for total supported users. Also, you can only sync up to 35,000 users for each group. In case you want to sync upto 50,000 users per group, [contact support](https://support.atlassian.com/contact/)\n\n### Group limitations\n\n**Note:** If you have the [improved user management experience](https://confluence.atlassian.com/x/_w2eOQ), any references in the documentation below to “your site” or “your organization’s sites” are now “your organization”.\n\n* When you create a group that has the same name as an existing group in the organization, the \n group creation fails with a 409 (conflict) error.\n* You cannot create a group with same name as default access group or Atlassian built-in groups. \n In case you'll try to do this, you'll see a success message in the API response but the group will not be synced to your site. For more information about default and Atlassian built-in group refer [Default groups and permissions](https://support.atlassian.com/user-management/docs/default-groups-and-permissions/)\n* Changing group names isn't supported. Renaming groups after they've synced to your Atlassian \n organization isn't supported in this release of User Provisioning API. This is because some \n parts of the products rely on group names and changing the group name would result in users \n not being able to interact with the products correctly. To rename a group, create a new group \n with the desired name, update membership, and then delete the old group.\n\n### Authorization limitations\n\n* You can only view and store the Access Token (API key) during directory creation. If you\n lose your token, you can regenerate a new one. See \n [Authentication and authorization](/cloud/admin/user-provisioning/rest/intro/#auth)" } ] }, "security": [ { "clientCredentialsAuth": [] } ], "tags": [ { "name": "Users", "description": "The following user attributes can be updated through the user provisioning API.\n\n| User profile field | SCIM field | Attribute type | Required |\n|--------------------|-------------------|----------------|----------|\n| Display name | displayName | Singular | false |\n| Email address | emails | Multi-Valued | true |\n| Organization | organization | Singular | false |\n| Job title | title | Singular | false |\n| Timezone | timezone | Singular | false |\n| Department | department | Singular | false |\n| Preferred language | preferredLanguage | Singular | false |\n" }, { "name": "Groups" }, { "name": "Schemas" }, { "name": "Service Provider Configuration" }, { "name": "Admin APIs", "description": "These sets of APIs will require the organization API token rather than the SCIM directory token." } ], "paths": { "/scim/directory/{directoryId}/Groups/{id}": { "get": { "tags": [ "Groups" ], "summary": "Get a group by ID", "description": "Gets the details of a group based on the id.", "operationId": "get", "parameters": [ { "name": "directoryId", "in": "path", "description": "Your directory is identified by a Unique ID. You get your directory ID and API key simultaneously.", "required": true, "schema": { "type": "string" } }, { "name": "id", "in": "path", "description": "Unique SCIM id that serves as reference to the group. Use the [Get groups API](https://developer.atlassian.com/cloud/admin/user-provisioning/rest/api-group-groups/#api-scim-directory-directoryid-groups-get) to get the SCIM id.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "Group details has been returned successfully.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimGroup" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimGroup" } } } }, "401": { "description": "Missing authorization header.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "403": { "description": "You are not authorized to call the API.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "404": { "description": "The directory or group does not exist.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "500": { "description": "Internal error. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "503": { "description": "Service unavailable. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } } } }, "put": { "tags": [ "Groups" ], "summary": "Update a group by ID", "description": "Updates the details of a group with its unique ID.", "operationId": "put", "parameters": [ { "name": "directoryId", "in": "path", "description": "Your directory is identified by a Unique ID. You get your directory ID and API key simultaneously.", "required": true, "schema": { "type": "string" } }, { "name": "id", "in": "path", "description": "Unique SCIM id that serves as reference to the group. Use the [Get groups API] (https://developer.atlassian.com/cloud/admin/user-provisioning/rest/api-group-groups/#api-scim-directory-directoryid-groups-get) to get the SCIM id.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "$ref": "#/components/requestBodies/ScimGroup" }, "responses": { "200": { "description": "Group has been updated successfully.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimGroup" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimGroup" } } } }, "400": { "description": "Bad request, the users referenced do not exist.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/BadRequestException" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/BadRequestException" } } } }, "401": { "description": "Missing authorization header.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "403": { "description": "You are not authorized to call the API.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "404": { "description": "The directory or group does not exist.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "500": { "description": "Internal error. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "503": { "description": "Service unavailable. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } } } }, "delete": { "tags": [ "Groups" ], "summary": "Delete a group by ID", "description": "Deletes a group to remove the group from the organization's directory.\n \n **Note**: An attempt to delete a non-existent group will fail with a 404 (Resource Not found) error.\n\n **Note**: Deleting a synced group from your identity provider will delete the group from your organization's directory and associated sites. \n 1. If this group is used for allocating product license (granting role in a product), then members of this group may lose access to corresponding product after group deletion. \n 2. If this group is used to grant permissions in product, then members of this group may lose their permissions in the corresponding product. ", "operationId": "DeleteAGroup", "parameters": [ { "name": "directoryId", "in": "path", "description": "Your directory is identified by a Unique ID. You get your directory ID and API key simultaneously.", "required": true, "schema": { "type": "string" } }, { "name": "id", "in": "path", "description": "Unique SCIM id that serves as reference to the group. Use the [Get groups API](https://developer.atlassian.com/cloud/admin/user-provisioning/rest/api-group-groups/#api-scim-directory-directoryid-groups-get) to get the SCIM id.", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "Group has been deleted successfully." }, "400": { "description": "Caller has provided an invalid request.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "401": { "description": "Missing authorization header.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "403": { "description": "You are not authorized to call API.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "404": { "description": "Group does not exist.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "500": { "description": "Internal error. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "503": { "description": "Service unavailable. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } } } }, "patch": { "tags": [ "Groups" ], "summary": "Update a group by ID (PATCH)", "description": "Updates a group's information in the directory and manages group membership.\n\n**Note:** Renaming groups after they've synced to your Atlassian organization isn't supported in this \nrelease of User Provisioning API. To rename a group, create a new group with the desired \nname, update membership, and then delete the old group.\n\n#### Example\n\nSome HTTP headers omitted and JSON payloads formatted for readability.\n\n```\n# Request\nPATCH /scim/directory/2fb21891-7bee-4c2d-a61a-ade3834c8b2b/Groups/50202593-bc47-45df-8fa0-3f63343aa3c1 HTTP/1.1\nAccept: application/scim+json\nAccept-Charset: utf-8\nContent-Type: application/scim+json; charset=utf-8\nAuthorization: Bearer 0j6lDgrjU7HmGagocgLe\nHost: api.atlassian.com\n\n{\n \"schemas\":[\n \"urn:ietf:params:scim:api:messages:2.0:PatchOp\"\n ],\n \"Operations\":[\n {\n \"op\":\"add\",\n \"path\":\"members\",\n \"value\":[\n {\n \"value\":\"c6993c94-dbda-40f1-b6f0-18c855522ade\",\n \"display\":\"dave.meyer@demotime.authteam.com\"\n },\n {\n \"value\":\"f0ae48f7-1466-445e-85ea-e83ef754aefd\",\n \"display\":\"lingbo.lu@demotime.authteam.com\"\n },\n {\n \"value\":\"432d6f10-2e28-454e-be99-0f8c732a046f\",\n \"display\":\"joanna@demotime.authteam.com\"\n }\n ]\n }\n ]\n}\n\n# Response\nHTTP/1.1 200\nContent-Type: application/scim+json\n\n{\n \"schemas\":[\n \"urn:ietf:params:scim:schemas:core:2.0:Group\"\n ],\n \"id\":\"50202593-bc47-45df-8fa0-3f63343aa3c1\",\n \"displayName\":\"demotime-confluence-users\",\n \"members\":[\n {\n \"type\":\"User\",\n \"value\":\"f0ae48f7-1466-445e-85ea-e83ef754aefd\",\n \"display\":\"lingbo.lu@demotime.authteam.com\",\n \"$ref\":\"https://api.atlassian.com/scim/directory/2fb21891-7bee-4c2d-a61a-ade3834c8b2b/Users/f0ae48f7-1466-445e-85ea-e83ef754aefd\"\n },\n {\n \"type\":\"User\",\n \"value\":\"c6993c94-dbda-40f1-b6f0-18c855522ade\",\n \"display\":\"dave.meyer@demotime.authteam.com\",\n \"$ref\":\"https://api.atlassian.com/scim/directory/2fb21891-7bee-4c2d-a61a-ade3834c8b2b/Users/c6993c94-dbda-40f1-b6f0-18c855522ade\"\n },\n {\n \"type\":\"User\",\n \"value\":\"432d6f10-2e28-454e-be99-0f8c732a046f\",\n \"display\":\"joanna@demotime.authteam.com\",\n \"$ref\":\"https://api.atlassian.com/scim/directory/2fb21891-7bee-4c2d-a61a-ade3834c8b2b/Users/432d6f10-2e28-454e-be99-0f8c732a046f\"\n }\n ],\n \"meta\":{\n \"resourceType\":\"Group\",\n \"location\":\"https://api.atlassian.com/scim/directory/2fb21891-7bee-4c2d-a61a-ade3834c8b2b/Groups/50202593-bc47-45df-8fa0-3f63343aa3c1\",\n \"lastModified\":\"2018-09-26T17:49:09.420654Z\",\n \"created\":\"2018-09-26T17:41:35.49073Z\"\n }\n}\n```", "operationId": "patch", "parameters": [ { "name": "directoryId", "in": "path", "description": "Your directory is identified by a Unique ID. You get your directory ID and API key simultaneously.", "required": true, "schema": { "type": "string" } }, { "name": "id", "in": "path", "description": "Unique SCIM id that serves as reference to the group. Use the [Get groups API](https://developer.atlassian.com/cloud/admin/user-provisioning/rest/api-group-groups/#api-scim-directory-directoryid-groups-get) to get the SCIM id.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RequestPayloadToPatch" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/RequestPayloadToPatch" } } }, "required": true }, "responses": { "200": { "description": "Group has been updated successfully.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimGroup" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimGroup" } } } }, "400": { "description": "Invalid payload.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "401": { "description": "Missing authorization header.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "403": { "description": "You are not authorized to call the API.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "404": { "description": "The directory, group, or user does not exist.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "500": { "description": "Internal error. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "503": { "description": "Service unavailable. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } } } } }, "/scim/directory/{directoryId}/Groups": { "get": { "tags": [ "Groups" ], "summary": "Get groups", "description": "Get groups from the directory. Filter the groups by name supported with a single exact match (`eq`) against the `displayName` attribute. \n\n**Note**: While this API enables pagination, sorting functionality is not supported.\n", "operationId": "getAllGroupsFromAnActiveDirectory", "parameters": [ { "name": "directoryId", "in": "path", "description": "Your directory is identified by a Unique ID. You get your directory ID and API key simultaneously.", "required": true, "schema": { "type": "string" } }, { "name": "filter", "in": "query", "description": "Filter for `displayName`. Example: `displayName eq \"SCIM_GROUP\"`", "required": false, "schema": { "type": "string" } }, { "name": "startIndex", "in": "query", "description": "A 1-based index of the first query result.", "required": false, "schema": { "type": "integer", "format": "int32", "default": 1 } }, { "name": "count", "in": "query", "description": "Desired maximum number of query results in the list response page.", "required": false, "schema": { "type": "integer", "format": "int32" } } ], "responses": { "200": { "description": "Groups have been returned successfully.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimGroupListResponse" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimGroupListResponse" } } } }, "400": { "description": "Caller has provided an invalid filter", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "401": { "description": "Missing authorization header.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "403": { "description": "You are not authorized to call the API.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "404": { "description": "Directory does not exist.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "500": { "description": "Internal error. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "503": { "description": "Service unavailable. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } } } }, "post": { "tags": [ "Groups" ], "summary": "Create a group", "description": "Creates a read-only group in the organization's directory. You can only edit groups from your identity provider. \n\n**Note:** An attempt to create a group with an existing name will fail with a 409 (Conflict) error.\n", "operationId": "createAGroupInActiveDirectory", "parameters": [ { "name": "directoryId", "in": "path", "description": "Your directory is identified by a Unique ID. You get your directory ID and API key simultaneously.", "required": true, "schema": { "type": "string" } } ], "requestBody": { "$ref": "#/components/requestBodies/ScimGroup" }, "responses": { "201": { "description": "Group has been created successfully.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimGroup" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimGroup" } } } }, "400": { "description": "Caller has provided an invalid payload for creation request.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "401": { "description": "Missing authorization header.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "403": { "description": "You are not authorized to call the API.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "404": { "description": "The directory does not exist.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "409": { "description": "A group with same name already exists.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "500": { "description": "Internal error. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "503": { "description": "Service unavailable. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } } } } }, "/scim/directory/{directoryId}/Schemas": { "get": { "tags": [ "Schemas" ], "summary": "Get all schemas", "description": "Get all SCIM features metadata of your organization. \n\n**Note:** This API does not support filtering, pagination, or sorting.\n", "operationId": "getSchemas", "parameters": [ { "name": "directoryId", "in": "path", "description": "Your directory is identified by a Unique ID. You get your directory ID and API key simultaneously.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "SCIM features metadata has been returned successfully.", "content": { "application/json": { "schema": { "type": "string" } }, "application/scim+json": { "schema": { "type": "string" } } } }, "401": { "description": "Missing authorization header.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "403": { "description": "You are not authorized to call the API.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "404": { "description": "Directory does not exist.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "500": { "description": "Internal error. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "503": { "description": "Service unavailable. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } } } } }, "/scim/directory/{directoryId}/ResourceTypes": { "get": { "tags": [ "Service Provider Configuration" ], "summary": "Get resource types", "description": "Get different types of resources available on a SCIM service provider (e.g., Users and Groups). \n**Note:** This API does not support filtering, pagination, or sorting.\n", "operationId": "getResourceTypes", "parameters": [ { "name": "directoryId", "in": "path", "description": "Your directory is identified by a Unique ID. You get your directory ID and API key simultaneously.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "SCIM features metadata has been returned successfully.", "content": { "application/json": { "schema": { "type": "string" } }, "application/scim+json": { "schema": { "type": "string" } } } }, "401": { "description": "Missing authorization header.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "403": { "description": "You are not authorized to call the API.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "404": { "description": "Directory does not exist.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "500": { "description": "Internal error. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "503": { "description": "Service unavailable. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } } } } }, "/scim/directory/{directoryId}/ResourceTypes/User": { "get": { "tags": [ "Service Provider Configuration" ], "summary": "Get user resource types", "description": "Retrieves user resource types from the SCIM service provider. \n\n**Note:** This API does not support filtering, pagination, or sorting.\n", "operationId": "getUserResourceType", "parameters": [ { "name": "directoryId", "in": "path", "description": "Your directory is identified by a Unique ID. You get your directory ID and API key simultaneously.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "SCIM features metadata has been returned successfully.", "content": { "application/json": { "schema": { "type": "string" } }, "application/scim+json": { "schema": { "type": "string" } } } }, "401": { "description": "Missing authorization header.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "403": { "description": "You are not authorized to call the API.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "404": { "description": "Directory does not exist.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "500": { "description": "Internal error. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "503": { "description": "Service unavailable. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } } } } }, "/scim/directory/{directoryId}/ResourceTypes/Group": { "get": { "tags": [ "Service Provider Configuration" ], "summary": "Get group resource types", "description": "Retrieves group resource type of this SCIM service provider. \n\n**Note:** This API does not support filtering, pagination, or sorting.\n", "operationId": "getGroupResourceType", "parameters": [ { "name": "directoryId", "in": "path", "description": "Your directory is identified by a Unique ID. You get your directory ID and API key simultaneously.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "SCIM features metadata has been returned successfully.", "content": { "application/json": { "schema": { "type": "string" } }, "application/scim+json": { "schema": { "type": "string" } } } }, "401": { "description": "Missing authorization header.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "403": { "description": "You are not authorized to call the API.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "404": { "description": "Directory does not exist.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "500": { "description": "Internal error. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "503": { "description": "Service unavailable. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } } } } }, "/scim/directory/{directoryId}/Schemas/urn:ietf:params:scim:schemas:core:2.0:User": { "get": { "tags": [ "Schemas" ], "summary": "Get user schemas", "description": "Get the user schemas from the SCIM provider. \n\n**Note:** This API does not support filtering, pagination, or sorting.\n", "operationId": "getUserSchemas", "parameters": [ { "name": "directoryId", "in": "path", "description": "Your directory is identified by a Unique ID. You get your directory ID and API key simultaneously.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "SCIM features metadata has been returned successfully.", "content": { "application/json": { "schema": { "type": "string" } }, "application/scim+json": { "schema": { "type": "string" } } } }, "401": { "description": "Missing authorization header.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "403": { "description": "You are not authorized to call the API.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "404": { "description": "Directory does not exist.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "500": { "description": "Internal error. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "503": { "description": "Service unavailable. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } } } } }, "/scim/directory/{directoryId}/Schemas/urn:ietf:params:scim:schemas:core:2.0:Group": { "get": { "tags": [ "Schemas" ], "summary": "Get group schemas", "description": "Get the group schemas from the SCIM provider. \n\n**Note:** This API does not support filtering, pagination, or sorting.\n", "operationId": "getGroupSchemas", "parameters": [ { "name": "directoryId", "in": "path", "description": "Your directory is identified by a Unique ID. You get your directory ID and API key simultaneously.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "SCIM features metadata has been returned successfully.", "content": { "application/json": { "schema": { "type": "string" } }, "application/scim+json": { "schema": { "type": "string" } } } }, "401": { "description": "Missing authorization header.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "403": { "description": "You are not authorized to call the API.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "404": { "description": "Directory does not exist.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "500": { "description": "Internal error. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "503": { "description": "Service unavailable. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } } } } }, "/scim/directory/{directoryId}/Schemas/urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { "get": { "tags": [ "Schemas" ], "summary": "Get user enterprise extension schemas", "description": "Get the user enterprise extension schemas from the SCIM provider. \n\n**Note:** This API does not support filtering, pagination, or sorting.\n", "operationId": "getExtensionUserSchemas", "parameters": [ { "name": "directoryId", "in": "path", "description": "Your directory is identified by a Unique ID. You get your directory ID and API key simultaneously.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "SCIM features metadata has been returned successfully.", "content": { "application/json": { "schema": { "type": "string" } }, "application/scim+json": { "schema": { "type": "string" } } } }, "401": { "description": "Missing authorization header.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "403": { "description": "You are not authorized to call the API.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "404": { "description": "Directory does not exist.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "500": { "description": "Internal error. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "503": { "description": "Service unavailable. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } } } } }, "/scim/directory/{directoryId}/ServiceProviderConfig": { "get": { "tags": [ "Schemas" ], "summary": "Get feature metadata", "description": "Get metadata about the supported SCIM features. This is a service provider configuration endpoint providing supported SCIM features. \n\n**Note:** This API does not support filtering, pagination, or sorting.\n", "operationId": "getConfig", "parameters": [ { "name": "directoryId", "in": "path", "description": "Your directory is identified by a Unique ID. You get your directory ID and API key simultaneously.", "required": true, "schema": { "type": "string" } } ], "responses": { "200": { "description": "SCIM features metadata has been returned successfully.", "content": { "application/json": { "schema": { "type": "string" } }, "application/scim+json": { "schema": { "type": "string" } } } }, "401": { "description": "Missing authorization header.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "403": { "description": "You are not authorized to call the API.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "404": { "description": "Directory does not exist.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "500": { "description": "Internal error. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "503": { "description": "Service unavailable. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } } } } }, "/scim/directory/{directoryId}/Users/{userId}": { "get": { "tags": [ "Users" ], "summary": "Get a user by ID", "description": "Retrieves a user from the directory based on their `userId`. \n", "operationId": "getAUserFromActiveDirectory", "parameters": [ { "name": "directoryId", "in": "path", "description": "Your directory is identified by a Unique ID. You get your directory ID and API key simultaneously.", "required": true, "schema": { "type": "string" } }, { "name": "userId", "in": "path", "description": "Unique ID to identiy the users. Use the [Get users API](https://developer.atlassian.com/cloud/admin/user-provisioning/rest/api-group-users/#api-scim-directory-directoryid-users-get) to get the userId.", "required": true, "schema": { "type": "string" } }, { "name": "attributes", "in": "query", "description": "Resource attributes to be included in response. Mutually exclusive with `excludedAttributes`. Example: `userName,emails.value`\n", "required": false, "x-showInExample": true, "schema": { "type": "string" } }, { "name": "excludedAttributes", "in": "query", "description": "Resource attributes to be excluded from response. Mutually exclusive with `attributes`. Example: `timezone,emails.type,department`\n", "required": false, "schema": { "type": "string" } } ], "responses": { "200": { "description": "User has been returned successfully.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimUser" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimUser" } } } }, "401": { "description": "Missing authorization header.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "403": { "description": "You are not authorized to call the API.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "404": { "description": "Directory or user does not exist.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "500": { "description": "Internal error. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "503": { "description": "Service unavailable. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } } } }, "put": { "tags": [ "Users" ], "summary": "Update user via user attributes", "description": "Update the directory-based user information using the user attributes associated with their `userId`. User information is replaced attribute-by-attribute, with the exception of immutable and read-only attributes. Existing values of unspecified attributes are cleaned.\n", "operationId": "updateUserInformationInAnActiveDirectory", "parameters": [ { "name": "directoryId", "in": "path", "description": "Your directory is identified by a Unique ID. You get your directory ID and API key simultaneously.", "required": true, "schema": { "type": "string" } }, { "name": "userId", "in": "path", "description": "Unique ID to identiy the users. Use the [Get users API](https://developer.atlassian.com/cloud/admin/user-provisioning/rest/api-group-users/#api-scim-directory-directoryid-users-get) to get the userId.", "required": true, "schema": { "type": "string" } }, { "name": "attributes", "in": "query", "description": "Resource attributes to be included in the response. Mutually exclusive from `excludedAttributes`. Example: `userName,emails.value`\n", "required": false, "schema": { "type": "string" } }, { "name": "excludedAttributes", "in": "query", "description": "Resource attributes to be excluded in the response. Mutually exclusive from `attributes`. Example: `timezone,emails.type,department`\n", "required": false, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimUser" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimUser" } } }, "description": "User information. The `userName` is a required field.", "required": true }, "responses": { "200": { "description": "User has been updated successfully.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimUser" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimUser" } } } }, "400": { "description": "Invalid payload for update request.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "401": { "description": "Missing authorization header.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "403": { "description": "You are not authorized to call the API.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "404": { "description": "Either directory or user does not exist.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "500": { "description": "Internal error. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "503": { "description": "Service unavailable. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } } } }, "delete": { "tags": [ "Users" ], "summary": "Deactivate a user", "description": "Deactivates a user from the directory by their `userId`, along with its group memberships. If the `userId` is linked to a managed Atlassian account, the account is deactivated. The user is not available for future requests until created with a new `userId`. Any future operation for the deactivated user returns the 404 (resource not found) error.\n\nThe deactivated user can be activated again via Atlassian Administration.. \n\nTo deactivate the account instead, use the [Update user by ID API](https://developer.atlassian.com/cloud/admin/user-provisioning/rest/api-group-users/#api-scim-directory-directoryid-users-userid-patch). Update the `op` field to `replace` and `value` field to `active:false` within the `operations` request body.\n\n**Note:** Executing this API call will result in the deletion of the SCIM record, and there is no method to reverse these changes except by creating a new SCIM record with [Create a user API](https://developer.atlassian.com/cloud/admin/user-provisioning/rest/api-group-users/#api-scim-directory-directoryid-users-post).\n", "operationId": "deleteAUserFromAnActiveDirectory", "parameters": [ { "name": "directoryId", "in": "path", "description": "Your directory is identified by a Unique ID. You get your directory ID and API key simultaneously.", "required": true, "schema": { "type": "string" } }, { "name": "userId", "in": "path", "description": "Unique ID to identiy the users. Use the [Get users API](https://developer.atlassian.com/cloud/admin/user-provisioning/rest/api-group-users/#api-scim-directory-directoryid-users-get) to get the userId.", "required": true, "schema": { "type": "string" } } ], "responses": { "204": { "description": "User has been deactivated." }, "401": { "description": "Missing authorization header.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "403": { "description": "You are not authorized to call the API.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "404": { "description": "Either directory or user does not exist.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "500": { "description": "Internal error. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "503": { "description": "Service unavailable. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } } } }, "patch": { "tags": [ "Users" ], "summary": "Update user by ID (PATCH)", "description": "Updates a user's information in the directory based on their `userId` via `PATCH`. Refer to [Service Provider Configuration APIs](https://developer.atlassian.com/cloud/admin/user-provisioning/rest/api-group-service-provider-configuration/#api-group-service-provider-configuration) for details on supported operations.\n", "operationId": "patchUserInformationInAnActiveDirectory", "parameters": [ { "name": "directoryId", "in": "path", "description": "Your directory is identified by a Unique ID. You get your directory ID and API key simultaneously.", "required": true, "schema": { "type": "string" } }, { "name": "userId", "in": "path", "description": "Unique ID to identiy the users. Use the [Get users API](https://developer.atlassian.com/cloud/admin/user-provisioning/rest/api-group-users/#api-scim-directory-directoryid-users-get) to get the userId.", "required": true, "schema": { "type": "string" } }, { "name": "attributes", "in": "query", "description": "Resource attributes to be included in the response. Mutually exclusive from `excludedAttributes`. Example: `userName,emails.value`\n", "required": false, "schema": { "type": "string" } }, { "name": "excludedAttributes", "in": "query", "description": "Resource attributes to be included in the response. Mutually exclusive from `attributes`. Example: `timezone,emails.type,department`\n", "required": false, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/RequestPayloadToPatch" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/RequestPayloadToPatch" } } }, "description": "Patch op information", "required": true }, "responses": { "200": { "description": "User has been updated successfully.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimUser" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimUser" } } } }, "400": { "description": "Invalid payload for patch operation.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "401": { "description": "Missing authorization header.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "403": { "description": "You are not authorized to call the API.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "404": { "description": "Either directory or user does not exist.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "500": { "description": "Internal error. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "503": { "description": "Service unavailable. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } } } } }, "/scim/directory/{directoryId}/Users": { "get": { "tags": [ "Users" ], "summary": "Get users", "description": "Get users from the specified directory. Filtering is supported with a single exact match (`eq`) against the `userName` and `externalId` attributes.\n\n **Note**: While this API enables pagination, sorting functionality is not supported.\n", "operationId": "getUsersFromAnActiveDirectory", "parameters": [ { "name": "directoryId", "in": "path", "description": "Your directory is identified by a Unique ID. You get your directory ID and API key simultaneously.", "required": true, "schema": { "type": "string" } }, { "name": "attributes", "in": "query", "description": "Resource attributes to be included in response. Mutually exclusive from `excludedAttributes`. Example: `userName,emails.value`\n", "required": false, "schema": { "type": "string" } }, { "name": "excludedAttributes", "in": "query", "description": "Resource attributes to be excluded from response. Mutually exclusive from `attributes`. Example: `timezone,emails.type,department`\n", "required": false, "schema": { "type": "string" } }, { "name": "filter", "in": "query", "description": "Filter for `userName` or `externalId`. Example: `userName eq \"Atlassian\"`\n", "required": false, "schema": { "type": "string" } }, { "name": "startIndex", "in": "query", "description": "A 1-based index of the first query result.", "required": false, "schema": { "type": "integer", "format": "int32", "default": 1 } }, { "name": "count", "in": "query", "description": "Desired maximum number of query results in the list response page.", "required": false, "schema": { "type": "integer", "format": "int32" } } ], "responses": { "200": { "description": "Users have been returned successfully.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimUserListResponse" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimUserListResponse" } } } }, "400": { "description": "Caller has provided an invalid filter", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "401": { "description": "Missing authorization header.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "403": { "description": "You are not authorized to call the API.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "404": { "description": "Directory does not exist.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "500": { "description": "Internal error. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "503": { "description": "Service unavailable. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } } } }, "post": { "tags": [ "Users" ], "summary": "Create a user", "description": "Creates a user in the directory.\n**Note:** An attempt to create an existing user will fail with a 409 (Conflict) error.\nUse this API to manage accounts outside your organization when assigning these users to SCIM groups.\nIf there's already a managed Atlassian account associated with the specified email address on the Atlassian platform, the user in your identity provider will be connected or linked to the user in your Atlassian organization.", "operationId": "createAUserInAnActiveDirectory", "parameters": [ { "name": "directoryId", "in": "path", "description": "Your directory is identified by a Unique ID. You get your directory ID and API key simultaneously.", "required": true, "schema": { "type": "string" } }, { "name": "attributes", "in": "query", "description": "Resource attributes to be included in response. Mutually exclusive from `excludedAttributes`. Example: `userName,emails.value`\n", "required": false, "schema": { "type": "string" } }, { "name": "excludedAttributes", "in": "query", "description": "Resource attributes to be excluded from response. Mutually exclusive from `attributes`. Example: `timezone,emails.type,department`\n", "required": false, "schema": { "type": "string" } } ], "requestBody": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimUser" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimUser" } } }, "description": "User information. The `userName` parameter is required.", "required": true }, "responses": { "201": { "description": "User has been created successfully.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimUser" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimUser" } } } }, "400": { "description": "Invalid payload for creation request.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "401": { "description": "Missing authorization header.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "403": { "description": "You are not authorized to call the API.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "404": { "description": "Directory does not exist.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "409": { "description": "User already exists.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "500": { "description": "Internal error. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "503": { "description": "Service unavailable. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } } } } }, "/admin/user-provisioning/v1/org/{orgId}/user/{AAID}/onlyDeleteUserInDB": { "delete": { "tags": [ "Admin APIs" ], "description": "Delete the user in our SCIM DB with your Atlassian Account ID (AAID). This will apply to all directories in your organization matching that AAID and only works for managed users. \n
\n
\nYou will have to completely reprovision the deleted user to their respective groups after deletion. \n
\n
\nTell me more about [Updating managed SCIM email addresses](../../email-change/).\n", "parameters": [ { "name": "orgId", "in": "path", "description": "Your organization is identified by a Unique ID. You get your organization ID and Organization API key simultaneously.", "required": true, "schema": { "type": "string" } }, { "name": "AAID", "in": "path", "description": "Unique ID of the user's account.\nThe AAID is in the URL once you click into a user in either the users tab or the managed users tab.\nThe URL could look like:\n\n```https://admin.atlassian.com/o/{orgId}/users/{aaId}```\n\n```https://admin.atlassian.com/o/{orgId}/members/{aaId}```\n\n```https://admin.atlassian.com/s/{siteId}/users/{aaId}```\n", "required": true, "schema": { "type": "string" } } ], "summary": "Delete user in SCIM DB", "responses": { "204": { "description": "Users deleted via Aaid" }, "401": { "description": "Missing authorization header.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "403": { "description": "You are not authorized to call the API.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Failure" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/Failure" } } } }, "404": { "description": "User not found or User that is found is not a managed user.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "500": { "description": "Internal error. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } }, "503": { "description": "Service unavailable. You can retry calls.", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimError" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimError" } } } } } } } }, "servers": [ { "url": "https://api.atlassian.com/" } ], "components": { "requestBodies": { "ScimGroup": { "content": { "application/json": { "schema": { "$ref": "#/components/schemas/ScimGroup" } }, "application/scim+json": { "schema": { "$ref": "#/components/schemas/ScimGroup" } } }, "required": true } }, "securitySchemes": { "clientCredentialsAuth": { "type": "oauth2", "flows": { "clientCredentials": { "tokenUrl": "https://api.atlassian.com/oauth/token", "scopes": {} } } } }, "schemas": { "Failure": { "type": "object", "properties": { "error": { "type": "string", "description": "Human readable error message", "readOnly": true }, "traceId": { "type": "string", "description": "Unique TraceId that can be used to find log messages.", "readOnly": true } } }, "ScimError": { "type": "object", "properties": { "schemas": { "type": "array", "description": "SCIM error schemas.", "readOnly": true, "uniqueItems": true, "items": { "type": "string" } }, "status": { "type": "string", "description": "The HTTP status code.", "readOnly": true }, "scimType": { "type": "string", "description": "Keyword for SCIM detail error.", "readOnly": true, "enum": [ "invalidFilter", "tooMany", "uniqueness", "mutability", "invalidSyntax", "invalidPath", "noTarget", "invalidValue", "invalidVers", "sensitive" ] }, "detail": { "type": "string", "description": "Detailed human-readable message.", "readOnly": true } }, "description": "SCIM Error" }, "ScimGroup": { "type": "object", "title": "Scim group", "properties": { "schemas": { "type": "array", "description": "SCIM schemas that define the attributes present in the current JSON structure. This ia a required field during user creation or modification.\n", "readOnly": true, "uniqueItems": true, "items": { "type": "string" } }, "id": { "type": "string", "description": "Unique identifier defined by Atlassian SCIM Service. This is a read-only and case-sensitive field. It is ignored if specified in the payload during user creation or modification.\n", "readOnly": true }, "externalId": { "type": "string", "description": "Identifier defined by provisioning client. CaseExact. Uniqueness is controlled by client. ", "readOnly": true }, "displayName": { "type": "string", "description": "Group display name. This is a immutable, required, and read-only field." }, "members": { "type": "array", "description": "Group members", "readOnly": true, "items": { "$ref": "#/components/schemas/ScimGroupMember" } }, "meta": { "description": "Group metadata information.", "readOnly": true, "allOf": [ { "$ref": "#/components/schemas/ScimMetadata" } ] } }, "description": "SCIM group" }, "ScimGroupMember": { "type": "object", "title": "Scim group member", "properties": { "type": { "type": "string" }, "value": { "type": "string", "readOnly": true }, "display": { "type": "string", "readOnly": true }, "$ref": { "type": "string", "readOnly": true } }, "description": "SCIM group member" }, "ScimMetadata": { "type": "object", "title": "Scim metadata", "properties": { "resourceType": { "type": "string", "description": "The name of the resource type of the resource. This is a read-only and case-sensitive field.\n", "readOnly": true, "enum": [ "USER", "GROUP", "DIRECTORY" ] }, "location": { "type": "string", "description": "The URI of the resource being returned. This is a read-only field.", "readOnly": true }, "lastModified": { "type": "string", "format": "date-time", "description": "The most recent DateTime that the details of this resource were updated. This is a read-only field.\n", "readOnly": true }, "created": { "type": "string", "format": "date-time", "description": "The DateTime that the resource was added to Atlassian SCIM service. This is a read-only field.\n", "readOnly": true } }, "description": "SCIM metadata" }, "EnterpriseUserExtension": { "type": "object", "title": "Enterprise user extension", "properties": { "organization": { "type": "string", "description": "Organization the user belongs to.", "readOnly": true }, "department": { "type": "string", "description": "Department the user belongs to.", "readOnly": true } }, "description": "SCIM enterprise user extension" }, "ExternalAtlassianScimExtension": { "type": "object", "title": "External atlassion Scim extensioin", "properties": { "atlassianAccountId": { "type": "string", "readOnly": true } } }, "ScimGroupForUser": { "type": "object", "title": "Scim group for user", "properties": { "type": { "type": "string" }, "value": { "type": "string", "readOnly": true }, "display": { "type": "string", "readOnly": true }, "$ref": { "type": "string", "readOnly": true } }, "description": "SCIM group for user" }, "ScimUserEmail": { "type": "object", "title": "Scim user email", "properties": { "value": { "type": "string", "description": "Email address." }, "type": { "type": "string", "description": "Type of email address, for example \"work\" or \"personal\"." }, "primary": { "type": "boolean", "description": "Boolean value indicating whether this is the primary email address." } }, "description": "SCIM user email" }, "ScimUser": { "type": "object", "title": "Scim user", "properties": { "schemas": { "type": "array", "description": "SCIM schemas that define the attributes present in the current JSON structure This is a required field during user creation or modification. \n", "readOnly": true, "uniqueItems": true, "items": { "type": "string" } }, "userName": { "type": "string", "description": "Unique identifier defined by the provisioning client. Atlassian SCIM service will verify the value and guarantee its uniqueness. This is a required field during user creation or modification.\n" }, "emails": { "type": "array", "description": "Email addresses of the User. This is a required field during user creation or modification. One value must be marked as primary.\n", "uniqueItems": true, "items": { "$ref": "#/components/schemas/ScimUserEmail" } }, "id": { "type": "string", "description": "Unique identifier defined by Atlassian SCIM Service. CaseExact. This is a read-only field and will be disregarded if included in the payload during user creation or modification..\n", "readOnly": true }, "externalId": { "type": "string", "description": "Identifier defined by provisioning client. This is a case-sensitive field. Uniqueness is controlled by client. \n", "readOnly": true }, "name": { "description": "The components of the user's name.", "allOf": [ { "$ref": "#/components/schemas/ScimUserName" } ] }, "displayName": { "type": "string", "description": "User's display name." }, "nickName": { "type": "string", "description": "User's nickname." }, "title": { "type": "string", "description": "User's title." }, "preferredLanguage": { "type": "string", "description": "User's preferred language." }, "department": { "type": "string", "description": "User's department." }, "organization": { "type": "string", "description": "User's organization." }, "timezone": { "type": "string", "description": "User's timezone. e.g. America/Los_Angeles ." }, "phoneNumbers": { "type": "array", "description": "Phone numbers of the user.", "uniqueItems": true, "items": { "$ref": "#/components/schemas/ScimUserPhoneNumber" } }, "meta": { "description": "User metadata information.", "readOnly": true, "allOf": [ { "$ref": "#/components/schemas/ScimMetadata" } ] }, "groups": { "type": "array", "description": "Groups to which the user is associated in SCIM.", "readOnly": true, "items": { "$ref": "#/components/schemas/ScimGroupForUser" } }, "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { "description": "Enterprise user information", "readOnly": true, "allOf": [ { "$ref": "#/components/schemas/EnterpriseUserExtension" } ] }, "urn:scim:schemas:extension:atlassian-external:1.0": { "description": "Atlassian specific SCIM Extension", "readOnly": true, "allOf": [ { "$ref": "#/components/schemas/ExternalAtlassianScimExtension" } ] }, "active": { "type": "boolean", "description": "A Boolean value indicating the user's administrative status." } }, "description": "SCIM user" }, "ScimUserName": { "type": "object", "title": "Scim user name", "properties": { "formatted": { "type": "string", "description": "The full name, including all middle names, titles, and suffixes as appropriate, formatted for display." }, "familyName": { "type": "string", "description": "The family name of the User." }, "givenName": { "type": "string", "description": "The given name of the User." }, "middleName": { "type": "string", "description": "The middle name(s) of the User." }, "honorificPrefix": { "type": "string", "description": "The honorific prefix(es) of the User, or title in most Western languages." }, "honorificSuffix": { "type": "string", "description": "The honorific suffix(es) of the User, or suffix in most Western languages." } }, "description": "SCIM user name" }, "ScimUserPhoneNumber": { "type": "object", "title": "Scim user phone number", "properties": { "value": { "type": "string", "description": "Phone number." }, "type": { "type": "string", "description": "Type of phone number, for example `work` or `personal`" }, "primary": { "type": "boolean", "description": "Boolean value indicating whether phone number is primary." } }, "description": "SCIM user phone number" }, "BadRequestException": { "type": "object", "title": "Bad request exception", "properties": { "cause": { "$ref": "#/components/schemas/Throwable" }, "stackTrace": { "type": "array", "items": { "$ref": "#/components/schemas/StackTraceElement" } }, "responseStatus": { "type": "string", "enum": [ "OK", "CREATED", "ACCEPTED", "NO_CONTENT", "RESET_CONTENT", "PARTIAL_CONTENT", "MOVED_PERMANENTLY", "FOUND", "SEE_OTHER", "NOT_MODIFIED", "USE_PROXY", "TEMPORARY_REDIRECT", "BAD_REQUEST", "UNAUTHORIZED", "PAYMENT_REQUIRED", "FORBIDDEN", "NOT_FOUND", "METHOD_NOT_ALLOWED", "NOT_ACCEPTABLE", "PROXY_AUTHENTICATION_REQUIRED", "REQUEST_TIMEOUT", "CONFLICT", "GONE", "LENGTH_REQUIRED", "PRECONDITION_FAILED", "REQUEST_ENTITY_TOO_LARGE", "REQUEST_URI_TOO_LONG", "UNSUPPORTED_MEDIA_TYPE", "REQUESTED_RANGE_NOT_SATISFIABLE", "EXPECTATION_FAILED", "INTERNAL_SERVER_ERROR", "NOT_IMPLEMENTED", "BAD_GATEWAY", "SERVICE_UNAVAILABLE", "GATEWAY_TIMEOUT", "HTTP_VERSION_NOT_SUPPORTED" ] }, "scimErrorType": { "type": "string", "enum": [ "invalidFilter", "tooMany", "uniqueness", "mutability", "invalidSyntax", "invalidPath", "noTarget", "invalidValue", "invalidVers", "sensitive" ] }, "message": { "type": "string" }, "localizedMessage": { "type": "string" }, "suppressed": { "type": "array", "items": { "$ref": "#/components/schemas/Throwable" } } } }, "StackTraceElement": { "type": "object", "title": "Stack trace element", "properties": { "methodName": { "type": "string" }, "fileName": { "type": "string" }, "lineNumber": { "type": "integer", "format": "int32" }, "className": { "type": "string" }, "nativeMethod": { "type": "boolean" } } }, "Throwable": { "type": "object", "properties": { "cause": { "$ref": "#/components/schemas/Throwable" }, "stackTrace": { "type": "array", "items": { "$ref": "#/components/schemas/StackTraceElement" } }, "message": { "type": "string" }, "localizedMessage": { "type": "string" }, "suppressed": { "type": "array", "items": { "$ref": "#/components/schemas/Throwable" } } } }, "JsonNode": { "type": "object", "title": "Json node", "properties": { "array": { "type": "boolean" }, "null": { "type": "boolean" }, "valueNode": { "type": "boolean" }, "containerNode": { "type": "boolean" }, "missingNode": { "type": "boolean" }, "object": { "type": "boolean" }, "nodeType": { "type": "string", "enum": [ "ARRAY", "BINARY", "BOOLEAN", "MISSING", "NULL", "NUMBER", "OBJECT", "POJO", "STRING" ] }, "pojo": { "type": "boolean" }, "number": { "type": "boolean" }, "integralNumber": { "type": "boolean" }, "floatingPointNumber": { "type": "boolean" }, "short": { "type": "boolean" }, "int": { "type": "boolean" }, "long": { "type": "boolean" }, "double": { "type": "boolean" }, "bigDecimal": { "type": "boolean" }, "bigInteger": { "type": "boolean" }, "textual": { "type": "boolean" }, "boolean": { "type": "boolean" }, "binary": { "type": "boolean" }, "float": { "type": "boolean" } } }, "OperationForAScimPatch": { "type": "object", "title": "Operation for a Scim patch.", "properties": { "op": { "type": "string" }, "path": { "type": "string" }, "value": { "$ref": "#/components/schemas/JsonNode" } }, "description": "Operation for a SCIM patch" }, "RequestPayloadToPatch": { "type": "object", "title": "Request payload to patch.", "properties": { "schemas": { "type": "array", "description": "SCIM patch schemas.", "uniqueItems": true, "items": { "type": "string" } }, "operations": { "type": "array", "description": "SCIM patch operations.", "items": { "$ref": "#/components/schemas/OperationForAScimPatch" } } }, "description": "Request object to patch a scim user" }, "ScimGroupListResponse": { "type": "object", "title": "Scim group list response", "properties": { "schemas": { "type": "array", "description": "SCIM schemas that define list of response.", "readOnly": true, "uniqueItems": true, "items": { "type": "string" } }, "totalResults": { "type": "integer", "format": "int32", "description": "The total number of results returned by the query operation. The value may be larger than the number of resources returned, such as when returning a single page of results from a larger result set.\n", "readOnly": true }, "startIndex": { "type": "integer", "format": "int32", "description": "The 1-based index of the first result in the current set of list results.", "readOnly": true }, "itemsPerPage": { "type": "integer", "format": "int32", "description": "The number of resources returned in a list response page.", "readOnly": true }, "Resources": { "type": "array", "description": "The list of resource objects.", "readOnly": true, "items": { "$ref": "#/components/schemas/ScimGroup" } } }, "description": "SCIM group list response" }, "ScimUserListResponse": { "type": "object", "title": "Scim user list response", "properties": { "schemas": { "type": "array", "description": "SCIM schemas that define list of response.", "readOnly": true, "uniqueItems": true, "items": { "type": "string" } }, "totalResults": { "type": "integer", "format": "int32", "description": "The total number of results returned by query operation. The value may be larger than the number of resources returned, such as when returning a single page of results from a larger result set.\n", "readOnly": true }, "startIndex": { "type": "integer", "format": "int32", "description": "The 1-based index of the first result in the current set of list results.", "readOnly": true }, "itemsPerPage": { "type": "integer", "format": "int32", "description": "The number of resources returned in a list response page.", "readOnly": true }, "Resources": { "type": "array", "description": "The list of resource objects.", "readOnly": true, "items": { "$ref": "#/components/schemas/ScimUser" } } }, "description": "SCIM user list response" } } } }