云SSO支持的SCIM_2.0接口
更新时间 2025-12-30 18:06:27
最近更新时间: 2025-12-30 18:06:27
本文介绍云SSO支持的SCIM 2.0接口
使用说明
SCIM 2.0接口的实现遵循RFC 7644,具体请求说明请参见RFC文档,具体的结构实现请参见SCIM Schemas。
接入点
SCIM服务对应的接入点(Endpoint):https://www.ctyun.cn/sso/api/scim/v2/
认证方式
使用OAuth Bearer Token方式进行认证。在请求头中添加:
Authorization: Bearer <your_scim_credential>SCIM 2.0接口总览
SCIM 2.0接口如下表所示。调用SCIM接口时,请将<your_scim_credential>替换为您的SCIM凭证。
| 分类 | SCIM 2.0接口 | 支持情况 | 功能描述 |
|---|---|---|---|
| Discovery Endpoint | /ServiceProviderConfig | 支持 | 获取服务端支持的功能。 |
| /ResourceTypes | 支持 | 获取服务端支持的资源类型,返回User和Group。 | |
| /Schemas | 支持 | 获取服务端支持的Schema,返回User和Group的详细Schema。 | |
| /Users | POST /Users | 支持 | 同步用户。 |
| GET /Users/{id} | 支持 | 查询指定ID的用户。 | |
| GET /Users | 支持 | 按条件查询用户信息或查询所有用户列表。 | |
| PUT /Users/{id} | 支持 | 替换指定ID的用户信息(全量更新)。 | |
| PATCH /Users/{id} | 支持 | 更新指定ID的用户信息(部分更新)。 | |
| DELETE /Users/{id} | 支持 | 删除指定ID的用户。 | |
| /Groups | POST /Groups | 支持 | 同步用户组。 |
| GET /Groups/{id} | 支持 | 查询指定ID的用户组,包含用户组中的用户信息。 | |
| GET /Groups | 支持 | 按条件查询用户组信息或查询所有用户组列表。 | |
| PUT /Groups/{id} | 支持 | 替换用户组信息(全量更新)。 | |
| PATCH /Groups/{id} | 支持 | 更新用户组信息(部分更新)。 | |
| DELETE /Groups/{id} | 支持 | 删除指定ID的用户组。 | |
| /Me | 无 | 不支持 | 无 |
| /Bulk | 无 | 不支持 | 无 |
| /.Search | 无 | 不支持 | 无 |
发现端点
/ServiceProviderConfig
功能描述
获取服务端支持的功能配置。
使用约束
无需认证。
请求示例
curl https://www.ctyun.cn/sso/api/scim/v2/ServiceProviderConfig \
-H "Content-Type: application/scim+json"返回示例
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"
],
"patch": {
"supported": true
},
"bulk": {
"supported": false,
"maxOperations": 0,
"maxPayloadSize": 0
},
"filter": {
"supported": false,
"maxResults": 200
},
"changePassword": {
"supported": false
},
"sort": {
"supported": false
},
"etag": {
"supported": false
},
"authenticationSchemes": [
{
"type": "oauthbearertoken",
"name": "OAuth Bearer Token",
"description": "Authentication scheme using the OAuth Bearer Token Standard",
"specUri": "https://www.rfc-editor.org/info/rfc6750",
"primary": true
}
],
"meta": {
"resourceType": "ServiceProviderConfig",
"location": "/scim/v2/ServiceProviderConfig"
}
}返回结果显示:
支持的功能:patch
不支持的功能:bulk、changePassword、etag、filter、sort
/ResourceTypes
功能描述
获取服务端支持的资源类型,返回User和Group。
使用约束
无需认证。
请求示例
curl https://www.ctyun.cn/sso/api/scim/v2/ResourceTypes \
--header 'Authorization: Bearer <your_scim_credential>' 返回示例
[
{
"schema": "urn:ietf:params:scim:schemas:core:2.0:User",
"endpoint": "/Users",
"meta": {
"location": "/scim/v2/ResourceTypes/User",
"resourceType": "ResourceType"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
],
"name": "User",
"description": "User Account",
"id": "User"
},
{
"schema": "urn:ietf:params:scim:schemas:core:2.0:Group",
"endpoint": "/Groups",
"meta": {
"location": "/scim/v2/ResourceTypes/Group",
"resourceType": "ResourceType"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
],
"name": "Group",
"description": "Group",
"id": "Group"
}
]/Schemas
功能描述
获取服务端支持的Schema,返回User和Group的详细Schema定义。
使用约束
无需认证。
请求示例
curl https://www.ctyun.cn/sso/api/scim/v2/Schemas \
--header "Content-Type: application/scim+json"返回示例
{
"totalResults": 2,
"startIndex": 1,
"itemsPerPage": 2,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"Resources": [
{
"meta": {
"location": "/scim/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:User",
"resourceType": "Schema"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"name": "User",
"description": "User Account",
"attributes": [
{
"uniqueness": "server",
"name": "id",
"description": "Unique identifier for the SCIM Resource",
"mutability": "readOnly",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "always",
"required": false
},
{
"name": "externalId",
"description": "Unique identifier for the Resource",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"uniqueness": "server",
"name": "userName",
"description": "Unique identifier for the User",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": true,
"returned": "always",
"required": true
},
{
"name": "name",
"description": "The components of the user's real name",
"mutability": "readWrite",
"type": "complex",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false,
"subAttributes": [
{
"name": "formatted",
"description": "The full name",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "familyName",
"description": "The family name",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "givenName",
"description": "The given name",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "middleName",
"description": "The middle name",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "honorificPrefix",
"description": "The honorific prefix",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "honorificSuffix",
"description": "The honorific suffix",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
}
]
},
{
"name": "displayName",
"description": "The name of the User, suitable for display",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "nickName",
"description": "The casual way to address the user",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "profileUrl",
"description": "URL of the user's profile",
"mutability": "readWrite",
"type": "reference",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "title",
"description": "The user's title",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "userType",
"description": "Used to identify the relationship between the organization and the user",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "preferredLanguage",
"description": "User's preferred written or spoken language",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "locale",
"description": "Used to indicate the User's default location",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "timezone",
"description": "The User's time zone",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "active",
"description": "A Boolean value indicating the User's administrative status",
"mutability": "readWrite",
"type": "boolean",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "password",
"description": "The User's cleartext password",
"mutability": "writeOnly",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "never",
"required": false
},
{
"name": "emails",
"description": "Email addresses for the user",
"mutability": "readWrite",
"type": "complex",
"multiValued": true,
"caseExact": false,
"returned": "default",
"required": false,
"subAttributes": [
{
"name": "value",
"description": "Email addresses for the user",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "display",
"description": "A human-readable name",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "type",
"description": "A label indicating the attribute's function",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "primary",
"description": "A Boolean value indicating the 'primary' or preferred attribute",
"mutability": "readWrite",
"type": "boolean",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
}
]
},
{
"name": "phoneNumbers",
"description": "Phone numbers for the User",
"mutability": "readWrite",
"type": "complex",
"multiValued": true,
"caseExact": false,
"returned": "default",
"required": false,
"subAttributes": [
{
"name": "value",
"description": "Phone number of the User",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "display",
"description": "A human-readable name",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "type",
"description": "A label indicating the attribute's function",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "primary",
"description": "A Boolean value indicating the 'primary' or preferred attribute",
"mutability": "readWrite",
"type": "boolean",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
}
]
},
{
"name": "addresses",
"description": "A physical mailing address for this User",
"mutability": "readWrite",
"type": "complex",
"multiValued": true,
"caseExact": false,
"returned": "default",
"required": false,
"subAttributes": [
{
"name": "formatted",
"description": "The full mailing address",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "streetAddress",
"description": "The full street address",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "locality",
"description": "The city or locality",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "region",
"description": "The state or region",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "postalCode",
"description": "The zip code or postal code",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "country",
"description": "The country name",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "type",
"description": "A label indicating the attribute's function",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "primary",
"description": "A Boolean value indicating the 'primary' or preferred attribute",
"mutability": "readWrite",
"type": "boolean",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
}
]
},
{
"name": "groups",
"description": "A list of groups to which the user belongs",
"mutability": "readOnly",
"type": "complex",
"multiValued": true,
"caseExact": false,
"returned": "default",
"required": false,
"subAttributes": [
{
"name": "value",
"description": "The identifier of the User's group",
"mutability": "readOnly",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "$ref",
"description": "The URI of the corresponding 'Group' resource",
"mutability": "readOnly",
"type": "reference",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "display",
"description": "A human-readable name",
"mutability": "readOnly",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "type",
"description": "A label indicating the attribute's function",
"mutability": "readOnly",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
}
]
},
{
"name": "meta",
"description": "A complex attribute containing resource metadata",
"mutability": "readOnly",
"type": "complex",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false,
"subAttributes": [
{
"name": "resourceType",
"description": "The name of the resource type",
"mutability": "readOnly",
"type": "string",
"multiValued": false,
"caseExact": true,
"returned": "default",
"required": false
},
{
"name": "created",
"description": "The DateTime the Resource was added",
"mutability": "readOnly",
"type": "dateTime",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "lastModified",
"description": "The most recent DateTime the Resource was updated",
"mutability": "readOnly",
"type": "dateTime",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "location",
"description": "The URI of the Resource being returned",
"mutability": "readOnly",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "version",
"description": "The version of the Resource being returned",
"mutability": "readOnly",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
}
]
}
],
"id": "urn:ietf:params:scim:schemas:core:2.0:User"
},
{
"meta": {
"location": "/scim/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:Group",
"resourceType": "Schema"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
],
"name": "Group",
"description": "Group Resource",
"attributes": [
{
"uniqueness": "server",
"name": "id",
"description": "Unique identifier for the SCIM Resource",
"mutability": "readOnly",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "always",
"required": false
},
{
"name": "externalId",
"description": "Unique identifier for the Resource",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "displayName",
"description": "A human-readable name for the Group",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "always",
"required": true
},
{
"name": "members",
"description": "A list of members of the Group",
"mutability": "readWrite",
"type": "complex",
"multiValued": true,
"caseExact": false,
"returned": "default",
"required": false,
"subAttributes": [
{
"name": "value",
"description": "Identifier of the member of this Group",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "$ref",
"description": "The URI corresponding to a SCIM resource",
"mutability": "readWrite",
"type": "reference",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "type",
"description": "A label indicating the type of resource",
"mutability": "readWrite",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "display",
"description": "A human-readable name",
"mutability": "readOnly",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
}
]
},
{
"name": "meta",
"description": "A complex attribute containing resource metadata",
"mutability": "readOnly",
"type": "complex",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false,
"subAttributes": [
{
"name": "resourceType",
"description": "The name of the resource type",
"mutability": "readOnly",
"type": "string",
"multiValued": false,
"caseExact": true,
"returned": "default",
"required": false
},
{
"name": "created",
"description": "The DateTime the Resource was added",
"mutability": "readOnly",
"type": "dateTime",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "lastModified",
"description": "The most recent DateTime the Resource was updated",
"mutability": "readOnly",
"type": "dateTime",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "location",
"description": "The URI of the Resource being returned",
"mutability": "readOnly",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
},
{
"name": "version",
"description": "The version of the Resource being returned",
"mutability": "readOnly",
"type": "string",
"multiValued": false,
"caseExact": false,
"returned": "default",
"required": false
}
]
}
],
"id": "urn:ietf:params:scim:schemas:core:2.0:Group"
}
]
}用户操作
创建用户
功能描述
创建新用户。
使用约束
userName必填,长度1-32位name.formatted(真实姓名)必填,长度1-16位emails必填,邮箱长度1-256位,必须符合邮箱格式phoneNumbers可选,电话号码必须是纯数字,长度11-30位用户名在账户下必须唯一
邮箱在系统中必须唯一
请求示例
curl https://www.ctyun.cn/sso/api/scim/v2/Users \
--header 'Authorization: Bearer <your_scim_credential>' \
--header "Content-Type: application/scim+json" \
-X POST \
-d '{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
"userName": "user01",
"name": {
"formatted": "张三",
"familyName": "张",
"givenName": "三"
},
"displayName": "张三",
"emails": [
{
"value": "user01@example.com",
"type": "work",
"primary": true
}
],
"phoneNumbers": [
{
"value": "17777766777",
"type": "work"
}
],
"active": true,
"externalId": "external-001"
}'返回示例
{
"id": "024xx77e-06ab-4z14-b8b8-67yy123bde8e",
"externalId": "external-001",
"meta": {
"resourceType": "User",
"created": "2025-10-20T01:26:49.754Z",
"lastModified": "2025-10-20T01:26:49.754Z",
"location": "/sso/api/scim/v2/Users/024xx77e-06ab-4z14-b8b8-67yy123bde8e"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "user01",
"name": {
"formatted": "张三",
"givenName": "张三"
},
"displayName": "张三",
"active": true,
"emails": [
{
"value": "user01@example.com",
"type": "work",
"primary": true
}
],
"phoneNumbers": [
{
"value": "17777766777",
"type": "work"
}
]
}查询用户
功能描述
根据ID查询指定用户的详细信息。
使用约束
{id}必传,为用户的UUID只能查询本账户下的用户
请求示例
curl https://www.ctyun.cn/sso/api/scim/v2/Users/<userId> \
--header 'Authorization: Bearer <your_scim_credential>' \
--header "Content-Type: application/scim+json" \
-X GET返回示例
{
"id": "0241a77e-06ab-4214-b8b8-6721304bde8e",
"externalId": "external-001",
"meta": {
"resourceType": "User",
"created": "2025-10-20T01:26:50Z",
"lastModified": "2025-10-20T01:26:50Z",
"location": "/sso/api/scim/v2/Users/0241a77e-06ab-4214-b8b8-6721304bde8e"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "user01",
"name": {
"formatted": "张三",
"givenName": "张三"
},
"displayName": "张三",
"active": true,
"emails": [
{
"value": "user01@example.com",
"type": "work",
"primary": true
}
],
"phoneNumbers": [
{
"value": "13800138000",
"type": "work"
}
]
}查询用户列表
功能描述
按条件查询用户信息或查询所有用户列表。
使用约束
支持filter查询,filter仅支持
userName和externalId字段的eq操作startIndex起始索引,从1开始,默认值为1,必须大于0count每页数量,默认值为100,范围1-1000sortBy排序字段,支持userName、created、lastModified,默认createdsortOrder排序方式,支持ascending(升序)和descending(降序),默认ascending不带filter时,返回账户下所有用户,支持分页
请求示例
示例1:查询所有用户
curl 'https://www.ctyun.cn/sso/api/scim/v2/Users?startIndex=1&count=10' \
--header 'Authorization: Bearer <your_scim_credential>' \
--header "Content-Type: application/scim+json" \
-X GET示例2:按userName过滤查询
curl 'https://www.ctyun.cn/sso/api/scim/v2/Users?filter=userName+eq+%22user01%22' \
--header 'Authorization: Bearer <your_scim_credential>' \
--header "Content-Type: application/scim+json" \
-X GET示例3:按externalId过滤查询
curl 'https://www.ctyun.cn/sso/api/scim/v2/Users?filter=externalId+eq+%22external-001%22' \
--header 'Authorization: Bearer <your_scim_credential>' \
--header "Content-Type: application/scim+json" \
-X GET返回示例
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"itemsPerPage": 100,
"startIndex": 1,
"resources": [
{
"id": "0241a77e-06ab-4214-b8b8-6721304bde8e",
"externalId": "external-001",
"meta": {
"resourceType": "User",
"created": "2025-10-20T01:26:50Z",
"lastModified": "2025-10-20T01:26:50Z",
"location": "/sso/api/scim/v2/Users/0241a77e-06ab-4214-b8b8-6721304bde8e"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "user01",
"name": {
"formatted": "张三",
"givenName": "张三"
},
"displayName": "张三",
"active": true,
"emails": [
{
"value": "user01@example.com",
"type": "work",
"primary": true
}
],
"phoneNumbers": [
{
"value": "13800138000",
"type": "work"
}
]
}
]
}更新用户
功能描述
使用PUT方法全量更新用户信息。
使用约束
{id}必传,为用户的UUIDPUT为覆盖原有属性,需要传递完整的用户信息
字段验证规则与创建用户相同
请求示例
curl https://www.ctyun.cn/sso/api/scim/v2/Users/<userId> \
--header 'Authorization: Bearer <your_scim_credential>' \
--header "Content-Type: application/scim+json" \
-X PUT \
-d '{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
"userName": "user01",
"name": {
"formatted": "张三"
},
"displayName": "张三",
"emails": [
{
"value": "newemail@example.com",
"type": "work",
"primary": true
}
],
"active": true
}'返回示例
{
"id": "0241a77e-06ab-4214-b8b8-6721304bde8e",
"externalId": "external-001",
"meta": {
"resourceType": "User",
"created": "2025-10-20T01:26:50Z",
"lastModified": "2025-10-20T01:47:49.937Z",
"location": "/sso/api/scim/v2/Users/0241a77e-06ab-4214-b8b8-6721304bde8e"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "user01",
"name": {
"formatted": "张三",
"givenName": "张三"
},
"displayName": "张三",
"active": true,
"emails": [
{
"value": "newemail@example.com",
"type": "work",
"primary": true
}
],
"phoneNumbers": [
{
"value": "13800138000",
"type": "work"
}
]
}PATCH更新用户
功能描述
使用PATCH方法部分更新用户信息。
使用约束
{id}必传,为用户的UUID支持的操作:add、replace、remove
支持修改的字段:userName、active、externalId、displayName、name、emails、phoneNumbers、addresses等
remove操作仅支持phoneNumbers字段
remove操作不支持userName和active字段
请求示例
示例1:替换用户电话号码
curl https://www.ctyun.cn/sso/api/scim/v2/Users/<userId> \
--header 'Authorization: Bearer <your_scim_credential>' \
--header "Content-Type: application/scim+json" \
-X PATCH \
-d '{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [
{
"op": "replace",
"path": "phoneNumbers.value",
"value": "13900139000"
}
]
}'示例2:更新用户状态
curl https://www.ctyun.cn/sso/api/scim/v2/Users/<userId> \
--header 'Authorization: Bearer <your_scim_credential>' \
--header "Content-Type: application/scim+json" \
-X PATCH \
-d '{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [
{
"op": "replace",
"path": "active",
"value": false
}
]
}'示例3:移除电话号码
curl https://www.ctyun.cn/sso/api/scim/v2/Users/<userId> \
--header 'Authorization: Bearer <your_scim_credential>' \
--header "Content-Type: application/scim+json" \
-X PATCH \
-d '{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [
{
"op": "remove",
"path": "phoneNumbers.value"
}
]
}'返回示例
{
"id": "0241a77e-06ab-4214-b8b8-6721304bde8e",
"externalId": "external-001",
"meta": {
"resourceType": "User",
"created": "2025-10-20T01:26:50Z",
"lastModified": "2025-10-20T01:49:20.241Z",
"location": "/sso/api/scim/v2/Users/0241a77e-06ab-4214-b8b8-6721304bde8e"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "user01",
"name": {
"formatted": "张三",
"givenName": "张三"
},
"displayName": "张三",
"active": true,
"emails": [
{
"value": "newemail@example.com",
"type": "work",
"primary": true
}
],
"phoneNumbers": [
{
"value": "13900139000",
"type": "work"
}
]
}删除用户
功能描述
删除指定ID的用户(软删除)。
使用约束
{id}必传,为用户的UUID用户必须未绑定任何权限集,否则无法删除
删除用户时会同步移除用户的用户组关系
请求示例
curl https://www.ctyun.cn/sso/api/scim/v2/Users/<userId> \
--header 'Authorization: Bearer <your_scim_credential>' \
--header "Content-Type: application/scim+json" \
-X DELETE返回示例
HTTP状态码:204 No Content(删除成功时无返回内容)
用户组操作
创建用户组
功能描述
创建新用户组。
使用约束
displayName必填,为用户组名称用户组名称在账户下必须唯一
可以在创建时同时添加成员
请求示例
curl https://www.ctyun.cn/sso/api/scim/v2/Groups \
--header 'Authorization: Bearer <your_scim_credential>' \
--header "Content-Type: application/scim+json" \
-X POST \
-d '{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
"displayName": "开发组",
"members": [
{
"value": "b7609e24-974d-4c74-88b4-8b799234d224"
},
{
"value": "bed86aa3-d254-44ec-b9d7-91dc1f65208f"
}
]
}'返回示例
{
"id": "c5545d61-153f-4d44-a648-f0cb9d83218d",
"meta": {
"resourceType": "Group",
"created": "2025-10-20T01:53:36.768Z",
"lastModified": "2025-10-20T01:53:36.768Z",
"location": "/sso/api/scim/v2/Groups/c5545d61-153f-4d44-a648-f0cb9d83218d"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"displayName": "开发组"
}查询用户组
功能描述
根据ID查询指定用户组的详细信息,包含用户组中的用户信息。
使用约束
{id}必传,为用户组的UUID只能查询本账户下的用户组
请求示例
curl https://www.ctyun.cn/sso/api/scim/v2/Groups/<groupId> \
--header 'Authorization: Bearer <your_scim_credential>' \
--header "Content-Type: application/scim+json" \
-X GET返回示例
{
"id": "c5545d61-153f-4d44-a648-f0cb9d83218d",
"meta": {
"resourceType": "Group",
"created": "2025-10-20T01:53:37Z",
"lastModified": "2025-10-20T01:53:37Z",
"location": "/sso/api/scim/v2/Groups/c5545d61-153f-4d44-a648-f0cb9d83218d"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"displayName": "开发组"
}查询用户组列表
功能描述
按条件查询用户组信息或查询所有用户组列表。
使用约束
支持filter查询,filter仅支持
displayName和externalId字段的eq操作,支持and操作符startIndex起始索引,从1开始,默认值为1count每页数量,默认值为100,最大1000列表查询时,members字段为空数组,不返回成员信息
请求示例
示例1:查询所有用户组
curl 'https://www.ctyun.cn/sso/api/scim/v2/Groups?startIndex=1&count=10' \
--header 'Authorization: Bearer <your_scim_credential>' \
--header "Content-Type: application/scim+json" \
-X GET示例2:按displayName过滤查询
curl 'https://www.ctyun.cn/sso/api/scim/v2/Groups?filter=displayName+eq+%22开发组%22' \
--header 'Authorization: Bearer <your_scim_credential>' \
--header "Content-Type: application/scim+json" \
-X GET示例3:组合条件查询(使用and操作符)
curl 'https://www.ctyun.cn/sso/api/scim/v2/Groups?filter=displayName+eq+%22开发组%22+and+externalId+eq+%22external-group-001%22' \
--header 'Authorization: Bearer <your_scim_credential>' \
--header "Content-Type: application/scim+json" \
-X GET返回示例
{
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"totalResults": 1,
"itemsPerPage": 100,
"startIndex": 1,
"resources": [
{
"id": "c5545d61-153f-4d44-a648-f0cb9d83218d",
"meta": {
"resourceType": "Group",
"created": "2025-10-20T01:53:37Z",
"lastModified": "2025-10-20T01:53:37Z",
"location": "/sso/api/scim/v2/Groups/c5545d61-153f-4d44-a648-f0cb9d83218d"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"displayName": "开发组"
}
]
}更新用户组
功能描述
使用PUT方法全量更新用户组信息。
使用约束
{id}必传,为用户组的UUIDPUT为覆盖原有属性,包括成员列表
如果提供members列表,会先删除所有现有成员,再添加新成员
请求示例
curl https://www.ctyun.cn/sso/api/scim/v2/Groups/<groupId> \
--header 'Authorization: Bearer <your_scim_credential>' \
--header "Content-Type: application/scim+json" \
-X PUT \
-d '{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
"displayName": "开发组-更新",
"externalId": "external-group-001",
"members": [
{
"value": "u-00vrs1l19d6gbsi5****",
"$ref": "/scim/v2/Users/u-00vrs1l19d6gbsi5****",
"type": "User"
}
]
}'返回示例
{
"id": "c5545d61-153f-4d44-a648-f0cb9d83218d",
"externalId": "external-group-001",
"meta": {
"resourceType": "Group",
"created": "2025-10-20T01:53:37Z",
"lastModified": "2025-10-20T01:57:21.071Z",
"location": "/sso/api/scim/v2/Groups/c5545d61-153f-4d44-a648-f0cb9d83218d"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"displayName": "开发组-更新"
}PATCH更新用户组
功能描述
使用PATCH方法部分更新用户组信息。
使用约束
{id}必传,为用户组的UUID支持的操作:add、replace、remove
支持修改的字段:displayName、members、externalId
remove操作支持:
带value:选择性删除指定成员
不带value:删除所有成员
请求示例
示例1:向用户组添加成员
curl https://www.ctyun.cn/sso/api/scim/v2/Groups/<groupId> \
--header 'Authorization: Bearer <your_scim_credential>' \
--header "Content-Type: application/scim+json" \
-X PATCH \
-d '{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [
{
"op": "add",
"path": "members",
"value": [
{
"value": "u-00vrs1l19d6gbsi5****",
"$ref": "/scim/v2/Users/u-00vrs1l19d6gbsi5****",
"display": "用户01",
"type": "User"
}
]
}
]
}'示例2:从用户组移除指定成员
curl https://www.ctyun.cn/sso/api/scim/v2/Groups/<groupId> \
--header 'Authorization: Bearer <your_scim_credential>' \
--header "Content-Type: application/scim+json" \
-X PATCH \
-d '{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [
{
"op": "remove",
"path": "members",
"value": [
{
"value": "u-00vrs1l19d6gbsi5****"
}
]
}
]
}'示例3:移除用户组所有成员
curl https://www.ctyun.cn/sso/api/scim/v2/Groups/<groupId> \
--header 'Authorization: Bearer <your_scim_credential>' \
--header "Content-Type: application/scim+json" \
-X PATCH \
-d '{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [
{
"op": "remove",
"path": "members"
}
]
}'示例4:替换用户组名称
curl https://www.ctyun.cn/sso/api/scim/v2/Groups/<groupId> \
--header 'Authorization: Bearer <your_scim_credential>' \
--header "Content-Type: application/scim+json" \
-X PATCH \
-d '{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [
{
"op": "replace",
"path": "displayName",
"value": "新的组名"
}
]
}'返回示例
{
"id": "c5545d61-153f-4d44-a648-f0cb9d83218d",
"externalId": "external-group-001",
"meta": {
"resourceType": "Group",
"created": "2025-10-20T01:53:37Z",
"lastModified": "2025-10-20T01:58:45.150Z",
"location": "/sso/api/scim/v2/Groups/c5545d61-153f-4d44-a648-f0cb9d83218d"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
],
"displayName": "开发组-更新"
}删除用户组
功能描述
删除指定ID的用户组(软删除)。
使用约束
{id}必传,为用户组的UUID用户组下不能有关联的用户,必须先移除所有成员才能删除
请求示例
curl https://www.ctyun.cn/sso/api/scim/v2/Groups/<groupId> \
--header 'Authorization: Bearer <your_scim_credential>' \
--header "Content-Type: application/scim+json" \
-X DELETE返回示例
HTTP状态码:204 No Content(删除成功时无返回内容)
错误处理
错误响应格式
当请求失败时,返回SCIM标准错误格式:
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:Error"],
"status": 400,
"scimType": "invalidValue",
"detail": "用户名长度必须为1-32位"
}常见错误类型
| HTTP状态码 | scimType | 说明 |
|---|---|---|
| 400 | invalidValue | 请求参数值无效 |
| 400 | invalidSyntax | 请求格式错误 |
| 400 | invalidPath | PATCH操作path无效 |
| 400 | mutability | 尝试修改不可变字段 |
| 401 | 无 | 认证失败 |
| 404 | noTarget | 资源不存在 |
| 409 | uniqueness | 违反唯一性约束(如用户名已存在) |
| 500 | 无 | 内部服务器错误 |
字段验证规则
用户字段验证
| 字段 | 必填 | 类型 | 长度限制 | 格式要求 |
|---|---|---|---|---|
| userName | 是 | string | 1-32 | 无 |
| name.formatted | 是 | string | 1-16 | 无 |
| emails[].value | 是 | string | 1-256 | 必须符合邮箱格式 |
| phoneNumbers[].value | 否 | string | 11-30 | 必须是纯数字 |
| displayName | 否 | string | 最大255 | 无 |
| title | 否 | string | 最大255 | 无 |
| userType | 否 | string | 最大255 | 无 |
| addresses[].country | 否 | string | 最大255 | 无 |
| addresses[].region | 否 | string | 最大255 | 无 |
| addresses[].formatted | 否 | string | 最大512 | 无 |
| addresses[].streetAddress | 否 | string | 最大255 | 无 |
| active | 否 | boolean | - | true或false |
| externalId | 否 | string | 无 | 外部系统的唯一标识 |
用户组字段验证
| 字段 | 必填 | 类型 | 说明 |
|---|---|---|---|
| displayName | 是 | string | 用户组名称,账户下唯一 |
| externalId | 否 | string | 外部系统的唯一标识 |
| members | 否 | array | 用户组成员列表 |
| members.value | 否 | string | 成员的UUID |
| members.$ref | 否 | string | 成员的引用URI |
| members.type | 否 | string | 成员类型,固定为User |
注意:本文档基于SCIM 2.0规范(RFC 7644)编写,详细的协议说明请参考RFC 7644。
