PingDirectory API Reference

Group search configuration

Follow the steps below to configure the directory/proxy to use the SCIM2 API to search for groups or determine the members of a particular group.

  1. Create a SCIM Schema

dsconfig create-scim-schema --schema-name urn:pingidentity:schemas:Group:1.0 --set display-name:Group

  1. Create the SCIM Attributes

dsconfig create-scim-attribute --schema-name urn:pingidentity:schemas:Group:1.0 --attribute-name members --set type:complex

dsconfig create-scim-attribute --schema-name urn:pingidentity:schemas:Group:1.0 --attribute-name displayName

  1. Create the SCIM Subattribute

dsconfig create-scim-subattribute --schema-name urn:pingidentity:schemas:Group:1.0 --attribute-name members --subattribute-name value --set multi-valued:true

  1. Create the SCIM Resource Type

dsconfig create-scim-resource-type --type-name Groups --type ldap-mapping --set enabled:true --set endpoint:Groups --set structural-ldap-objectclass:groupOfNames --set include-base-dn:ou=Groups,dc=example,dc=com --set core-schema:urn:pingidentity:schemas:Group:1.0

  1. Create the SCIM Attribute Mappings

dsconfig create-scim-attribute-mapping --type-name Groups --mapping-name members --set scim-resource-type-attribute:members.value --set ldap-attribute:member --set searchable:true

dsconfig create-scim-attribute-mapping --type-name Groups --mapping-name displayName --set scim-resource-type-attribute:displayName --set ldap-attribute:cn

  1. Verify the configuration

Verify the configuration by querying the ResourceTypes endpoint using a GET request.

curl -k -X GET '{{apiPath}}/ResourceTypes' \
--header 'Authorization: {{accessToken}}' \
--header 'Accept: application/scim+json' \
--header 'Accept-Encoding: gzip, deflate' | jq

Sample response:

{
  "schemas": [
    "urn:ietf:params:scim:api:messages:2.0:ListResponse"
  ],
  "totalResults": 1,
  "Resources": [
    {
      "schemas": [
        "urn:ietf:params:scim:schemas:core:2.0:ResourceType"
      ],
      "id": "Groups",
      "name": "Groups",
      "endpoint": "Groups",
      "schema": "urn:pingidentity:schemas:Group:1.0",
      "meta": {
        "resourceType": "ResourceType",
        "location": "\https://example.com/scim/v2/ResourceTypes/Groups"
      }
    }
  ]
}