SCIM Users

A SCIM user reflects the description in RFC 7644 and relies on the SCIM resource mapping defined in the response to Read SCIM2 Schemas. This is in contrast to Direct-mapped Users, where the attribute data of direct-mapped users is given in the same scheme as the PingOne API.

SCIM user data model

When this data model is used with the PingOne SCIM API, the PingOne user data model is required to extend this data model with a required attribute.

Property Type Required? Mutable? Description

Property	Type	Required?	Mutable?	Description
`active`	Boolean	Optional	Mutable	Whether the user is enabled. This attribute is set to `true` by default when the user is created.
`addresses`	Object	Optional	Mutable	A JSON object that contains a set of data pertaining to the user’s address. The PingOne SCIM API only allows a single value to be provided.
`addresses.countryCode`	String	Optional	Mutable	Country name of the address. When specified, the value must be in ISO 3166-1 Alpha-2 code format; such as: `US` (United States) or `SE` (Sweden).
`addresses.locality`	String	Optional	Mutable	City or locality of the address.
`addresses.postalCode`	String	Optional	Mutable	ZIP Code or postal code of the address.
`addresses.region`	String	Optional	Mutable	State or region of the address.
`addresses.streetAddress`	String	Optional	Mutable	Full street address, which may include house number, street name, P.O. box, and multi-line extended street address information. Can contain newlines.
`created`	String	N/A	Read-only	Date and time at which the user was created.
`emails`	String	Optional	Mutable	User’s email address.
`externalId`	String	Optional	Mutable	Identifier (UUID) for the user as defined by the provisioning client. Can be explicitly set to null when updating a user to unset it. Can simplify the correlation of the user in PingOne with the user’s account in another system of record. The platform does not use this directly in any way, but it is used by Ping Identity’s Data Sync product.
`id`	String	N/A	Read-only	Identifier (UUID) of the user.
`lastModified`	String	N/A	Read-only	Date and time the user was last modified. Can be null.
`locale`	String	Optional	Mutable	User’s default location. Can be explicitly set to null when updating a user to unset it. This is used for purposes of localizing such items as currency, date time format, or numerical representations. If provided, a valid value is a language tag as defined in RFC 5646. For example: fr, `en-US`, `es-419`, `az-Arab`, `man-Nkoo-GN`.
`meta`	Object	N/A	Read-only	This information is assembled by the PingOne SCIM API itself. All sub-attributes have a mutability of Read-only. This attribute should be ignored when it is provided by clients.
`meta.created`	DateTime	N/A	Read-only	The timestamp for when the resource was created.
`meta.lastModified`	DateTime	N/A	Read-only	The timestamp for when the resource was last updated.
`meta.location`	String	N/A	Read-only	A URI indicating the path to the SCIM resource.
`meta.resourceType`	String	N/A	Read-only	Type of the SCIM resource, such as `User` or `Group`.
`name`	Object	Optional	Mutable	A JSON object containing components of a user’s name.
`name.familyName`	String	Optional	Mutable	Family name of the user, or last in most Western languages (for example, 'Jensen' given the full name 'Ms. Barbara J Jensen, III'). Can be explicitly set to null when updating a name to unset it. Valid characters consists of any Unicode letter, mark (such as accent, umlaut), math symbol, numeric character, or punctuation. Can contain no more than 256 characters.
`name.formatted`	String	Optional	Mutable	Fully formatted name of the user (for example 'Ms. Barbara J Jensen, III'). Can be explicitly set to null when updating a name to unset it.
`name.givenName`	String	Optional	Mutable	Given name of the user, or first name in most Western languages (for example, 'Barbara' given the full name 'Ms. Barbara J Jensen, III'). Can be explicitly set to null when updating a name to unset it. Valid characters consists of any Unicode letter, mark (such as accent, umlaut), math symbol, numeric character, or punctuation. Can contain no more than 256 characters.
`name.honorificPrefix`	String	Optional	Mutable	Honorific prefix of the user (can contain more than one), or title in most Western languages (such as, 'Ms.' given the full name 'Ms. Barbara Jane Jensen, III'). Can be explicitly set to null when updating a name to unset it.
`name.honorificSuffix`	String	Optional	Mutable	Honorific suffix (can contain more than one) of the user, or suffix in most Western languages (such as, 'III' given the full name 'Ms. Barbara Jane Jensen, III'). Can be explicitly set to null when updating a name to unset it.
`name.middleName`	String	Optional	Mutable	Middle name (can contain more than one) of the user (such as 'Jane' given the full name 'Ms. Barbara Jane Jensen, III'). Can be explicitly set to null when updating a name to unset it. Valid characters consists of any Unicode letter, mark (such as accent, umlaut), math symbol, numeric character, or punctuation. Can contain no more than 256 characters.
`nickname`	String	Optional	Mutable	User’s nickname. Can be explicitly set to null when updating a user to unset it. Valid characters consists of any Unicode letter, mark (such as accent, umlaut), math symbol, numeric character, or punctuation. Can contain no more than 256 characters.
`password`	String	Optional	Mutable	The password of the user. The PingOne SCIM API will never return this attribute under any circumstances or in any form, hashed or otherwise.
`phoneNumbers`	String	Optional	Mutable	The phone numbers of the user. The specification says that this SHOULD be specified in the form of RFC 3966 (for example, `1-201-555-0123`), but the PingOne SCIM API accepts telephone numbers as they are provided. Any telephone number is passed to the PingOne API, which decides if the phone number is in an acceptable form. PingOne supports a separate `mobilePhone` attribute, but the PingOne SCIM API only allows one number, which reflects the value of `primaryPhone`. Refer to PingOne SCIM API constraints for more details.
`photos.href`	String	Optional	Mutable	URL that points to a resource location representing the user’s image. Can be removed from a user by setting the photo attribute to null. If provided, the resource must be a file (such as a GIF, JPEG, or PNG image file) rather than a web page containing an image and must have a scheme (protocol) of `http` or `https`.
`preferredLanguage`	String	Optional	Mutable	User’s preferred written or spoken languages. Can be explicitly set to null when updating a user to unset it. If provided, the format of the value is the same as the HTTP Accept-Language header field (not including 'Accept-Language:') as specified in Section 5.3.5 of RFC 7231.
`timezone`	String	Optional	Mutable	User’s time zone. Can be explicitly set to null when updating a user to unset it. If provided, it must conform with the IANA Time Zone database format RFC 6557, for example: 'America/Los_Angeles'.
`title`	String	Optional	Mutable	User’s title, such as 'Vice President'. Can be explicitly set to null when updating a user to unset it.
`urn:pingidentity:` `schemas:extension:2.0:` `PingOneUser.population.id`	String	Optional	Mutable	Identifier (UUID) of the population with which the uesr is associated. Optional if the PingOne environment defines a default population, otherwise required.
`username`	String	Required	Immutable	Username, which must be provided and must be unique within an environment. The username must be a string of any Unicode letter, mark (such as accent, umlaut), math symbol, numeric character, or punctuation. Can contain no more than 128 characters.

active

Boolean

Optional

Mutable

Whether the user is enabled. This attribute is set to true by default when the user is created.

addresses

Object

Optional

Mutable

A JSON object that contains a set of data pertaining to the user’s address. The PingOne SCIM API only allows a single value to be provided.

addresses.countryCode

String

Optional

Mutable

Country name of the address. When specified, the value must be in ISO 3166-1 Alpha-2 code format; such as: US (United States) or SE (Sweden).

addresses.locality

String

Optional

Mutable

City or locality of the address.

addresses.postalCode

String

Optional

Mutable

ZIP Code or postal code of the address.

addresses.region

String

Optional

Mutable

State or region of the address.

addresses.streetAddress

String

Optional

Mutable

Full street address, which may include house number, street name, P.O. box, and multi-line extended street address information. Can contain newlines.

created

String

N/A

Read-only

Date and time at which the user was created.

emails

String

Optional

Mutable

User’s email address.

externalId

String

Optional

Mutable

Identifier (UUID) for the user as defined by the provisioning client. Can be explicitly set to null when updating a user to unset it. Can simplify the correlation of the user in PingOne with the user’s account in another system of record. The platform does not use this directly in any way, but it is used by Ping Identity’s Data Sync product.

id

String

N/A

Read-only

Identifier (UUID) of the user.

lastModified

String

N/A

Read-only

Date and time the user was last modified. Can be null.

locale

String

Optional

Mutable

User’s default location. Can be explicitly set to null when updating a user to unset it. This is used for purposes of localizing such items as currency, date time format, or numerical representations. If provided, a valid value is a language tag as defined in RFC 5646. For example: fr, en-US, es-419, az-Arab, man-Nkoo-GN.

meta

Object

N/A

Read-only

This information is assembled by the PingOne SCIM API itself. All sub-attributes have a mutability of Read-only. This attribute should be ignored when it is provided by clients.

meta.created

DateTime

N/A

Read-only

The timestamp for when the resource was created.

meta.lastModified

DateTime

N/A

Read-only

The timestamp for when the resource was last updated.

meta.location

String

N/A

Read-only

A URI indicating the path to the SCIM resource.

meta.resourceType

String

N/A

Read-only

Type of the SCIM resource, such as User or Group.

name

Object

Optional

Mutable

A JSON object containing components of a user’s name.

name.familyName

String

Optional

Mutable

Family name of the user, or last in most Western languages (for example, 'Jensen' given the full name 'Ms. Barbara J Jensen, III'). Can be explicitly set to null when updating a name to unset it. Valid characters consists of any Unicode letter, mark (such as accent, umlaut), math symbol, numeric character, or punctuation. Can contain no more than 256 characters.

name.formatted

String

Optional

Mutable

Fully formatted name of the user (for example 'Ms. Barbara J Jensen, III'). Can be explicitly set to null when updating a name to unset it.

name.givenName

String

Optional

Mutable

Given name of the user, or first name in most Western languages (for example, 'Barbara' given the full name 'Ms. Barbara J Jensen, III'). Can be explicitly set to null when updating a name to unset it. Valid characters consists of any Unicode letter, mark (such as accent, umlaut), math symbol, numeric character, or punctuation. Can contain no more than 256 characters.

name.honorificPrefix

String

Optional

Mutable

Honorific prefix of the user (can contain more than one), or title in most Western languages (such as, 'Ms.' given the full name 'Ms. Barbara Jane Jensen, III'). Can be explicitly set to null when updating a name to unset it.

name.honorificSuffix

String

Optional

Mutable

Honorific suffix (can contain more than one) of the user, or suffix in most Western languages (such as, 'III' given the full name 'Ms. Barbara Jane Jensen, III'). Can be explicitly set to null when updating a name to unset it.

name.middleName

String

Optional

Mutable

Middle name (can contain more than one) of the user (such as 'Jane' given the full name 'Ms. Barbara Jane Jensen, III'). Can be explicitly set to null when updating a name to unset it. Valid characters consists of any Unicode letter, mark (such as accent, umlaut), math symbol, numeric character, or punctuation. Can contain no more than 256 characters.

nickname

String

Optional

Mutable

User’s nickname. Can be explicitly set to null when updating a user to unset it. Valid characters consists of any Unicode letter, mark (such as accent, umlaut), math symbol, numeric character, or punctuation. Can contain no more than 256 characters.

password

String

Optional

Mutable

The password of the user. The PingOne SCIM API will never return this attribute under any circumstances or in any form, hashed or otherwise.

phoneNumbers

String

Optional

Mutable

The phone numbers of the user. The specification says that this SHOULD be specified in the form of RFC 3966 (for example, 1-201-555-0123), but the PingOne SCIM API accepts telephone numbers as they are provided. Any telephone number is passed to the PingOne API, which decides if the phone number is in an acceptable form. PingOne supports a separate mobilePhone attribute, but the PingOne SCIM API only allows one number, which reflects the value of primaryPhone. Refer to PingOne SCIM API constraints for more details.

photos.href

String

Optional

Mutable

URL that points to a resource location representing the user’s image. Can be removed from a user by setting the photo attribute to null. If provided, the resource must be a file (such as a GIF, JPEG, or PNG image file) rather than a web page containing an image and must have a scheme (protocol) of http or https.

preferredLanguage

String

Optional

Mutable

User’s preferred written or spoken languages. Can be explicitly set to null when updating a user to unset it. If provided, the format of the value is the same as the HTTP Accept-Language header field (not including 'Accept-Language:') as specified in Section 5.3.5 of RFC 7231.

timezone

String

Optional

Mutable

User’s time zone. Can be explicitly set to null when updating a user to unset it. If provided, it must conform with the IANA Time Zone database format RFC 6557, for example: 'America/Los_Angeles'.

title

String

Optional

Mutable

User’s title, such as 'Vice President'. Can be explicitly set to null when updating a user to unset it.

urn:pingidentity:
schemas:extension:2.0:
PingOneUser.population.id

String

Optional

Mutable

Identifier (UUID) of the population with which the uesr is associated. Optional if the PingOne environment defines a default population, otherwise required.

username

String

Required

Immutable

Username, which must be provided and must be unique within an environment. The username must be a string of any Unicode letter, mark (such as accent, umlaut), math symbol, numeric character, or punctuation. Can contain no more than 128 characters.

PingOne user data model

When SCIM user data model is used with this service, this data model is required to extend that data model with a required attribute. It is referenced by its URN, urn:pingidentity:schemas:extension:2.0:PingOneUser, from the schema.

Property Type Required? Mutable? Description

Property	Type	Required?	Mutable?	Description
`population.id`	String	Required/Optional	Immutable	Identifier (UUID) for the population in which the user’s identity exists. Optional if the PingOne environment defines a default population, otherwise required.

population.id

String

Required/Optional

Immutable

Identifier (UUID) for the population in which the user’s identity exists. Optional if the PingOne environment defines a default population, otherwise required.

SCIM user search data model

Property Type Required? Mutable? Description

Property	Type	Required?	Mutable?	Description
`filter`	String	Optional	Mutable	A SCIM query. For information about SCIM syntax and operators, refer to Filtering collections.
`count`	Integer	Optional	Mutable	Maximum number of users to return.

filter

String

Optional

Mutable

A SCIM query. For information about SCIM syntax and operators, refer to Filtering collections.

count

Integer

Optional

Mutable

Maximum number of users to return.

PingOne Platform APIs

SCIM Users

SCIM user data model

PingOne user data model

SCIM user search data model