本文為您介紹雲SSO提供的SCIM 2.0介面,聲明了支援範圍和限制條件。如果自建IdP需要整合SCIM協議將使用者或使用者組同步到雲SSO時,需要關注本文檔。使用各身份供應商(例如:Okta、Azure AD等)提供的SCIM同步能力時,通常不需要關注本文檔。
使用說明
SCIM 2.0介面的實現遵循RFC 7644,具體請求說明請參見RFC文檔,具體的結構實現請參見SCIM Schemas。
存取點和地區
SCIM服務對應的存取點(Endpoint):https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/
已部署雲SSO的地區ID(regionId):服務存取點
SCIM 2.0介面總覽
SCIM 2.0介面如下表所示。調用SCIM介面時,請根據實際情況將<regionId>替換為雲SSO目錄所在的地區,將<your scim credential>替換為您的SCIM密鑰。
分類 | SCIM 2.0介面 | 支援情況 | 功能描述 |
Discovery Endpoint | 支援 | 擷取服務端支援的功能。 | |
支援 | 擷取服務端支援的資源類型,返回User和Group。 | ||
支援 | 擷取服務端支援的Schema,返回User和Group的詳細Schema。 | ||
/Users | 支援 | 同步處理的使用者。 | |
支援 | 查詢指定ID的使用者。 | ||
支援 | 按條件查詢使用者資訊或查詢所有使用者列表。 不指定filter時,返回所有使用者,最多100條,支援分頁。 | ||
支援 | 替換指定ID的使用者資訊。 | ||
支援 | 更新指定ID的使用者資訊。 | ||
支援 | 刪除指定ID的使用者。 | ||
/Groups | 支援 | 同步處理的使用者組。 | |
支援 | 查詢指定ID的使用者組,包含使用者組中的使用者資訊。 | ||
支援 | 按條件查詢使用者組資訊或查詢所有使用者組列表。 不指定filter時,返回所有使用者組列表但不返回使用者組中的使用者資訊,最多100條,支援分頁。 | ||
支援 | 替換使用者組資訊。 | ||
支援 | 更新使用者組資訊。 | ||
支援 | 刪除指定ID的使用者組。 | ||
/Me | 無 | 不支援 | 無 |
/Bulk | 無 | 不支援 | 無 |
/.Search | 無 | 不支援 | 無 |
Discovery Endpoint
/ServiceProviderConfig
功能描述
擷取服務端支援的功能。
使用約束
不需要認證。
請求樣本
curl https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/ServiceProviderConfig -H "Content-type:application/json"返回樣本
{
"authenticationSchemes": [
{
"description": "Authentication scheme using the OAuth Bearer Token Standard",
"name": "OAuth Bearer Token",
"primary": true,
"type": "oauthbearertoken"
}
],
"bulk": {
"maxOperations": 0,
"maxPayloadSize": 0,
"supported": false
},
"changePassword": {
"supported": false
},
"etag": {
"supported": false
},
"filter": {
"maxResults": 1000,
"supported": false
},
"patch": {
"supported": true
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"
],
"sort": {
"supported": false
}
}返回結果顯示:
支援的功能:patch。
不支援的功能:bulk、changePassword、sort、etag、filter。
/ResourceTypes
功能描述
擷取服務端支援的資源類型,返回User和Group。
請求樣本
curl https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/ResourceTypes --header 'Authorization: Bearer <your scim credential>' --header "content-type:application/json"返回樣本
{
"Resources": [
{
"description": "Group",
"endpoint": "/Groups",
"id": "Group",
"meta": {
"location": "https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/ResourceTypes/Group",
"resourceType": "ResourceType"
},
"name": "Group",
"schema": "urn:ietf:params:scim:schemas:core:2.0:Group",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
]
},
{
"description": "User Account",
"endpoint": "/Users",
"id": "User",
"meta": {
"location": "https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/ResourceTypes/User",
"resourceType": "ResourceType"
},
"name": "User",
"schema": "urn:ietf:params:scim:schemas:core:2.0:User",
"schemaExtensions": [
{
"required": false,
"schema": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
}
],
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
]
}
],
"itemsPerPage": 10,
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"startIndex": 1,
"totalResults": 2
}/Schemas
功能描述
擷取服務端支援的Schema,返回User和Group的詳細Schema。
使用約束
支援按資源類型查詢。
對協議中約定的欄位名和欄位值不區分大小寫。
只支援下文文檔描述的欄位。
請求樣本
請求所有資源Schema
curl https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Schemas --header 'Authorization: Bearer <your scim credential>' --header "content-type:application/json"
請求使用者資源Schema
curl https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:User --header 'Authorization: Bearer <your scim credential>' --header "content-type:application/json"
請求使用者組資源Schema
curl https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:Group --header 'Authorization: Bearer <your scim credential>' --header "content-type:application/json"返回樣本
使用者資源Schema
{
"attributes": [
{
"caseExact": true,
"description": "A Boolean value indicating the User's administrative status.",
"multiValued": false,
"mutability": "readWrite",
"name": "active",
"required": false,
"returned": "default",
"type": "boolean",
"uniqueness": "none"
},
{
"caseExact": false,
"description": "The name of the User, suitable for display to end-users. The name SHOULD be the full name of the User being described if known.",
"multiValued": false,
"mutability": "readWrite",
"name": "displayName",
"required": false,
"returned": "default",
"type": "string",
"uniqueness": "none"
},
{
"caseExact": true,
"description": "E-mail addresses for the user. The value SHOULD be canonicalized by the Service Provider, e.g., bjensen@example.com instead of bjensen@EXAMPLE.COM. Canonical Type values of work, home, and other.",
"multiValued": true,
"mutability": "readWrite",
"name": "emails",
"required": false,
"returned": "default",
"subAttributes": [
{
"caseExact": false,
"description": "A human readable name, primarily used for display purposes.",
"multiValued": false,
"mutability": "readWrite",
"name": "display",
"required": false,
"returned": "default",
"type": "string",
"uniqueness": "none"
},
{
"caseExact": true,
"description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred mailing address or primary e-mail address. The primary attribute value 'true' MUST appear no more than once.",
"multiValued": false,
"mutability": "readWrite",
"name": "primary",
"required": false,
"returned": "default",
"type": "boolean",
"uniqueness": "none"
},
{
"canonicalValues": [
"other",
"work",
"home"
],
"caseExact": false,
"description": "A label indicating the attribute's function; e.g., 'work' or 'home'.",
"multiValued": false,
"mutability": "readWrite",
"name": "type",
"required": false,
"returned": "default",
"type": "string",
"uniqueness": "none"
},
{
"caseExact": false,
"description": "E-mail addresses for the user. The value\nSHOULD be canonicalized by the Service Provider, e.g.\nbjensen@example.com instead of bjensen@EXAMPLE.COM. Canonical Type\nvalues of work, home, and other.",
"multiValued": false,
"mutability": "readWrite",
"name": "value",
"required": false,
"returned": "default",
"type": "string",
"uniqueness": "none"
}
],
"type": "complex",
"uniqueness": "none"
},
{
"caseExact": true,
"description": "The components of the user's real name.",
"multiValued": false,
"mutability": "readWrite",
"name": "name",
"required": false,
"returned": "default",
"subAttributes": [
{
"caseExact": false,
"description": "The family name of the User, or Last Name in most Western languages (for example, Jensen given the full name Ms. Barbara J Jensen, III.).",
"multiValued": false,
"mutability": "readWrite",
"name": "familyName",
"required": false,
"returned": "default",
"type": "string",
"uniqueness": "none"
},
{
"caseExact": false,
"description": "The given name of the User, or First Name in most Western languages (for example, Barbara given the full name Ms. Barbara J Jensen, III.).",
"multiValued": false,
"mutability": "readWrite",
"name": "givenName",
"required": false,
"returned": "default",
"type": "string",
"uniqueness": "none"
},
{
"caseExact": false,
"description": "The middle name(s) of the User (for example, Robert given the full name Ms. Barbara J Jensen, III.).",
"multiValued": false,
"mutability": "readWrite",
"name": "middleName",
"required": false,
"returned": "default",
"type": "string",
"uniqueness": "none"
}
],
"type": "complex",
"uniqueness": "none"
},
{
"caseExact": false,
"description": "Unique identifier for the User typically used by the user to directly authenticate to the service provider.",
"multiValued": false,
"mutability": "readWrite",
"name": "userName",
"required": true,
"returned": "default",
"type": "string",
"uniqueness": "server"
}
],
"description": "User Account",
"endpoint": "/Users",
"extensionSchemas": [
{
"required": false,
"schema": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
}
],
"id": "urn:ietf:params:scim:schemas:core:2.0:User",
"meta": {
"location": "https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:User",
"resourceType": "Schema"
},
"name": "User",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
]
}使用者組資源Schema
{
"attributes": [
{
"caseExact": false,
"description": "A human-readable name for the Group.",
"multiValued": false,
"mutability": "readWrite",
"name": "displayName",
"required": true,
"returned": "default",
"type": "string",
"uniqueness": "server"
},
{
"caseExact": true,
"description": "A list of members of the Group.",
"multiValued": true,
"mutability": "readWrite",
"name": "members",
"required": false,
"returned": "default",
"subAttributes": [
{
"caseExact": false,
"description": "A human readable name, primarily used for display purposes.",
"multiValued": false,
"mutability": "immutable",
"name": "display",
"required": false,
"returned": "default",
"type": "string",
"uniqueness": "none"
},
{
"caseExact": true,
"description": "The URI of the member resource.",
"multiValued": false,
"mutability": "immutable",
"name": "ref",
"referenceTypes": [
"User"
],
"required": true,
"returned": "default",
"type": "reference",
"uniqueness": "none"
},
{
"caseExact": false,
"description": "The identifier of a group member.",
"multiValued": false,
"mutability": "immutable",
"name": "value",
"required": true,
"returned": "default",
"type": "string",
"uniqueness": "none"
}
],
"type": "complex",
"uniqueness": "none"
}
],
"description": "Group",
"endpoint": "/Groups",
"id": "urn:ietf:params:scim:schemas:core:2.0:Group",
"meta": {
"location": "https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:Group",
"resourceType": "Schema"
},
"name": "Group",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Schema"
]
}/Users
POST /Users
功能描述
同步處理的使用者。
使用約束
欄位參考Schema返回結果裡聲明的定義。
如果雲SSO中存在同名的手動方式建立的使用者,則會將該手動使用者更改為SCIM同步處理的使用者。
請求樣本
curl https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Users --header 'Authorization: Bearer <your scim credential>' --header "content-type:application/json" -X POST -d '<data>'其中,data結構樣本如下:
{
"displayName": "<user display name>",
"emails": [
{
"primary": true,
"type": "work",
"value": "<user email>"
}
],
"externalId": "<external Id>",
"name": {
"familyName": "<user family name>",
"givenName": "<user given name>"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "<user name>"
}返回樣本
{
"active": true,
"displayName": "<user display name>",
"emails":
[
{
"primary": true,
"type": "work",
"value": "<user email>"
}
],
"externalId": "<external Id>",
"id": "u-00vrs1l19d6gbsi5****",
"meta":
{
"created": "2023-08-01T13:16:30.000Z",
"lastModified": "2023-08-01T13:16:30.000Z",
"location": "https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Users/u-00vrs1l19d6gbsi5****",
"resourceType": "User"
},
"name":
{
"familyName": "<user family name>",
"givenName": "<user given name>"
},
"schemas":
[
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "<user name>"
}GET /Users/{id}和GET /Users
功能描述
GET /Users/{id}:查詢指定ID的使用者。
GET /Users:按條件查詢使用者資訊或查詢所有使用者列表。
使用約束
如果帶/{id},則返回該ID對應的使用者。如果{id}不是已存在的使用者,則拒絕請求。
如果不帶/{id}且有filter,則過濾相應的使用者返回,filter只支援externalId和userName欄位,且只支援eq和and操作符。
如果不帶/{id}且沒有filter,則返回所有使用者列表,支援SCIM協議的標準分頁方式,每頁最多返回100條記錄,如果記錄條數大於100(count>100),則按100處理。
僅能查詢被同步的使用者。
樣本1:查詢指定ID的使用者
請求樣本
curl https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Users/<userId> --header 'Authorization: Bearer <your scim credential>' --header "content-type:application/json" -X GET返回樣本
{
"active": true,
"displayName": "<user display name>",
"emails":
[
{
"primary": true,
"type": "work",
"value": "<user email>"
}
],
"externalId": "<external Id>",
"id": "u-00vrs1l19d6gbsi5****",
"meta":
{
"created": "2023-08-01T13:16:30.000Z",
"lastModified": "2023-08-01T13:16:30.000Z",
"location": "https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Users/u-00vrs1l19d6gbsi5****",
"resourceType": "User"
},
"name":
{
"familyName": "<user family name>",
"givenName": "<user given name>"
},
"schemas":
[
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "<user name>"
}樣本2:按條件查詢使用者資訊或查詢所有使用者列表
請求樣本
curl https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Users<?parameters> --header 'Authorization: Bearer <your scim credential>' --header "content-type:application/json" -X GET其中,parameters支援列表如下:
參數名 | 取值說明 | 樣本 |
filter | 僅支援userName、externalId、id的eq運算式。 |
|
startIndex | 可置空,預設值為1,表示標號。 | startIndex=1 |
count | 可置空,預設值為10,表示每頁使用者個數。 | count=10 |
返回樣本
{
"Resources":
[
{
"active": true,
"displayName": "<user display name>",
"emails":
[
{
"primary": true,
"type": "work",
"value": "<user email>"
}
],
"externalId": "external****",
"id": "u-0015b4962vrywtzb****",
"meta":
{
"created": "2023-07-07T17:21:07.000Z",
"lastModified": "2023-07-07T17:21:07.000Z",
"resourceType": "User"
},
"name":
{
"familyName": "<user family name>",
"givenName": "<user given name>"
},
"schemas":
[
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "<user name>"
},
{
"active": true,
"displayName": "<user display name>",
"emails":
[
{
"primary": true,
"type": "work",
"value": "<user email>"
}
],
"externalId": "<external Id>",
"id": "u-00vrs1l19d6gbsi5****",
"meta":
{
"created": "2023-08-01T13:16:30.000Z",
"lastModified": "2023-08-01T13:16:30.000Z",
"resourceType": "User"
},
"name":
{
"familyName": "<user family name>",
"givenName": "<user given name>"
},
"schemas":
[
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "<user name>"
}
],
"itemsPerPage": 10,
"schemas":
[
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"startIndex": 1,
"totalResults": 2
}PUT /Users/{id}和PATCH /Users/{id}
描述
PUT /Users/{id}:替換使用者資訊。
PATCH /Users/{id} :更新使用者資訊。
使用約束
{id}必傳,修改的欄位範圍為Schema中定義的欄位。
PUT為覆蓋原有屬性。
Patch支援Add、Replace和Remove。
僅能修改被同步的使用者。
請求樣本
替換使用者資訊(PUT)
curl https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Users/<userId> --header 'Authorization: Bearer <your scim credential>' --header "content-type:application/json" -X PUT -d '<data>'其中,data結構樣本如下:
{
"active": false,
"externalId": "<external Id>",
"id": "<user id>",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "<user name>"
}更新使用者資訊(PATCH)
curl https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Users/<userId> --header 'Authorization: Bearer <your scim credential>' --header "content-type:application/json" -X PATCH -d '<data>'其中,data結構樣本如下:
//remove操作
{
"Operations": [
{
"op": "remove",
"path": "displayName"
}
],
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
]
}
// replace操作
{
"Operations": [
{
"op": "replace",
"path": "",
"value": {
"active": false,
"displayName": "displayName",
"name": {
"familyName": "familyName",
"givenName": "givenName"
}
}
}
],
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
]
}
// add操作
{
"Operations": [
{
"op": "add",
"path": "",
"value": {
"displayName": "displayName",
"name": {
"familyName": "familyName",
"givenName": "givenName"
}
}
}
],
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
]
}DELETE /Users/{id}
功能描述
刪除指定ID的使用者。
使用約束
{id}必傳。
僅能刪除被同步的使用者。
請求樣本
curl https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Users/<userId> --header 'Authorization: Bearer <your scim credential>' --header "content-type:application/json" -X DELETE/Group
POST /Groups
功能描述
同步處理的使用者組。
使用約束
欄位限制參考Schema描述。
如果雲SSO中存在同名的手動方式建立的使用者組,則會將該手動的使用者組更改為SCIM同步的使用者組。
請求樣本
curl https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Groups --header 'Authorization: Bearer <your scim credential>' --header "content-type:application/json" -X POST -d '<data>'其中,data結構樣本如下:
{
"displayName": "<group name>",
"externalId": "<external Id>",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
]
}返回樣本
{
"displayName": "<group name>",
"externalId": "<external Id>",
"id": "g-00nqnd7hoevd1unv****",
"members":
[],
"meta":
{
"created": "2023-08-01T13:30:23.000Z",
"lastModified": "2023-08-01T13:30:23.000Z",
"location": "https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Groups/g-00nqnd7hoevd1unv****",
"resourceType": "Group"
},
"schemas":
[
"urn:ietf:params:scim:schemas:core:2.0:Group"
]
}GET /Groups/{id}和GET /Groups
功能描述
GET /Groups/{id}:查詢指定ID的使用者組。
GET /Groups:按條件查詢使用者組資訊或查詢所有使用者組列表。
使用約束
支援使用id查詢和filter查詢。
filter只支援externalId和displayName欄位,且只支援eq和and操作符。
如果帶/{id},則返回該ID對應的使用者組,且包含members參數值,如果{id}不是已存在的使用者組,則拒絕請求。
如果不帶/{id}且沒有filter,則返回所有使用者組列表,且members的值為空白(即列表方法不返回members)。支援SCIM協議的標準分頁方式,最多返回100條記錄,如果記錄條數大於100(count>100),按100處理。
僅能查詢被同步的使用者組。
樣本1:查詢指定ID的使用者組
請求樣本
curl https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Groups/<groupId> --header 'Authorization: Bearer <your scim credential>' --header "content-type:application/json" -X GET返回樣本
{
"displayName": "<group name>",
"externalId": "<external Id>",
"id": "g-00nqnd7hoevd1unv****",
"members":
[
{
"$ref": "https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Users/u-00vrs1l19d6gbsi5****",
"display": "",
"value": "u-00vrs1l19d6gbsi5****"
}
],
"meta":
{
"created": "2023-08-01T13:30:23.000Z",
"lastModified": "2023-08-01T13:30:23.000Z",
"location": "https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Groups/g-00nqnd7hoevd1unv****",
"resourceType": "Group"
},
"schemas":
[
"urn:ietf:params:scim:schemas:core:2.0:Group"
]
}樣本2:按條件查詢使用者組資訊或查詢所有使用者組列表
請求樣本
curl https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Groups<?parameters> --header 'Authorization: Bearer <your scim credential>' --header "content-type:application/json" -X GET其中,parameter支援列表如下:
參數名 | 取值說明 | 樣本 |
filter | 僅支援displayName、externalId、id的eq運算式。 |
|
startIndex | 可置空,預設值為1,表示標號。 | startIndex=1 |
count | 可置空,預設值為10,表示每頁使用者組個數。 | count=10 |
返回樣本
{
"Resources":
[
{
"displayName": "<group name>",
"externalId": "<external Id>",
"id": "g-00nqnd7hoevd1unv****",
"members":
[],
"meta":
{
"created": "2023-08-01T13:30:23.000Z",
"lastModified": "2023-08-01T13:30:23.000Z",
"resourceType": "Group"
},
"schemas":
[
"urn:ietf:params:scim:schemas:core:2.0:Group"
]
}
],
"itemsPerPage": 10,
"schemas":
[
"urn:ietf:params:scim:api:messages:2.0:ListResponse"
],
"startIndex": 1,
"totalResults": 1
}PUT /Groups/{id}和PATCH /Groups/{id}
功能描述
PUT /Groups/{id}:替換使用者組資訊。
PATCH /Groups/{id}:更新使用者組資訊。
使用約束
{id}必傳,修改的欄位範圍為Schema中定義的欄位。
PUT為覆蓋原有屬性,支援替換member。
Patch支援Add、Replace和Remove。
僅能修改被同步的使用者組。
請求樣本
替換使用者組資訊(PUT)
curl https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Groups/<groupId> --header 'Authorization: Bearer <your scim credential>' --header "content-type:application/json" -X PUT -d '<data>'其中,data結構樣本如下:
{
"displayName": "<group name>",
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
]
}更新使用者組資訊(PATCH)
curl https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Groups/<groupId> --header 'Authorization: Bearer <your scim credential>' --header "content-type:application/json" -X PATCH -d '<data>'其中,data結構樣本如下:
//從<groupId>對應的組內移除指定的使用者<userId>
{
"Operations": [
{
"op": "remove",
"path": "members",
"value": [
{
"value": "<userId>"
}
]
}
],
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
]
}
//從<groupId>對應的組內移除所有使用者
{
"Operations": [
{
"op": "remove",
"path": "members"
}
],
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
]
}
//向<groupId>對應的組內添加3個使用者
{
"Operations": [
{
"op": "add",
"path": "members",
"value": [
{
"$ref": "https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Users/<userId1>",
"display": "<userName1>",
"value": "<userId1>"
},
{
"$ref": "https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Users/<userId2>",
"display": "<userName2>",
"value": "<userId2>"
},
{
"$ref": "https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Users/<userId3>",
"display": "<userName3>",
"value": "<userId3>"
}
]
}
],
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
]
}DELETE /Groups/{id}
功能描述
刪除指定ID的使用者組。
使用約束
{id}必傳。
存在member的時候會同步移除member。
僅能刪除被同步的使用者組。
請求樣本
curl https://cloudsso-scim-<regionId>.aliyun.com/scim/v2/Groups/<groupId> --header 'Authorization: Bearer <your scim credential>' --header "content-type:application/json" -X DELETE