# SCIM System for Cross-domain Identity Management, or SCIM, is an API specification created to facilitate the management of people and groups of people in cloud-based applications and services. Universal Identity SCIM API is built on top of the SCIM 2.0 specification and can be integrated with major Identity Providers like Okta, Microsoft Entra ID and OneLogin. Zuora recommends that you use OAuth v2.0 to authenticate to the Zuora REST API. You must first create an OAuth client in the Zuora UI before using the [Create an OAuth token](https://developer.zuora.com/api-references/api/operation/createToken) operation to create an OAuth token. See [Authentication](https://developer.zuora.com/rest-api/general-concepts/authentication/) for more information. ## List groups - [GET /scim/v2/Groups](https://developer.zuora.com/v1-api-reference/api/scim/getlistgroups.md): Returns a paginated list of groups, ten groups per page by default. Use the startIndex and count (max 100) query parameters to paginate long lists of groups. It's possible to return a list of specific types of groups using the filter parameter. ## Create a group - [POST /scim/v2/Groups](https://developer.zuora.com/v1-api-reference/api/scim/createanewgroup.md): Creates a new group. Must include the displayName attribute. Users can be added to the group during creation by supplying the user ID values in the members array attribute. ## Bulk create groups - [POST /scim/v2/Groups/bulk](https://developer.zuora.com/v1-api-reference/api/scim/postbulkcreategroups.md): Creates multiple Groups within an organization. Must include the displayName attribute. Users can be added to the group during creation by supplying the user ID values in the members array attribute. ## Bulk update groups - [PATCH /scim/v2/Groups/bulk](https://developer.zuora.com/v1-api-reference/api/scim/patchbulkpatchgroups.md): Updates an existing group resource, allowing individual (or groups of) users to be added or removed from the group with a single operation. Setting the operation attribute of a member object to delete will remove members from a group; add is the default operation for PATCH. ## Bulk delete groups - [POST /scim/v2/Groups/delete](https://developer.zuora.com/v1-api-reference/api/scim/postbulkdeletegroups.md): Permanently removes groups from an organization (members are not deleted, only the group). ## Retrieve a group - [GET /scim/v2/Groups/{id}](https://developer.zuora.com/v1-api-reference/api/scim/getaspecificgroup.md): Retrieves a single group resource. ## Update a group - [PUT /scim/v2/Groups/{id}](https://developer.zuora.com/v1-api-reference/api/scim/updateaspecificgroup.md): Updates an existing group resource, overwriting all values for a group even if an attribute is empty or not provided. PUT will replace all members of a group with those members provided via the members attribute. If an attribute that had been set previously is left blank during a PUT operation, the new value will be blank in accordance with the data type of the attribute and the storage provider. ## Delete a group - [DELETE /scim/v2/Groups/{id}](https://developer.zuora.com/v1-api-reference/api/scim/deleteaspecificgroup.md): Permanently removes a group (members are not deleted, only the group). ## Partially update a group - [PATCH /scim/v2/Groups/{id}](https://developer.zuora.com/v1-api-reference/api/scim/partiallyupdateaspecificgroup.md): Updates an existing group resource, allowing individual (or groups of) users to be added or removed from the group with a single operation. Setting the operation attribute of a member object to delete will remove members from a group; add is the default operation for PATCH. ## List all resource types - [GET /scim/v2/ResourceTypes](https://developer.zuora.com/v1-api-reference/api/scim/gettheressourcetype.md): Retrieves all Resource Types managed by OneId. Resource Types define the resource name, endpoint URL, schemas, and other metadata that indicate where a resource is managed and how it is composed, e.g., "User" or "Group". ## Retrieve a resource type - [GET /scim/v2/ResourceTypes/{id}](https://developer.zuora.com/v1-api-reference/api/scim/getaspecificresourcetype.md): Get related information on a single resource type. Examples: /scim/v2/ResourceTypes/User /scim/v2/ResourceTypes/Group ## List all schemas of resources - [GET /scim/v2/Schemas](https://developer.zuora.com/v1-api-reference/api/scim/getschemaofscim.md): Lists all schemas for all supported resources. A schema is a collection of attribute definitions that describe the contents of an entire or partial resource, e.g., "urn:ietf:params:scim:schemas:core:2.0:User". The attribute definitions specify the name of the attribute, and metadata such as type (e.g., string, binary), cardinality (singular, multi, complex), mutability, and returnability. ## List schemas of a resource - [GET /scim/v2/Schemas/{id}](https://developer.zuora.com/v1-api-reference/api/scim/gettheschemaofspecificscim.md): Gets a specific resource schema by ID. Examples: /scim/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:Group /scim/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:User /scim/v2/Schemas/urn:zuora:scim:schemas:1.0:UserExtension /scim/v2/Schemas/urn:zuora:scim:schemas:1.0:GroupExtension ## Retrieve the service provider configuration - [GET /scim/v2/ServiceProviderConfig](https://developer.zuora.com/v1-api-reference/api/scim/gettheserviceproviderconfig.md): Returns Zuora’s service provider configuration. ## List users - [GET /scim/v2/Users](https://developer.zuora.com/v1-api-reference/api/scim/getlistofusers.md): Returns a paginated list of users, 100 users per page by default. When querying larger instances, reduce the count parameter to 1,000 or less, and use the startIndex parameter to paginate through users. It's possible to return a list of specific types of users with the filter parameter. Examples: /list?filter=userName eq "testuser" /list??filter=status eq "PENDING_ACTIVATION" /list??filter=id eq "91f659cd-6ded-4d92-aa5c-144c3b5455c3" and status eq "PENDING_ACTIVATION" ## Create a user - [POST /scim/v2/Users](https://developer.zuora.com/v1-api-reference/api/scim/createauser.md): Creates a user. Must include the userName attribute and an email address. User will be created as an SSO user by default and a federated ID must be provided for the user. ## Bulk create users - [POST /scim/v2/Users/bulk](https://developer.zuora.com/v1-api-reference/api/scim/bulkcreateusers.md): Creates multiple users within an organization. ## Bulk update users - [PATCH /scim/v2/Users/bulk](https://developer.zuora.com/v1-api-reference/api/scim/bulkupdateusers.md): Updates an existing multiple user resource, overwriting values for specified attributes. ## Delete a list of users - [POST /scim/v2/Users/delete](https://developer.zuora.com/v1-api-reference/api/scim/deletealistofusers.md): Sets multiple users to deactivate. The value of the id should be the user's corresponding user ID. ## Retrieve a user - [GET /scim/v2/Users/{id}](https://developer.zuora.com/v1-api-reference/api/scim/getaspecificuser.md): Retrieves a single user resource. The value of the should be the user's corresponding user ID. ## Update a user - [PUT /scim/v2/Users/{id}](https://developer.zuora.com/v1-api-reference/api/scim/updateaspecificuser.md): Updates an existing user resource, overwriting all values for a user even if an attribute is empty or not provided. If an attribute that had been set previously is left blank during a PUT operation, the new value will be blank in accordance with the data type of the attribute and the storage provider. Deactivated users can be re-enabled by setting the active attribute to true. The value of the should be the user's corresponding user ID. ## Delete a user - [DELETE /scim/v2/Users/{id}](https://developer.zuora.com/v1-api-reference/api/scim/deleteaspecificuser.md): Deactivates a specific user identified by the user ID. ## Partially update a user - [PATCH /scim/v2/Users/{id}](https://developer.zuora.com/v1-api-reference/api/scim/partialupdateaspecificuser.md): Updates an existing user resource, overwriting values for specified attributes. The value of the {id} should be the user's corresponding user ID. Attributes that are not provided in the request will remain unchanged. Updating a value to " " will clear and remove the field from the user's profile.