Using SCIM API for User & Member List management in SAP Build Work Zone, Advanced Edition

Using SCIM API for User & Member List management in SAP Build Work Zone, Advanced Edition
Estimated read time 10 min read

If you’ve worked with SAP Build Work Zone, advanced edition, you might have come across the SCIM 2.0–compliant API. This API is designed for managing users and member lists, following the common specification https://tools.ietf.org/wg/scim/.
Now, SCIM is a broad standard with many optional elements. SAP’s implementation focuses on the essentials, so not every optional detail is covered – but everything you need for user and list management is there.

Where does this SCIM API fit in the Work Zone landscape?

The SCIM API is utilized by SAP Identity Provisioning Service (IPS) to handle User and List/Group management for the Digital Workplace Service component of both following variants- Build Work Zone, Advanced Edition and SuccessFactors Work Zone. 

If you’re configuring IPS for Work Zone user provisioning, you’ll find detailed guidance in our help documentation.

Build Work Zone, Advanced EditionSuccessFactors Work Zone

IPS should always be used as the primary means of User provisioning & management in Work Zone.

But what if you want to go hands-on with the API yourself, for small scale user data adjustment or simply to check data? That is what we are going to cover in this blog.
Important resource to go through before attempting to use the API-> Using the SCIM API | SAP Help Portal

Key elements needed to use the SCIM API for User & List Management

Digital Workplace/Jam URL-> Administration Console -> Overview -> Custom Domain URL (for Jam instances not using custom domain, just the regular JAM DC URL- jamX.sapjam.com)SCIM API Client Key: Administration Console -> OAuth Clients -> SCIM Client (will have integration URL as  http://www.simplecloud.info) -> KeySCIM API Client Secret: Administration Console -> OAuth Clients -> SCIM Client (will have integration URL as  http://www.simplecloud.info) -> SecretSCIM API Token URL-> https://<Digital Workplace/Jam URL>/api/v1/auth/token

 

[A] GETTING THE SCIM API ACCESS TOKEN

First step in using SCIM API is getting the access token.

Using any suitable tool (like Postman) POST call needs to be made to the SCIM API Token URL, passing the SCIM API Client Key & Secret. This will return the Access token.

Steps (Postman tool used for this example):

Method: POSTURL: https://<Digital Workplace/Jam URL>/api/v1/auth/tokenIn the request Body:client_id: < SCIM API Client Key >client_secret: < SCIM API Client Secret >grant_type: client_credentialsHere is what the API call looks like in Postman-
After making the call by hitting “Send”, access token returned in Response-

 

[B] USING THE SCIM API TO VIEW, UPDATE OR DELETE USER

User management via SCIM API will require-

Access Token: from section [A] stepsUser_UUID: Can be grabbed from the browser URL of any user profile page in Work Zone. The alphanumeric identifier at the end of the URL will be the UUid.Example URL: https://swzhrcpsdemo.workzonehr.cfapps.sap.hana.ondemand.com/site#workzone-profile?sap-app-origin-hint=&/profile/wall/QljGDtyuvpRDK7epwV0GiUQljGDtyuvpRDK7epwV0GiUis the UUid.SCIM User API URL: https://<Digital Workplace/Jam URL>/api/v1/scim/Users/<user_uuid>

Using the above User API URL and the User UUid,

GET calls can be made to view user data.PUT calls can be made to update user data.DELETE calls can be made to delete any user from Work Zone database.

 

[B.1] TO VIEW ANY USER RECORD

Method: GETURL: https://< Digital Workplace/Jam URL >/api/v1/scim/Users/<user_uuid>In the request Header,     Authorization = OAuth <access_token>Here is what the API call looks like in Postman for one example User UUid:
And the Response after hitting “Send”

[B.2] TO UPDATE ANY USER RECORD

Method: PUTURL: https://< Digital Workplace/Jam URL >/api/v1/scim/Users/<user_uuid>In the request Header,     Authorization = OAuth <access_token>In the request Body, user data request payload in DWS/Jam SCIM format.Here is what the API call looks like for one example User-
If we submit this API call by hitting “Send”, the user will get updated with the payload data from the request body.

[B.3] TO DELETE ANY USER RECORD

Method: DELETEURL: https://< Digital Workplace/Jam URL >/api/v1/scim/Users/<user_uuid>In the request Header,     Authorization = OAuth <access_token>Here is what the API call looks like for one example User UUid:
If we submit this API call by hitting “Send”, the user will get deleted

 

[C] USING THE SCIM API TO VIEW OR DELETE MEMBER LIST

Access Token: from section [A] stepslist_name: Name of the Listlist_id: Has to be retrieved via API call, searching with List Name.SCIM List API URL: https://< Digital Workplace/Jam URL >/api/v1/scim/Groups/<list_id>

[C.1] GET THE LIST ID

To search List ID for any List, same steps to be followed as viewing users, [B.1] section above, only changing to API endpoint /Groups:

URL: https://< Digital Workplace/Jam URL >/api/v1/scim/Groups? filter=displayName eq “<list_name>

The API response will have the List ID in “id” field

[C.2] VIEW A LIST

To view SCIM data for any List, same steps to be followed as viewing users, [B.1] section above, only changing to API endpoint /Groups:

URL: https://< Digital Workplace/Jam URL >/api/v1/scim/Groups/< list_id >

[C.3] DELETE A LIST

To delete any List, same steps to be followed as deleting users, [B.3] section above, only changing to API endpoint /Groups:

URL: https://< Digital Workplace/Jam URL >/api/v1/scim/Groups/< list_id >

 

 

​ If you’ve worked with SAP Build Work Zone, advanced edition, you might have come across the SCIM 2.0–compliant API. This API is designed for managing users and member lists, following the common specification https://tools.ietf.org/wg/scim/.Now, SCIM is a broad standard with many optional elements. SAP’s implementation focuses on the essentials, so not every optional detail is covered – but everything you need for user and list management is there.Where does this SCIM API fit in the Work Zone landscape?The SCIM API is utilized by SAP Identity Provisioning Service (IPS) to handle User and List/Group management for the Digital Workplace Service component of both following variants- Build Work Zone, Advanced Edition and SuccessFactors Work Zone. If you’re configuring IPS for Work Zone user provisioning, you’ll find detailed guidance in our help documentation.Build Work Zone, Advanced EditionSuccessFactors Work ZoneIPS should always be used as the primary means of User provisioning & management in Work Zone.But what if you want to go hands-on with the API yourself, for small scale user data adjustment or simply to check data? That is what we are going to cover in this blog.Important resource to go through before attempting to use the API-> Using the SCIM API | SAP Help PortalKey elements needed to use the SCIM API for User & List Management-Digital Workplace/Jam URL-> Administration Console -> Overview -> Custom Domain URL (for Jam instances not using custom domain, just the regular JAM DC URL- jamX.sapjam.com)SCIM API Client Key: Administration Console -> OAuth Clients -> SCIM Client (will have integration URL as  http://www.simplecloud.info) -> KeySCIM API Client Secret: Administration Console -> OAuth Clients -> SCIM Client (will have integration URL as  http://www.simplecloud.info) -> SecretSCIM API Token URL-> https://<Digital Workplace/Jam URL>/api/v1/auth/token [A] GETTING THE SCIM API ACCESS TOKENFirst step in using SCIM API is getting the access token.Using any suitable tool (like Postman) POST call needs to be made to the SCIM API Token URL, passing the SCIM API Client Key & Secret. This will return the Access token.Steps (Postman tool used for this example):Method: POSTURL: https://<Digital Workplace/Jam URL>/api/v1/auth/tokenIn the request Body:client_id: < SCIM API Client Key >client_secret: < SCIM API Client Secret >grant_type: client_credentialsHere is what the API call looks like in Postman-After making the call by hitting “Send”, access token returned in Response- [B] USING THE SCIM API TO VIEW, UPDATE OR DELETE USER User management via SCIM API will require-Access Token: from section [A] stepsUser_UUID: Can be grabbed from the browser URL of any user profile page in Work Zone. The alphanumeric identifier at the end of the URL will be the UUid.Example URL: https://swzhrcpsdemo.workzonehr.cfapps.sap.hana.ondemand.com/site#workzone-profile?sap-app-origin-hint=&/profile/wall/QljGDtyuvpRDK7epwV0GiUQljGDtyuvpRDK7epwV0GiUis the UUid.SCIM User API URL: https://<Digital Workplace/Jam URL>/api/v1/scim/Users/<user_uuid>Using the above User API URL and the User UUid,GET calls can be made to view user data.PUT calls can be made to update user data.DELETE calls can be made to delete any user from Work Zone database. [B.1] TO VIEW ANY USER RECORDMethod: GETURL: https://< Digital Workplace/Jam URL >/api/v1/scim/Users/<user_uuid>In the request Header,     Authorization = OAuth <access_token>Here is what the API call looks like in Postman for one example User UUid:And the Response after hitting “Send”[B.2] TO UPDATE ANY USER RECORDMethod: PUTURL: https://< Digital Workplace/Jam URL >/api/v1/scim/Users/<user_uuid>In the request Header,     Authorization = OAuth <access_token>In the request Body, user data request payload in DWS/Jam SCIM format.Here is what the API call looks like for one example User-If we submit this API call by hitting “Send”, the user will get updated with the payload data from the request body.[B.3] TO DELETE ANY USER RECORDMethod: DELETEURL: https://< Digital Workplace/Jam URL >/api/v1/scim/Users/<user_uuid>In the request Header,     Authorization = OAuth <access_token>Here is what the API call looks like for one example User UUid:If we submit this API call by hitting “Send”, the user will get deleted [C] USING THE SCIM API TO VIEW OR DELETE MEMBER LIST Access Token: from section [A] stepslist_name: Name of the Listlist_id: Has to be retrieved via API call, searching with List Name.SCIM List API URL: https://< Digital Workplace/Jam URL >/api/v1/scim/Groups/<list_id>[C.1] GET THE LIST IDTo search List ID for any List, same steps to be followed as viewing users, [B.1] section above, only changing to API endpoint /Groups: URL: https://< Digital Workplace/Jam URL >/api/v1/scim/Groups? filter=displayName eq “<list_name>”The API response will have the List ID in “id” field[C.2] VIEW A LISTTo view SCIM data for any List, same steps to be followed as viewing users, [B.1] section above, only changing to API endpoint /Groups:URL: https://< Digital Workplace/Jam URL >/api/v1/scim/Groups/< list_id >[C.3] DELETE A LISTTo delete any List, same steps to be followed as deleting users, [B.3] section above, only changing to API endpoint /Groups:URL: https://< Digital Workplace/Jam URL >/api/v1/scim/Groups/< list_id >    Read More Technology Blog Posts by SAP articles 

#SAP

#SAPTechnologyblog

Avatar for

You May Also Like

More From Author