Skip to content

Authentication

SailPoint SCIM API uses the following methods of authentication:

Basic Authentication

Basic Authentication is used to allow access to the API. It is a simple technique for enforcing access controls to API resources because it doesn’t require session IDs, cookies, or login pages but instead uses standard fields in the HTTP header. For more information on Basic authentication, please see RFC 1945 - Section 11 and RFC 2617. Support for Basic Authentication will continue to exist in future releases.

Basic Authentication can be used by File Access Manager internal users that have the "API User" role. You can create internal users and grant them the role using the administrative client.

OAuth 2.0

The Client ID and Client Secret are automatically generated during installation (or upgrade) of versions 6.1 and above.

For upgrades from version 6.1 or above, the client ID and client secret will remain the same.

You can find the client parameters in the “API Authentication” screen in the File Access Manager website.

API Authentication screen

Navigation

The screen can be found under Settings > General > API Authentication.

General

On this screen you can:

  • Check your Client ID and Client Secret
  • Generate a new Client Secret

Get Token - Sample Request

curl -X POST http://localhost/identityiqfamapi/token -H 'content-type: application/x-www-form-urlencoded' -d 'grant_type=client_credentials&client_id=6779ef20e75817b79602&client_secret=mY5zM5nh7MR8gpj5yG9iIQ%3D%3D'

Get Token - Sample Response

  {
  "access_token": "gCV2VxetE7vgRxG77pqztGSs-3lWLTJhLG5K3dL7YbtyV6Ys1z0CnTcmv__NwTuOdIcUq4_bM9q2xRPa8I4ab7JW31T6XVZ70eMLdAnOy3tgZpaz3UWTJwfLKEi8pqN6ZcF57kYmSKWrBYOabmY9JrvWtqSLsTBaX9ALWgK2JADHMvpXsbqjkI2MV9xh3nIYKyTX0mW8EOZx9JhtqC3XIQ",
  "token_type": "bearer",
  "expires_in": 1199,
  ".issued": "Thu, 09 Aug 2018 08:00:21 GMT",
  ".expires": "Thu, 09 Aug 2018 08:20:21 GMT"
  }

Using the access_token value, you can then make requests to any SCIM endpoint using the "Authorization: Bearer" in the header.

Sample SCIM endpoint request header parameter

  {
  "Authorization": "Bearer gCV2VxetE7vgRxG77pqztGSs-3lWLTJhLG5K3dL7YbtyV6Ys1z0CnTcmv__NwTuOdIcUq4_bM9q2xRPa8I4ab7JW31T6XVZ70eMLdAnOy3tgZpaz3UWTJwfLKEi8pqN6ZcF57kYmSKWrBYOabmY9JrvWtqSLsTBaX9ALWgK2JADHMvpXsbqjkI2MV9xh3nIYKyTX0mW8EOZx9JhtqC3XIQ"
  }

Supported Protocols

  • HTTP
  • HTTPS