Authentication
SailPoint SCIM API uses the following methods of authentication:
Basic Authentication
Basic Authentication is used to allow access to the API. It is a simple technique for enforcing access controls to API resources because it doesn’t require session IDs, cookies, or login pages but instead uses standard fields in the HTTP header. For more information on Basic authentication, please see RFC 1945 - Section 11 and RFC 2617. Support for Basic Authentication will continue to exist in future releases.
Basic Authentication can be used by File Access Manager internal users that have the "API User" role. You can create internal users and grant them the role using the administrative client.
OAuth 2.0
The Client ID and Client Secret are automatically generated during installation (or upgrade) of versions 6.1 and above.
For upgrades from version 6.1 or above, the client ID and client secret will remain the same.
You can find the client parameters in the “API Authentication” screen in the File Access Manager website.
API Authentication screen
Navigation
The screen can be found under Settings > General > API Authentication.
General
On this screen you can:
- Check your Client ID and Client Secret
- Generate a new Client Secret
Get Token - Sample Request
curl -X POST http://localhost/identityiqfamapi/token -H 'content-type: application/x-www-form-urlencoded' -d 'grant_type=client_credentials&client_id=6779ef20e75817b79602&client_secret=mY5zM5nh7MR8gpj5yG9iIQ%3D%3D'
Get Token - Sample Response
{
"access_token": "gCV2VxetE7vgRxG77pqztGSs-3lWLTJhLG5K3dL7YbtyV6Ys1z0CnTcmv__NwTuOdIcUq4_bM9q2xRPa8I4ab7JW31T6XVZ70eMLdAnOy3tgZpaz3UWTJwfLKEi8pqN6ZcF57kYmSKWrBYOabmY9JrvWtqSLsTBaX9ALWgK2JADHMvpXsbqjkI2MV9xh3nIYKyTX0mW8EOZx9JhtqC3XIQ",
"token_type": "bearer",
"expires_in": 1199,
".issued": "Thu, 09 Aug 2018 08:00:21 GMT",
".expires": "Thu, 09 Aug 2018 08:20:21 GMT"
}
Using the access_token value, you can then make requests to any SCIM endpoint using the "Authorization: Bearer" in the header.
Sample SCIM endpoint request header parameter
{
"Authorization": "Bearer gCV2VxetE7vgRxG77pqztGSs-3lWLTJhLG5K3dL7YbtyV6Ys1z0CnTcmv__NwTuOdIcUq4_bM9q2xRPa8I4ab7JW31T6XVZ70eMLdAnOy3tgZpaz3UWTJwfLKEi8pqN6ZcF57kYmSKWrBYOabmY9JrvWtqSLsTBaX9ALWgK2JADHMvpXsbqjkI2MV9xh3nIYKyTX0mW8EOZx9JhtqC3XIQ"
}
Supported Protocols
- HTTP
- HTTPS