Authentication

SailPoint SCIM API uses the following methods of authentication

Basic Authentication

Basic Authentication is used to allow access to the API. It is a simple technique for enforcing access controls to API resources because it doesn’t require session IDs, cookies, or login pages but instead uses standard fields in the HTTP header. For more information on Basic authentication, please see https://tools.ietf.org/html/rfc1945#section-11 and https://www.ietf.org/rfc/rfc2617.txt. Support for Basic Authentication will continue to exist in future releases.

Basic Authentication can be used by File Access Managerinternal users that have the "API User" role. You can create internal users and grant them the role using the administrative client.

OAuth 2.0

The Client ID and Client Secret are automatically generated during installation (or upgrade) of versions 6.1 and above.

For upgrades from version 6.1 or above, the client ID and client secret will remain the same.

You can find the client parameters in the “API Authentication” screen in the File Access Manager website.

“API Authentication” screen

Navigation

The screen can be found under Settings -> General -> API Authentication

General

On this screen you can:

  • Check your Client ID and Client Secret
  • Generate a new Client Secret

Get Token - Sample Request

“curl -X POST http://localhost/identityiqfamapi/token -H 'content-type: application/x-www-form-urlencoded' -d 'grant_type=client_credentials&client_id=6779ef20e75817b79602&client_secret=mY5zM5nh7MR8gpj5yG9iIQ%3D%3D'”

Get Token - Sample response

{
"access_token": "gCV2VxetE7vgRxG77pqztGSs-3lWLTJhLG5K3dL7YbtyV6Ys1z0CnTcmv__NwTuOdIcUq4_bM9q2xRPa8I4ab7JW31T6XVZ70eMLdAnOy3tgZpaz3UWTJwfLKEi8pqN6ZcF57kYmSKWrBYOabmY9JrvWtqSLsTBaX9ALWgK2JADHMvpXsbqjkI2MV9xh3nIYKyTX0mW8EOZx9JhtqC3XIQ",
"token_type": "bearer",
"expires_in": 1199,
".issued": "Thu, 09 Aug 2018 08:00:21 GMT",
".expires": "Thu, 09 Aug 2018 08:20:21 GMT"
}

Using the access_token value you can then make requests to any SCIM endpoint using “Authorization: Bearer” in the header

Sample SCIM endpoint request header parameter

{"Authorization":"Bearer gCV2VxetE7vgRxG77pqztGSs-3lWLTJhLG5K3dL7YbtyV6Ys1z0CnTcmv__NwTuOdIcUq4_bM9q2xRPa8I4ab7JW31T6XVZ70eMLdAnOy3tgZpaz3UWTJwfLKEi8pqN6ZcF57kYmSKWrBYOabmY9JrvWtqSLsTBaX9ALWgK2JADHMvpXsbqjkI2MV9xh3nIYKyTX0mW8EOZx9JhtqC3XIQ"}

Supported Protocols

  • HTTP
  • HTTPS