{"openapi":"3.1.0","info":{"title":"Platform - User Provisioning","description":"OneTrust supports cross-domain identity management through the SCIM 2.0 specification. System for Cross-Domain Identity Management (SCIM) is an open specification to help facilitate the automated management of user identities and groups in cloud applications using RESTful APIs. This allows organizations to manage and update user information and group information across domains and applications.","version":"1.0","contact":{"name":"OneTrust Support","url":"https://my-onetrust-com.surrey.idm.oclc.org/s/contactsupport"},"license":{"name":"Apache 2.0","url":"https://www.apache.org/licenses/LICENSE-2.0"}},"servers":[{"url":"https://{hostname}","variables":{"hostname":{"default":"hostname","description":"The OneTrust hostname such as app.onetrust.com, app-eu.onetrust.com, app-de.onetrust.com, app-uk.onetrust.com, app-apac.onetrust.com, trial.onetrust.com, or uat.onetrust.com."}}}],"tags":[{"name":"Groups V2","description":"V2 version APIs to manage Groups.","externalDocs":{"description":"OpenAPI 3.1.0 - Download Definition","url":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"}},{"name":"Resources V3","description":"V3 version APIs to manager Resources Type.","externalDocs":{"description":"OpenAPI 3.1.0 - Download Definition","url":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"}},{"name":"SCIM Schemas V3","description":"V3 version APIs to manager Schemas.","externalDocs":{"description":"OpenAPI 3.1.0 - Download Definition","url":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"}},{"name":"Service Provider V3","description":"V3 version APIs to manager the Service Provider.","externalDocs":{"description":"OpenAPI 3.1.0 - Download Definition","url":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"}},{"name":"User Groups V3","description":"V3 version APIs to manager User Groups.","externalDocs":{"description":"OpenAPI 3.1.0 - Download Definition","url":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"}},{"name":"Users V2","description":"V2 version APIs to manage Users.","externalDocs":{"description":"OpenAPI 3.1.0 - Download Definition","url":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"}},{"name":"Users V3","description":"V3 version APIs to manager Users.","externalDocs":{"description":"OpenAPI 3.1.0 - Download Definition","url":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"}}],"x-onetrust":{"spec-label":"OpenAPI 3.1.0","links":["{'SCIM User & Group Provisioning': 'https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-93f936ef-8076-280c-a58e-ba2d3437dfad?topicId=0TO1Q000000ItSxWAK'}"]},"x-readme":{"explorer-enabled":false,"proxy-enabled":false,"metrics-enabled":false},"paths":{"/api/scim/v2/Groups":{"get":{"operationId":"listGroupsUsingGET","summary":"Get List of Groups","description":"Use this API to retrieve a list of SCIM groups from your account. The response will include each unique role-organization combination. For example, if your account has 20 roles and 2 organizations, this API will return 40 unique SCIM groups in the response. This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n>\n> - This API supports OneTrust's Legacy SCIM Integration that leverages SCIM groups, which are unique role-organization combinations that each represent a specific role within a particular organization. For more information, see [Legacy SCIM User Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-abda73a7-4996-c1b4-2e2a-e46aa3f2a3cc).\n","tags":["Groups V2"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"parameters":[{"name":"startIndex","in":"query","description":"Start index of the groups to be fetched. Minimum and the default values are 1.","schema":{"type":"string","default":"1","minimum":1},"example":"1"},{"name":"count","in":"query","description":"The number of groups to be returned. The default value is 25 and the maximum number of groups returned are 25.","schema":{"type":"string","default":"25","maximum":25,"minimum":1},"example":"25"}],"responses":{"200":{"description":"OK\n\nGroups retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ListResponse"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM","INTEGRATION"]}]}},"/api/scim/v2/Groups/{groupId}":{"get":{"operationId":"getGroupResourceUsingGET","summary":"Get Group","description":"Use this API to retrieve details for a specific SCIM group. The response will include details such as the created date, last modified date, and list of users within the SCIM group. This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n>\n> - This API supports OneTrust's Legacy SCIM Integration that leverages SCIM groups, which are unique role-organization combinations that each represent a specific role within a particular organization. For more information, see [Legacy SCIM User Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-abda73a7-4996-c1b4-2e2a-e46aa3f2a3cc).\n","tags":["Groups V2"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"parameters":[{"name":"groupId","in":"path","description":"ID that uniquely identifies the SCIM group. The `groupId` can be obtained using the [Get List of Groups]\n(/onetrust/reference/listgroupsusingget) API.\n","required":true,"schema":{"type":"string","format":"uuid"},"example":"550e8400-e29b-41d4-a716-446655440000"},{"name":"excludedAttributes","in":"query","description":"The parameter to exclude the list of group members from the response when retrieving details of a specific group.","required":false,"schema":{"type":"string","enum":["members"],"maxLength":255}}],"responses":{"200":{"description":"OK\n\nGroup retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupResource"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM","INTEGRATION"]}]},"put":{"operationId":"updateGroupMembersUsingPUT","summary":"Update Group","description":"Use this API to fully update SCIM group details and SCIM group membership. This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n>\n> - This API supports OneTrust's Legacy SCIM Integration that leverages SCIM groups, which are unique role-organization combinations that each represent a specific role within a particular organization. For more information, see [Legacy SCIM User Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-abda73a7-4996-c1b4-2e2a-e46aa3f2a3cc).\n> - When a user is added as a member of a SCIM group, the user is provisioned with that specific role-organization combination. If the user belongs to other SCIM groups, the user will still retain existing membership with those groups as users can be assigned to multiple roles and multiple organizations.\n> - When this API is called, the existing list of users that are members of the SCIM group will be replaced with the new list of users defined in the request. If no users are specified, the existing list of users will be removed from the SCIM group.\n","tags":["Groups V2"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"parameters":[{"name":"groupId","in":"path","description":"ID that uniquely identifies the SCIM group. The `groupId` can be obtained using the [Get List of Groups](/onetrust/reference/listgroupsusingget) API.","required":true,"schema":{"type":"string","format":"uuid"},"example":"550e8400-e29b-41d4-a716-446655440000"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupResource"}}}},"responses":{"200":{"description":"OK\n\nGroup members updated successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupResource"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM","INTEGRATION"]}]},"patch":{"operationId":"updateGroupMembersUsingPATCH","summary":"Modify Group","description":"Use this API to partially update SCIM group details and/or SCIM group membership. This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n> \n> - This API supports OneTrust's Legacy SCIM Integration that leverages SCIM groups, which are unique role-organization combinations that each represent a specific role within a particular organization. For more information, see [Legacy SCIM User Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-abda73a7-4996-c1b4-2e2a-e46aa3f2a3cc).\n> - When a user is added as a member of a SCIM group, the user is provisioned with that specific role-organization combination. If the user belongs to other SCIM groups, the user will still retain existing membership with those groups as users can be assigned to multiple roles and multiple organizations.\n","tags":["Groups V2"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"parameters":[{"name":"groupId","in":"path","description":"ID that uniquely identifies the SCIM group. The `groupId` can be obtained using the [Get List of Groups]\n(/onetrust/reference/listgroupsusingget) API.\n","required":true,"schema":{"type":"string","format":"uuid"},"example":"550e8400-e29b-41d4-a716-446655440000"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PatchGroupResourceRequest"}}}},"responses":{"204":{"description":"OK\n\nGroup members updated successfully."},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM","INTEGRATION"]}]}},"/api/scim/v2/Users":{"get":{"operationId":"getAllUsersUsingGET","summary":"Get List of Users","description":"Use this API to retrieve a list of users along with user details such as the created date, last modified date, name, and email. This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n>\n> - This API supports OneTrust's Legacy SCIM Integration that leverages SCIM groups, which are unique role-organization combinations that each represent a specific role within a particular organization. For more information, see [Legacy SCIM User Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-abda73a7-4996-c1b4-2e2a-e46aa3f2a3cc).\n> - OneTrust supports the use of SCIM filters to identify specific users:\n> - Filters can be applied on the `id`, `externalId`, `email`, `emails`, `givenName`, `familyName`, `userType`, and `active` attributes.\n> - The supported logical operators are `eq` (equal), `co` (contains), `sw` (starts with), `gt` (greater than), `ge` (greater than or equal to), `lt` (less than), and `le` (less than or equal to).\n> - The `filter` query parameter is applied in the following format: attribute operator \"value\". For example, emails co \"onetrust.com\" would return a list of user records that contain emails with the onetrust.com domain.\n","tags":["Users V2"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"parameters":[{"name":"startIndex","in":"query","description":"Start index of the users to be retrieved.","schema":{"type":"string","default":"1","minimum":1}},{"name":"count","in":"query","description":"The number of users to be returned. ","schema":{"type":"string","default":"25","minimum":1}}],"responses":{"200":{"description":"OK\n\nUsers retrieved successfully.\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ListResponse"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM","INTEGRATION","USER"]}]},"post":{"operationId":"createUserUsingPOST","summary":"Create User","description":"Use this API to create a user and associate that user with the configured organization and role. This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n>\n> - This API supports OneTrust's Legacy SCIM Integration that leverages SCIM groups, which are unique role-organization combinations that each represent a specific role within a particular organization. For more information, see [Legacy SCIM User Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-abda73a7-4996-c1b4-2e2a-e46aa3f2a3cc).\n> - If a value is not provided for `roles` or `organization` in the request, the newly created user will be assigned the default role and organization as configured on the **User Provisioning** screen within **Global Settings** in the OneTrust application.\n> - This API supports assigning the user to multiple roles within one organization. If the user should be assigned to other role-organization combinations (SCIM groups), use the [Modify Group Members](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/updategroupmembersusingpatch) API.\n","tags":["Users V2"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserResource"}}}},"responses":{"201":{"description":"Created","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserResource"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM","INTEGRATION","USER"]}]}},"/api/scim/v2/Users/{id}":{"get":{"operationId":"getUserUsingGET","summary":"Get User","description":"Use this API to retrieve the details of a specific user. The response will include details such as the created date, emails, and SCIM groups to which the user belongs. This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n>\n> - This API supports OneTrust's Legacy SCIM Integration that leverages SCIM groups, which are unique role-organization combinations that each represent a specific role within a particular organization. For more information, see [Legacy SCIM User Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-abda73a7-4996-c1b4-2e2a-e46aa3f2a3cc).\n","tags":["Users V2"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"parameters":[{"name":"id","in":"path","description":"Unique identifier of the user","required":true,"schema":{"type":"string","format":"uuid"},"example":"550e8400-e29b-41d4-a716-446655440000"}],"responses":{"200":{"description":"OK\n\nUser retrieved successfully.\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserResource"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM","INTEGRATION","USER"]}]},"put":{"operationId":"updateUserUsingPUT","summary":"Update User","description":"Use this API to fully update all attributes for a user. This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n>\n> - This API supports OneTrust's Legacy SCIM Integration that leverages SCIM groups, which are unique role-organization combinations that each represent a specific role within a particular organization. For more information, see [Legacy SCIM User Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-abda73a7-4996-c1b4-2e2a-e46aa3f2a3cc).\n> - The following user attributes will be updated using this API: `givenName`, `familyName`, `externalId`, `active`, `division`, `userType`, `employeeNumber`, `department`, `manager`, and `title`.\n> - Any attributes not included in the request will be replaced with a `null` value. It is best to first retrieve the latest user record using the [Get User](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/getuserusingget) API, and then modify that response to use in the request for this API. If you only need to update some but not all attributes, use the [Modify User](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/patchuserusingpatch) API.\n","tags":["Users V2"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"parameters":[{"name":"id","in":"path","description":"Unique identifier of the user","required":true,"schema":{"type":"string","format":"uuid"},"example":"550e8400-e29b-41d4-a716-446655440000"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserResource"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserResource"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM","INTEGRATION","USER"]}]},"delete":{"operationId":"deleteUserUsingDELETE","summary":"Delete User","description":"The Delete User feature is not available at this time.","tags":["Users V2"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"parameters":[{"name":"id","in":"path","description":"ID that uniquely identifies a user. The `id` can be obtained using the [Get List of Users](/onetrust/reference/getallusersusingget) API.","required":true,"schema":{"type":"string","format":"uuid"},"example":"550e8400-e29b-41d4-a716-446655440000"}],"responses":{"204":{"description":"No Content"},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM","INTEGRATION","USER"]}]},"patch":{"operationId":"patchUserUsingPATCH","summary":"Modify User","description":"Use this API to activate a user, deactivate a user, or partially update a user's attributes. This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n>\n> - This API supports OneTrust's Legacy SCIM Integration that leverages SCIM groups, which are unique role-organization combinations that each represent a specific role within a particular organization. For more information, see [Legacy SCIM User Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-abda73a7-4996-c1b4-2e2a-e46aa3f2a3cc).\n> - The following user attributes can be modified using this API: `givenName`, `familyName`, `externalId`, `active`, `division`, `userType`, `employeeNumber`, `department`, `manager`, and `title`.\n","tags":["Users V2"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"parameters":[{"name":"id","in":"path","description":"Unique identifier of the user","required":true,"schema":{"type":"string","format":"uuid"},"example":"550e8400-e29b-41d4-a716-446655440000"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PatchUserResourceRequest"}}}},"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserResource"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM","INTEGRATION","USER"]}]}},"/api/scim/v3/Groups":{"get":{"operationId":"getGroups","summary":"Get List of User Groups","description":"Use this API to retrieve a list of user groups. This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n>\n> - This API supports OneTrust's Enhanced SCIM Integration that leverages Group Provisioning to manage access for users by provisioning them to one or more user groups. For more information, see [SCIM User & Group Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-93f936ef-8076-280c-a58e-ba2d3437dfad).\n> - OneTrust supports the use of SCIM filters to identify specific user groups:\n> - Filters can be applied on the `displayName` attribute.\n> - The supported logical operators are `eq` (equal) and `co` (contains).\n> - The `filter` query parameter is applied in the following format: attribute operator \"value\". For example, displayName co \"Sales\" would return a list of user group records that contain sales in the display name.\n","tags":["User Groups V3"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"parameters":[{"name":"startIndex","in":"query","description":"Starting value of the response.","schema":{"type":"string","default":"1","minimum":1}},{"name":"count","in":"query","description":"The number of entries to be returned in the response.","schema":{"type":"string","default":"25","maximum":25,"minimum":1}},{"name":"excludedAttributes","in":"query","description":"Use this parameter to exclude members available in the Group in the response.","schema":{"type":"string","default":"members"}},{"name":"filter","in":"query","description":"Use this parameter to filter the list of groups based on `displayName` using the `eq` or `co` operators.","schema":{"type":"string","default":"displayName co \"Sales\""}}],"responses":{"200":{"description":"OK\n\nGroups retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ListResponse"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM","INTEGRATION"]}]},"post":{"operationId":"createGroup","summary":"Create User Group","description":"Use this API to create a user group. This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n>\n> - This API supports OneTrust's Enhanced SCIM Integration that leverages Group Provisioning to manage access for users by provisioning them to one or more user groups. For more information, see [SCIM User & Group Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-93f936ef-8076-280c-a58e-ba2d3437dfad).\n","tags":["User Groups V3"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupResource"}}}},"responses":{"201":{"description":"Created\n\nGroup created successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupResource"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM","INTEGRATION"]}]}},"/api/scim/v3/Groups/{groupId}":{"get":{"operationId":"getGroupById","summary":"Get User Group","description":"Use this API to retrieve details for a specific user group. This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n>\n> - This API supports OneTrust's Enhanced SCIM Integration that leverages Group Provisioning to manage access for users by provisioning them to one or more user groups. For more information, see [SCIM User & Group Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-93f936ef-8076-280c-a58e-ba2d3437dfad).\n","tags":["User Groups V3"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"parameters":[{"name":"groupId","in":"path","description":"ID that uniquely identifies the SCIM group. The `groupId` can be obtained using the [Get Groups](/onetrust/reference/getgroups) API.","required":true,"schema":{"type":"string","format":"uuid"},"example":"550e8400-e29b-41d4-a716-446655440000"},{"name":"excludedAttributes","in":"query","description":"Use this parameter to exclude members available in the Group in the response.","required":false,"schema":{"type":"string","default":"members"}}],"responses":{"200":{"description":"OK\n\nGroup retrieved successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupResource"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM","INTEGRATION"]}]},"put":{"operationId":"updateGroup","summary":"Update User Group","description":"Use this API to fully update user group details and user group membership. This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n>\n> - This API supports OneTrust's Enhanced SCIM Integration that leverages Group Provisioning to manage access for users by provisioning them to one or more user groups. For more information, see [SCIM User & Group Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-93f936ef-8076-280c-a58e-ba2d3437dfad).\n> - When this API is called, the existing list of users that are members of the user group will be replaced with the new list of users defined in the request. If no users are specified, the existing list of users will be removed from the user group.\n","tags":["User Groups V3"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"parameters":[{"name":"groupId","in":"path","description":"ID that uniquely identifies the SCIM group. The `groupId` can be obtained using the [Get Groups](/onetrust/reference/getgroups) API.","required":true,"schema":{"type":"string","format":"uuid"},"example":"550e8400-e29b-41d4-a716-446655440000"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupResource"}}}},"responses":{"200":{"description":"OK\n\nGroup details modified successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/GroupResource"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM","INTEGRATION"]}]},"delete":{"operationId":"deleteGroup","summary":"Delete User Group","description":"Use this API to delete a specific user group. This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n>\n> - This API supports OneTrust's Enhanced SCIM Integration that leverages Group Provisioning to manage access for users by provisioning them to one or more user groups. For more information, see [SCIM User & Group Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-93f936ef-8076-280c-a58e-ba2d3437dfad).\n","tags":["User Groups V3"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"parameters":[{"name":"groupId","in":"path","description":"Unique identifier of the group","required":true,"schema":{"type":"string","format":"uuid"},"example":"550e8400-e29b-41d4-a716-446655440000"}],"responses":{"204":{"description":"No Content\n\nGroup deleted successfully."},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM","INTEGRATION"]}]},"patch":{"operationId":"modifyGroup","summary":"Modify User Group","description":"Use this API to partially update user group details and/or user group membership. This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n>\n> - This API supports OneTrust's Enhanced SCIM Integration that leverages Group Provisioning to manage access for users by provisioning them to one or more user groups. For more information, see [SCIM User & Group Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-93f936ef-8076-280c-a58e-ba2d3437dfad).\n> - When a user is added as a member of a user group, the user is provisioned with the role and organization configured for that user group. If the user belongs to other user groups, the user will still retain existing membership with those groups as users can be assigned to multiple roles and multiple organizations.\n","tags":["User Groups V3"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"parameters":[{"name":"groupId","in":"path","description":"ID that uniquely identifies the SCIM group. The `groupId` can be obtained using the [Get Groups](/onetrust/reference/getgroups) API.","required":true,"schema":{"type":"string","format":"uuid"},"example":"550e8400-e29b-41d4-a716-446655440000"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PatchGroupResourceRequest"}}}},"responses":{"204":{"description":"No Content\n\nGroup details updated successfully."},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM","INTEGRATION"]}]}},"/api/scim/v3/ResourceTypes":{"get":{"operationId":"getResourceTypesUsingGET","summary":"Get Supported Resources","description":"Use this API to retrieve the supported SCIM resources (i.e. User and Group). This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n>\n> - This API supports OneTrust's Legacy SCIM Integration that leverages SCIM groups, which are unique role-organization combinations that each represent a specific role within a particular organization. For more information, see [Legacy SCIM User Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-abda73a7-4996-c1b4-2e2a-e46aa3f2a3cc).\n","tags":["Resources V3"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"responses":{"200":{"description":"List of resource types retrieved successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ListResponse"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM"]}]}},"/api/scim/v3/ResourceTypes/{resourceName}":{"get":{"operationId":"getResourceTypesByNameUsingGET","summary":"Get Supported Resource Types","description":"Use this API to retrieve the supported resource types for the supported SCIM resources (i.e. User and Group). The response will include the endpoint URL, core schema URI, supported schema extensions, and other metadata that indicate where a resource is managed and how it is composed. This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n>\n> - This API supports OneTrust's Legacy SCIM Integration that leverages SCIM groups, which are unique role-organization combinations that each represent a specific role within a particular organization. For more information, see [Legacy SCIM User Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-abda73a7-4996-c1b4-2e2a-e46aa3f2a3cc).\n","tags":["Resources V3"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"parameters":[{"name":"resourceName","in":"path","description":"The name of the resource. The value can be obtained using the [Get Supported Resources](/onetrust/reference/getresourcetypesusingget) API.","required":true,"schema":{"type":"string","enum":["Users","Groups"],"maxLength":255,"minLength":1},"example":"Groups"}],"responses":{"200":{"description":"Resource type retrieved successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ResourceTypeResource"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM"]}]}},"/api/scim/v3/Schemas":{"get":{"operationId":"getSchemasUsingGET","summary":"Get List of Supported SCIM Schemas","description":"Use this API to retrieve a list of schemas supported by SCIM 2.0 specifications. The response will include a collection of attributes that describe the contents of SCIM resources (i.e. User and Group). The attribute definitions specify the name of the attribute, metadata such as type (string, binary), cardinality (singular, multi, complex), mutability, and returnability. This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n>\n> - This API supports OneTrust's Legacy SCIM Integration that leverages SCIM groups, which are unique role-organization combinations that each represent a specific role within a particular organization. For more information, see [Legacy SCIM User Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-abda73a7-4996-c1b4-2e2a-e46aa3f2a3cc).\n","tags":["SCIM Schemas V3"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"responses":{"200":{"description":"List of schemas retrieved successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ListResponse"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM"]}]}},"/api/scim/v3/Schemas/{schemaName}":{"get":{"operationId":"getSchemasByNameUsingGET","summary":"Get SCIM Schema","description":"Use this API to retrieve details of a specific schema supported by SCIM 2.0 specifications. The response will include a collection of attributes that describe the contents of the specified SCIM resource. The attribute definitions specify the name of the attribute, metadata such as type (string, binary), cardinality (singular, multi, complex), mutability, and returnability. This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n>\n> - This API supports OneTrust's Legacy SCIM Integration that leverages SCIM groups, which are unique role-organization combinations that each represent a specific role within a particular organization. For more information, see [Legacy SCIM User Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-abda73a7-4996-c1b4-2e2a-e46aa3f2a3cc).\n","tags":["SCIM Schemas V3"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"parameters":[{"name":"schemaName","in":"path","description":"The name of the schema to retrieve. This identifies a specific schema supported by SCIM 2.0 specifications that describes the\ncontents of SCIM resources (i.e. User and Group). The schema name can be obtained using the\n[Get List of Supported SCIM Schemas](/onetrust/reference/getschemasusingget) API.\n","required":true,"schema":{"type":"string","enum":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:core:2.0:Group","urn:ietf:params:scim:schemas:onetrust:Group","urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"],"maxLength":255,"minLength":1},"example":"urn:ietf:params:scim:schemas:core:2.0:Group"}],"responses":{"200":{"description":"Schema retrieved successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SchemaResource"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM"]}]}},"/api/scim/v3/ServiceProviderConfig":{"get":{"operationId":"getServiceProviderConfigUsingGET","summary":"Get Service Provider Configuration","description":"Use this API to retrieve the service provider configuration resource. The service provider configuration resource enables discovery of SCIM specification features in a standardized form and provides additional implementation details. This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n>\n> - This API supports OneTrust's Legacy SCIM Integration that leverages SCIM groups, which are unique role-organization combinations that each represent a specific role within a particular organization. For more information, see [Legacy SCIM User Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-abda73a7-4996-c1b4-2e2a-e46aa3f2a3cc).\n","tags":["Service Provider V3"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"responses":{"200":{"description":"Service provider configuration retrieved successfully","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ServiceProviderConfig"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM"]}]}},"/api/scim/v3/Users":{"get":{"operationId":"getUsers","summary":"Get List of Users","description":"Use this API to retrieve a list of users along with user details such as the created date, last modified date, name, and email. This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n>\n> - This API supports OneTrust's Enhanced SCIM Integration that leverages Group Provisioning to manage access for users by provisioning them to one or more user groups. For more information, see [SCIM User & Group Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-93f936ef-8076-280c-a58e-ba2d3437dfad).\n> - The response will always return the following values for roles and organization: `\"roles\": []` and `\"organization\": null`.\n> - OneTrust supports the use of SCIM filters to identify specific users:\n> - Filters can be applied on the `id`, `externalId`, `email`, `emails`, `givenName`, `familyName`, `userType`, and `active` attributes.\n> - The supported logical operators are `eq` (equal), `co` (contains), `sw` (starts with), `gt` (greater than), `ge` (greater than or equal to), `lt` (less than), and `le` (less than or equal to).\n> - The `filter` query parameter is applied in the following format: attribute operator \"value\". For example, emails co \"onetrust.com\" would return a list of user records that contain emails with the onetrust.com domain.\n","tags":["Users V3"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"parameters":[{"name":"startIndex","in":"query","description":"Starting value of the response.","schema":{"type":"string","default":"1","minimum":1}},{"name":"count","in":"query","description":"The number of entries to be returned in the response.","schema":{"type":"string","default":"25","maximum":25,"minimum":1}},{"name":"filter","in":"query","description":"The search filter to apply to the search criteria. For example, `emails co \"onetrust.com\"` would return a list of user records that\ncontain emails with the onetrust.com domain.\n","schema":{"type":"string"},"example":"userType eq \"Internal\""}],"responses":{"200":{"description":"OK\n\nUsers retrieved successfully.\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/ListResponse"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM","INTEGRATION","USER"]}]},"post":{"operationId":"createUser","summary":"Create User","description":"Use this API to create a user and associate that user with the configured organization and role. This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n>\n> - This API supports OneTrust's Enhanced SCIM Integration that leverages Group Provisioning to manage access for users by provisioning them to one or more user groups. For more information, see [SCIM User & Group Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-93f936ef-8076-280c-a58e-ba2d3437dfad).\n> - The response will always return the following values for roles and organization: `\"roles\": []` and `\"organization\": null`.\n> - If a value is not provided for roles or organization in the request, the newly created user will be assigned the default role and organization as configured on the **User Provisioning** screen within **Global Settings** in the OneTrust application.\n> - This API supports assigning the user to multiple roles within one organization. If the user should be assigned to other user groups, use the [Modify User Group](/onetrust/reference/updategroup) API.\n","tags":["Users V3"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserResource"}}}},"responses":{"201":{"description":"Created\n\nUser created successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserResource"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM","INTEGRATION","USER"]}]}},"/api/scim/v3/Users/{id}":{"get":{"operationId":"getUserById","summary":"Get User","description":"Use this API to retrieve the details of a specific user. The response will include details such as the created date, emails, and user groups to which the user belongs. This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n>\n> - This API supports OneTrust's Enhanced SCIM Integration that leverages Group Provisioning to manage access for users by provisioning\nthem to one or more user groups. For more information, see [SCIM User & Group Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-93f936ef-8076-280c-a58e-ba2d3437dfad).\n> - The response will always return the following values for roles and organization: `\"roles\": []` and `\"organization\": null`.\n","tags":["Users V3"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"parameters":[{"name":"id","in":"path","description":"Unique and permanent identifier of the user within the OneTrust application. This value is assigned by the application\nduring the creation of a user account. The `id` can be obtained using the [Get List of Users](/onetrust/reference/getusers) API.\n","required":true,"schema":{"type":"string","format":"uuid"},"example":"550e8400-e29b-41d4-a716-446655440000"}],"responses":{"200":{"description":"OK\n\nUser retrieved successfully.\n","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserResource"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM","INTEGRATION","USER"]}]},"put":{"operationId":"updateUser","summary":"Update User","description":"Use this API to fully update all attributes for a user. This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n>\n> - This API supports OneTrust's Enhanced SCIM Integration that leverages Group Provisioning to manage access for users by provisioning them to one or more user groups. For more information, see [SCIM User & Group Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-93f936ef-8076-280c-a58e-ba2d3437dfad).\n> - The response will always return the following values for roles and organization: `\"roles\": []` and `\"organization\": null`.\n> - The following user attributes will be updated using this API: `givenName`, `familyName`, `externalId`, `active`, `division`, `employeeNumber`, `department`, `manager`, and `title`.\n> - Any attributes not included in the request will be replaced with a `null` value. It is best to first retrieve the latest user record using the [Get User](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/getuserbyid) API, and then modify that response to use in the request for this API. If you only need to update some but not all attributes, use the [Modify User](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/modifyuser) API.\n","tags":["Users V3"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"parameters":[{"name":"id","in":"path","description":"ID that uniquely identifies the SCIM user. The `id` can be obtained using the [Get List of Users](/onetrust/reference/getusers) API.\n","required":true,"schema":{"type":"string","format":"uuid"},"example":"550e8400-e29b-41d4-a716-446655440000"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserResource"}}}},"responses":{"200":{"description":"OK\n\nUser details modified successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserResource"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM","INTEGRATION","USER"]}]},"patch":{"operationId":"modifyUser","summary":"Modify User","description":"Use this API to activate a user, deactivate a user, or partially update a user's attributes. This API should only be used when provisioning and managing users from your Identity Provider using the System for Cross-Domain Identity Management (SCIM) standard to facilitate the automated creation of user identities from a third-party identity management application.\n\n> 🗒 Things to Know\n>\n> - This API supports OneTrust's Enhanced SCIM Integration that leverages Group Provisioning to manage access for users by provisioning them to one or more user groups. For more information, see [SCIM User & Group Provisioning](https://my-onetrust-com.surrey.idm.oclc.org/s/article/UUID-93f936ef-8076-280c-a58e-ba2d3437dfad).\n> - The response will always return the following values for roles and organization: `\"roles\": []` and `\"organization\": null`.\n> - The `path` parameter is optional and should only be used when updating a single user attribute. For example, if you only wanted to update the `externalId`, then your `path` would be `externalId` and your `value` would be a `string`. If no `path` is provided, you must build out a JSON body for updating the user's attributes.\n","tags":["Users V3"],"x-onetrust":{"spec-label":"https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/openapi/platform-user-provisioning.json"},"parameters":[{"name":"id","in":"path","description":"Identifier that uniquely identifies the SCIM user. The `id` can be obtained using the\n[Get List of Users](/onetrust/reference/getusers) API.\n\n","required":true,"schema":{"type":"string","format":"uuid"},"example":"550e8400-e29b-41d4-a716-446655440000"}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/PatchUserResourceRequest"}}}},"responses":{"200":{"description":"OK\n\nUser details updated successfully.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/UserResource"}}}},"400":{"description":"Bad Request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"429":{"description":"Too Many Requests. \nFor more information, see [API Rate Limits](https://developer-onetrust-com.surrey.idm.oclc.org/onetrust/reference/rate-limits-overview).","headers":{"Retry-After":{"schema":{"description":"The number of seconds after which requests will be allowed again.","format":"int32"}},"ot-period":{"schema":{"description":"The unit of time for which the rate limit applies","enum":["HOUR","MINUTE"]}},"ot-ratelimit-event-id":{"schema":{"description":"The unique identifier for the rate-limiting event.","format":"uuid"}},"ot-request-made":{"schema":{"description":"The number of requests made within the specified period.","format":"int32"}},"ot-requests-allowed":{"schema":{"description":"The number of requests allowed within the specified period.","format":"int32"}}}},"500":{"description":"Internal Server Error"}},"security":[{"OAUTH2":["SCIM","INTEGRATION","USER"]}]}}},"components":{"schemas":{"UserGroup":{"type":"object","properties":{"value":{"description":"Unique identifier of a group in the application.","type":"string","example":"5175be33-9b8d-4483-9d8b-1a9fb78bd97d"},"display":{"description":"Name of the User Group in the application.","type":"string","example":"R&D"}},"readOnly":true,"title":"Group"},"Email":{"type":"object","properties":{"value":{"description":"Email of the user.","type":"string","format":"email","example":"gpburdell@onetrust.com","minLength":1},"display":{"description":"Email of the user.","type":"string","format":"email","example":"gpburdell@onetrust.com","readOnly":true},"primary":{"description":"Is the email the user's primary. Always `true` in the OneTrust application.","type":"boolean","example":true,"default":"true","readOnly":true},"$ref":{"description":"Reference for the attribute","type":"string","format":"string"},"type":{"description":"The type of the email. In the OneTrust application, type is always 'work'.","type":"string","example":"work","default":"work"}},"required":["value"]},"AbstractBaseResource":{"type":"object","properties":{"id":{"description":"Unique identifier for the user created by the OneTrust application.","type":"string","format":"uuid","example":"aeb3d45d-0c05-4ff0-b635-6e3c3b2f86ea","maxLength":100,"readOnly":true},"externalId":{"description":"External Id","type":"string","example":"3PNdoRZES0GLfV+9y1dDwQ==","maxLength":100},"meta":{"$ref":"#/components/schemas/Meta","readOnly":true},"schemas":{"type":"array","items":{"type":"string"},"uniqueItems":true,"writeOnly":true}},"title":"AbstractBaseResource"},"EnterpriseUser":{"type":"object","properties":{"businessUnit":{"description":"User's business unit.","type":"string","example":"ESG","maxLength":255},"division":{"description":"The division with which the user is associated.","type":"string","example":"North America","maxLength":255},"employeeNumber":{"description":"User's employee number or ID.","type":"string","example":"8675309","maxLength":255},"officeLocation":{"description":"The office location of the user.","type":"string","example":"New York","maxLength":255},"department":{"description":"The department with which the user is associated.","type":"string","example":"R&D","maxLength":255},"manager":{"$ref":"#/components/schemas/Manager"},"organization":{"description":"Organization of the user within the OneTrust application.","type":"string","example":"OneTrust","maxLength":255},"legacyManager":{"description":"The legacy manager of the user.","type":"string","example":"legacy manager","maxLength":255}},"title":"Additional Attributes"},"GroupResource":{"type":"object","properties":{"id":{"description":"Unique identifier for the user created by the OneTrust application.","type":"string","format":"uuid","example":"aeb3d45d-0c05-4ff0-b635-6e3c3b2f86ea","maxLength":100,"readOnly":true},"externalId":{"description":"External Id","type":"string","example":"3PNdoRZES0GLfV+9y1dDwQ==","maxLength":100},"meta":{"$ref":"#/components/schemas/Meta","readOnly":true},"schemas":{"type":"array","items":{"type":"string","default":"urn:ietf:params:scim:schemas:core:2.0:Group","description":"A collection of attribute definitions that describe the contents of an entire or partial resource.","enum":["urn:ietf:params:scim:schemas:core:2.0:Group","urn:ietf:params:scim:schemas:onetrust:Group"],"example":"urn:ietf:params:scim:schemas:core:2.0:Group"},"uniqueItems":true},"displayName":{"description":"Assessments Manager - ADFS","type":"string","example":"Test Group","maxLength":255,"minLength":1},"members":{"type":"array","items":{"$ref":"#/components/schemas/Member"}},"urn:ietf:params:scim:schemas:onetrust:Group":{"$ref":"#/components/schemas/OneTrustGroup"}},"required":["displayName"],"title":"GroupResource"},"Manager":{"type":"object","properties":{"value":{"description":"The manager's GUID or `id` in the OneTrust application. Leverage the [Get List of Users](/onetrust/reference/getusers) API to obtain a list of users. Use the manager's `id` to populate `value`.","type":"string","example":"23498234-9283-4620-8204-652982504620","maxLength":100,"minLength":1},"displayName":{"description":"Manager's full name in the application.","type":"string","example":"John Doe","readOnly":true},"$ref":{"description":"Reference URL to the user","type":"string","format":"url","example":"/api/scim/v3/Users/23498234-9283-4620-8204-652982504620","readOnly":true}},"required":["value"],"title":"Manager"},"Member":{"type":"object","properties":{"value":{"description":"The unique ID of the user that you want to add to the Group.","type":"string","format":"uuid","example":"3da9fe38-7845-4658-a96e-00071fa20c2e"},"type":{"description":"The type of the resource.","type":"string","default":"User","enum":["User"]},"$ref":{"description":"A hyperlink to the resource","type":"string","format":"url","example":"/api/scim/v3/Users/1bd418b2-85dd-4f04-955f-e4870e119ef1\"","readOnly":true}},"required":["value"],"title":"Member"},"Meta":{"type":"object","properties":{"created":{"description":"The date and time when the resource was created","type":"string","format":"date-time","example":"2022-05-27T15:28:14.298Z"},"lastModified":{"description":"The date and time when the resource was last modified","type":"string","format":"date-time","example":"2022-05-27T15:28:14.298Z"},"location":{"description":"The URL for the resource","type":"string","format":"uri","example":"/api/scim/v3/Users/53b1325c-081f-4f05-b41b-ba8cbdb7bae9","maxLength":2083,"minLength":1},"version":{"description":"The version of the resource","type":"string","example":"W/\"f0f2a936\"","maxLength":100,"minLength":1},"attributes":{"type":"array","items":{"description":"The set of attributes","example":["active","emails","userName"]},"uniqueItems":true},"resourceType":{"description":"The resource type","type":"string","example":"Group","enum":["User","Group","ResourceType","ServiceProviderConfig","Schema"],"maxLength":100,"minLength":1}},"readOnly":true,"title":"Meta"},"Name":{"type":"object","properties":{"familyName":{"description":"Family name (last name) of the user.","type":"string","example":"Smith","maxLength":100,"minLength":1},"givenName":{"description":"Given name (first name) of the user.","type":"string","example":"John","maxLength":100,"minLength":1}},"title":"Name"},"OneTrustGroup":{"type":"object","properties":{"category":{"description":"The display name of the group","type":"string","example":"HR","maxLength":255,"minLength":1},"description":{"description":"The description of the group","type":"string","example":"HR User Group","maxLength":255,"minLength":1}},"title":"UserGroup"},"Operation":{"type":"object","properties":{"op":{"description":"The operation type","type":"string","example":"add","enum":["add","replace","remove"]},"path":{"description":"The path of the attribute being operated on","type":"string","example":"members"},"displayName":{"description":"The display name of the group","type":"string","example":"Admin Group"},"members":{"type":"array","items":{"$ref":"#/components/schemas/Member"}}}},"PatchGroupResourceRequest":{"allOf":[{"$ref":"#/components/schemas/AbstractBaseResource"},{"type":"object","properties":{"schemas":{"type":"array","items":{"type":"string","default":"urn:ietf:params:scim:schemas:core:2.0:Group","description":"A collection of attribute definitions that describe the contents of an entire or partial resource.","enum":["urn:ietf:params:scim:schemas:core:2.0:Group","urn:ietf:params:scim:schemas:onetrust:Group"],"example":"urn:ietf:params:scim:schemas:core:2.0:Group"},"uniqueItems":true},"displayName":{"description":"Display name of the group","type":"string","example":"Administrators","maxLength":255,"minLength":1},"members":{"type":"array","items":{"$ref":"#/components/schemas/Member","readOnly":true},"readOnly":true},"urn:ietf:params:scim:schemas:onetrust:Group":{"$ref":"#/components/schemas/OneTrustGroup"},"Operations":{"type":"array","items":{"$ref":"#/components/schemas/Operation"}}}}]},"UserResource":{"type":"object","allOf":[{"$ref":"#/components/schemas/AbstractBaseResource"},{"type":"object","properties":{"schemas":{"type":"array","items":{"description":"A collection of attribute definitions that describe the contents of an entire or partial resource.","enum":["urn:ietf:params:scim:schemas:core:2.0:User"],"example":"urn:ietf:params:scim:schemas:core:2.0:User"},"uniqueItems":true},"userName":{"description":"Username of the user in the OneTrust application.","type":"string","format":"email","example":"gpburdell@onetrust.com","maxLength":256},"name":{"$ref":"#/components/schemas/Name"},"userType":{"description":"Type of the user.","type":"string","example":"Internal","enum":["Internal","External"]},"active":{"description":"The flag to check whether the user is an active or an inactive user.","type":"boolean","example":true},"groups":{"type":"array","items":{"$ref":"#/components/schemas/UserGroup","readOnly":true},"readOnly":true},"emails":{"type":"array","items":{"$ref":"#/components/schemas/Email"}},"roles":{"type":"array","items":{"format":"json","description":"Role of the user within the OneTrust application.","examples":["[\"Auditor\",\"Business Owner\",\"Employee\",\"Privacy Officer\",\"Site Admin\"]"]}},"title":{"description":"Job title of the user","type":"string","example":"Product Manager","maxLength":255},"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User":{"description":"Enterprise user details","$ref":"#/components/schemas/EnterpriseUser"}}}],"required":["name"],"title":"UserResource"},"PatchUserResourceRequest":{"type":"object","properties":{"id":{"description":"Unique identifier for the user created by the OneTrust application.","type":"string","format":"uuid","example":"aeb3d45d-0c05-4ff0-b635-6e3c3b2f86ea","maxLength":100,"readOnly":true},"externalId":{"description":"External Id","type":"string","example":"3PNdoRZES0GLfV+9y1dDwQ==","maxLength":100},"meta":{"$ref":"#/components/schemas/Meta","readOnly":true},"schemas":{"type":"array","items":{"description":"A collection of attribute definitions that describe the contents of an entire or partial resource.","enum":["urn:ietf:params:scim:schemas:core:2.0:User"],"example":"urn:ietf:params:scim:schemas:core:2.0:User"},"uniqueItems":true},"Operations":{"type":"array","items":{"$ref":"#/components/schemas/UserPatchApiOperation"}}}},"UserPatchApiOperation":{"type":"object","properties":{"op":{"description":"Operation to be performed. `add` will add new attributes, `replace` will update current attributes, and `remove` deletes attributes.","type":"string","example":"replace","enum":["add","remove","replace"]},"path":{"description":"Path of operation. If using `path` then only send the `value` as a string not an array. For example, for the `path` of `name.familyName`, send the `value` as `\\\"Burdell\\\"`.","type":"string","example":"members"},"value":{"description":"User attributes to be updated. This is a map of attribute names to their values.","type":"object","additionalProperties":{"type":"string"},"allOf":[{"$ref":"#/components/schemas/AbstractBaseResource"},{"$ref":"#/components/schemas/EnterpriseUser"}]}},"required":["op","value"]},"ResourceTypeResource":{"type":"object","properties":{"id":{"description":"Unique identifier of the resource type","type":"string","format":"uuid","example":"550e8400-e29b-41d4-a716-446655440000"},"name":{"description":"Name of the resource type","type":"string","example":"Users","enum":["Users","Groups"]},"endpoint":{"description":"Resource URL endpoint","type":"string","example":"/Users"},"description":{"description":"Description of the resource type","type":"string","example":"A user account in the OneTrust system","maxLength":255,"minLength":1},"schema":{"description":"Schema URI for the resource type","type":"string","example":"urn:ietf:params:scim:schemas:core:2.0:User","enum":["urn:ietf:params:scim:schemas:core:2.0:User","urn:ietf:params:scim:schemas:core:2.0:Group"]},"meta":{"$ref":"#/components/schemas/Meta","readOnly":true},"schemaExtensions":{"$ref":"#/components/schemas/SchemaExtension"}},"required":["description","endpoint","id","name","schema"]},"SchemaExtension":{"type":"object","properties":{"schema":{"description":"The schema extension schema","type":"string","example":"urn:ietf:params:scim:schemas:onetrust:Group"},"required":{"description":"True if the schema extension is required","type":"boolean","example":true}},"required":["required","schema"]},"AuthenticationScheme":{"type":"object","properties":{"name":{"description":"Name of the authentication scheme","type":"string","example":"Oauth2 Bearer"},"description":{"description":"Description of the authentication scheme","type":"string","example":"OAuth2 Bearer access token is used for authorization."},"specUrl":{"description":"URI of the specification for the authentication scheme","type":"string","example":"http://tools.ietf.org/html/rfc6749"},"documentationUrl":{"description":"URI to retrieve more information about the authentication scheme","type":"string","example":"http://oauth.net/2/"},"type":{"description":"Type of the authentication scheme","type":"string","example":"oauthbearertoken"},"primary":{"description":"Indicates whether the authentication scheme is primary","type":"boolean","example":true}}},"BulkSupported":{"type":"object","properties":{"supported":{"description":"Indicates whether the service provider supports the operation","type":"boolean","example":false},"maxOperations":{"type":"integer","format":"int32"},"maxPayloadSize":{"type":"integer","format":"int32"}}},"FilterSupported":{"type":"object","properties":{"supported":{"description":"Indicates whether the service provider supports the operation","type":"boolean","example":false},"maxResults":{"type":"integer","format":"int32"}}},"ServiceProviderConfig":{"type":"object","properties":{"schemas":{"description":"A collection of resource types supported by the service provider","type":"array","items":{"type":"string","description":"A collection of resource types supported by the service provider","example":"[\"urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig\"]"},"example":["urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"],"uniqueItems":true},"patch":{"$ref":"#/components/schemas/Supported"},"bulk":{"$ref":"#/components/schemas/BulkSupported"},"filter":{"$ref":"#/components/schemas/FilterSupported"},"changePassword":{"$ref":"#/components/schemas/Supported"},"sort":{"$ref":"#/components/schemas/Supported"},"etag":{"$ref":"#/components/schemas/Supported"},"xmlDataFormat":{"$ref":"#/components/schemas/Supported"},"authenticationSchemes":{"type":"array","items":{"$ref":"#/components/schemas/AuthenticationScheme"}},"meta":{"$ref":"#/components/schemas/Meta","readOnly":true}},"title":"ServiceProviderConfig"},"Supported":{"type":"object","properties":{"supported":{"description":"Indicates whether the service provider supports the operation","type":"boolean","example":false}}},"ListResponse":{"type":"object","properties":{"schemas":{"type":"array","items":{"type":"string","description":"List of Schemas.","example":"urn:ietf:params:scim:schemas:core:2.0:User"},"uniqueItems":true},"totalResults":{"description":"The total number of results in the list.","type":"integer","format":"int32","example":2,"minimum":0},"startIndex":{"description":"TThe starting point of the result list.","type":"integer","format":"int32","example":1,"minimum":1},"itemsPerPage":{"description":"The number of items per results page.","type":"integer","format":"int32","example":25,"minimum":0},"Resources":{"type":"array","items":{"$ref":"#/components/schemas/GroupResource","type":"object","anyOf":[{"$ref":"#/components/schemas/GroupResource"},{"$ref":"#/components/schemas/UserResource"},{"$ref":"#/components/schemas/ResourceTypeResource"},{"$ref":"#/components/schemas/ServiceProviderConfig"}],"description":"Resources."}}}},"SchemaResource":{"type":"object","properties":{"id":{"description":"Unique identifier of the schema","type":"string","format":"uuid","example":"b430e8b1-748a-4f03-aa18-d32a79a3fae8"},"name":{"description":"Name of the schema","type":"string","example":"User","enum":["User","Group","OneTrustGroup","EnterpriseUser"]},"description":{"description":"Description of the schema","type":"string","example":"User schema representation"},"attributes":{"type":"array","items":{"type":"object","description":"Attribute definition","example":{"name":"name","type":"string","schema":"urn:ietf:params:scim:schemas:core:2.0","subAttributes":[]}}},"meta":{"description":"Metadata about the schema","example":{"resourceType":"User"},"$ref":"#/components/schemas/Meta","readOnly":true}},"required":["attributes","description","id","meta","name"]}},"securitySchemes":{"OAUTH2":{"type":"oauth2","flows":{"clientCredentials":{"tokenUrl":"https://{hostname}/api/access/v1/oauth/token","scopes":{"SCIM":"Grants full access to the SCIM APIs for User Provisioning. This includes all the endpoints under Users, Groups, Resources, Schemas and Service Provider."}}}}}}}