Implementation Details
This feature is available for Enterprise deployments only. If you’d like to get started, please contact support@loginid.io for further details.
The following sections outline how to use SCIM provisioning with LoginID. It includes supported schemas, attribute mappings, and behavioral notes for users and groups, as well as the common actions available through the SCIM API.
Schema and Attribute Mapping
SCIM relies on schemas to define resource structure and on attribute mapping to align fields from your identity provider with LoginID. This ensures consistent user and group information across systems.
User
User schema mapping defines how identity data (like usernames, names, and account status) is structured and
synchronized between your identity provider and LoginID.
| Name | Required | Description |
|---|---|---|
active | No | Indicates whether the user’s account is active (true or false). |
displayName | No | The display name of the user, suitable for end-user display. |
externalId | No | An identifier for the resource as defined by the provisioning client. |
name.familyName | No | The family (last) name of the user. |
name.formatted | No | The full name of the user, formatted for display. |
name.givenName | No | The given (first) name of the user. |
schemas | Yes | An array of URIs that indicate the SCIM schemas used. |
userName | Yes | A unique identifier for the user, typically used for login. |
Behavioral Notes
- If
displayNameis provided:
It is the source of truth, and thenameobject is derived from it.
// Input
{ "displayName": "Ada Lovelace" }
// Output
{ "displayName": "Ada Lovelace", "name": { "givenName": "Ada", "familyName": "Lovelace", "formatted": "Ada Lovelace" } }
- If only
nameis provided:
AdisplayNameis constructed fromgivenNameandfamilyName.
// Input
{ "name": { "givenName": "Ada", "familyName": "Lovelace", "formatted": "Ada Lovelace" } }
// Output
{ "displayName": "Ada Lovelace", "name": { "givenName": "Ada", "familyName": "Lovelace", "formatted": "Ada Lovelace" } }
- If neither
displayNamenornameis provided:
TheuserNameis used as both thedisplayNameand the fallbackname.
// Input
{ "userName": "Jeffery26" }
// Output
{ "displayName": "Jeffery26", "name": { "givenName": "Jeffery26", "formatted": "Jeffery26" } }
The name fields are currently not stored independently. They are always derived from the displayName.
Group
Group schema mapping describes how group-related information—such as names, identifiers, and membership lists—is
exchanged.
| Name | Required | Description |
|---|---|---|
displayName | Yes | A human-readable name for the Group, suitable for display. |
externalId | No | An identifier for the resource as defined by the provisioning client. |
members | No | A list of members of the Group. Each member includes: |
members.display | No | A human-readable name for the member, primarily used for display purposes. |
members.value | No | The identifier (e.g., User ID) of the member. |
schemas | Yes | An array of URIs that indicate the SCIM schemas used. |
Behavioral Notes
- If both
displayNameandexternalIdare provided:
externalIdtakes precedence.
// Input
{ "displayName": "Engineering", "externalId": "eng-group-001" }
// Stored
{ "displayName": "eng-group-001", "externalId": "eng-group-001" }
- If both
displayNameandexternalIdare provided:
It is also used as theexternalId.
// Input
{ "displayName": "Engineering" }
// Stored
{ "displayName": "Engineering", "externalId": "Engineering" }
Common Actions
LoginID supports a core set of actions for creating, reading, updating, and deleting users and groups, as well as listing them with query parameters.
Notes
- The only supported query parameters are:
countstartIndex
- Extensions are not currently supported.
Users
User actions manage the full lifecycle of accounts in LoginID to ease provisioning and deprovisioning.
Groups
Group actions handle organizational structures and memberships, enabling policy-driven access control.