Cheatsheet for Groups and Roles SCIM requests

Groups and Role Separation

Relationship with users-groups-roles-permissions

Prior to WSO2 Identity Server (IS)-5.11.0, both groups and roles were considered as roles in the server. They were managed either roles section in the management console or SCIM2.0 /Groups endpoint.

Even though we supported both Groups and Roles together those two terms…

Send your notification as you wish

When you are finding this blog, you might be searching for “how to send a google chat notification from a GitHub action”. You may have already tried out several marketplace actions available for google chat notifications; such as,

but you are not satisfied with…

Find different flavors of PATCH operations under one hood

I thought to write this blog because I’ve seen many developers in the community are struggling to form the PATCH payload properly.

RFC 7644 3.5.2. Modifying with PATCH describes this fact more than enough. …

If the user makes multiple failed OTP verification attempts, the user account gets locked


I’m sure all of you may know password brute force attacks. It’s nothing but guessing the password of a user account systematically trying out every possible combination of allowed characters(letters, numbers, symbols, etc). In order to mitigate this attack Identity and Access Management solutions provide multiple options. …

Write tests for your REST API

API Testing is a crucial step of your API(Application Programming Interface) development life cycle because testing ensures that end-to-end functionality works properly. Also, it verifies that API satisfies the application end-user business requirement. …

Different Notification Senders for Different Tenants


When you are using the WSO2 Identity Server you may have the requirement of sending notifications to the end-users based on the user-operations (examples: user onboarding, password recovery, username recovery).WSO2 IS has an eventing framework to trigger events based on user operations that are…

Let’s find out the Bulk operation support in WSO2 IS-5.10.0 with samples from one place

What is Bulk operation?

  • The capability to send multiple resource operations in a single request.
  • This is an optional feature for a SCIM service provider.
  • Bulk operation is described in RFC7644 section 3.7 in detail.
  • POST operation for /Bulk

❓Why Extended Attributes?

In my previous blog, I explained the core and basics of SCIM schema. There you can see how SCIM defines the user object. It contains a common set of user attributes that ensure interoperability with heterogeneous user management systems. The core schema for “User” is identified using the following schema…

🤔 What is SCIM?

According to the specification SCIM means

The System for Cross-domain Identity Management (SCIM) specification is designed to manage user identity in cloud-based applications and services in a standardized way to enable interoperability, security, and scalability.

In simple terms,

SCIM is a standardized way of representing users, groups, and any other…

Anuradha Karunarathna

Software Engineer@ WSO2 | Computer Science and Engineering graduate@ University of Moratuwa, SriLanka

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store