User Activation

When the active attribute is set to true:

If the user has ever been activated in the past, then their status will be set to activated.
Otherwise, the user's status will be set to invited, and an invite email will be sent to the email address specified by userName.

When the active attribute is set to false, then the user's status will be set to deactivated.

Required Attributes

The schemas attribute is required and must be an array containing "urn:ietf:params:scim:api:messages:2.0:PatchOp".
The Operations attribute is required and must contain one or more "add", "remove", or "replace" operation. Each operation is an object that must contain an "op" attribute, and optionally "path" and "value" attributes depending on the value of "op".

Op

Each operation must contain an op attribute. Acceptable values for op are "add", "remove", or "replace".

Path

The path attribute is optional for "add", and "replace", but required for "delete". It is used to specify the target of the operation. That is, it can be used to identify exactly which use attribute you wish to affect. For example, a replace with the path "name.givenName" will update the user's given name only whereas the path "name" will update the user's entire name.

Examples:

  {
      "Operations": [
          {
              "op": "replace",
              "path": "name.givenName",
              "value": "new given name"
          }
      ],
      "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"]
  }

  {
      "Operations": [
          {
              "op": "replace",
              "path": "name",
              "value": { "givenName": "new given name", "familyName": "new family name" }
          }
      ],
      "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"]
  }

Supported path values include:

"active"
"name"
"name.givenName"
"name.familyName"
"urn:ietf:params:scim:schemas:extension:informedk12:2.0:User"
"urn:ietf:params:scim:schemas:extension:informedk12:2.0:User:ik12Roles"
"urn:ietf:params:scim:schemas:extension:informedk12:2.0:User.ik12Roles"

Value

The value attribute is required for "add", "replace". It is used to specify the new value for the attributes to be updated. It can be an object, array, or string depending on the value of path.

Operations

Add

The "add" operation can be used to add attributes to a user record. The attributes to update are to be included in the value parameter. A missing path attribute indicates that the target is the user resource itself. If an attribute is already set, an "add" operation will replace the existing value. User attributes not included in value will not be changed.

Examples:

  {
      "Operations": [
          {
              "op": "add",
              "value": {
                  "active": "true",
                  "name": {
                      "givenName": "new given name",
                      "familyName": "new family name"
                  }
              }
          }
      ],
      "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"]
  }

  {
      "Operations": [
          {
              "op": "add",
              "path": "active",
              "value": true
          }
      ],
      "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"]
  }

When updating IK12 Roles the "add" operation will add to the user's existing roles. That is, if the user already has the Form Creator role then the following request would result in the user having the Form Creator and Form Publisher roles.

  {
      "Operations": [
          {
              "op": "add",
              "path": "urn:ietf:params:scim:schemas:extension:informedk12:2.0:User.ik12Roles",
              "value": ["form_publisher"]
          }
      ]
  }

Replace

The "replace" operation can be used replace existing attributes on a user record. The attributes to be updated are to be included in the value parameter. Like with the "add" operation, a missing path attribute indicates that the target is the user resource itself. If an attribute has not a been set, a "replace" operation will add the value. User attributes not included in value will not be changed.

Examples:

  {
      "Operations": [
          {
              "op": "replace",
              "value": {
                  "active": "true",
                  "name": {
                      "givenName": "new given name",
                      "familyName": "new family name"
                  }
              }
          }
      ],
      "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"]
  }

  {
      "Operations": [
          {
              "op": "replace",
              "path": "active",
              "value": true
          }
      ],
      "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"]
  }

Unlike "add", the "replace" operation will replace all of a users roles. That is, if the user already has the Form Creator role then the following request would result in the user having only the User Admin role.

  {
      "Operations": [
          {
              "op": "replace",
              "path": "urn:ietf:params:scim:schemas:extension:informedk12:2.0:User.ik12Roles",
              "value": ["form_publisher"]
          }
      ]
  }

Replacing IK12 roles with [] will clear a user's roles.

Remove

The "remove" operation can be used to clear an existing user attribute.

Example:

  {
      "Operations": [
          {
              "op": "remove",
              "path": "name.givenName"
          }
      ]
  }

Example:

  {
      "Operations": [
          {
              "op": "remove",
              "path": "name.givenName"
          }
      ]
  }

  {
      "Operations": [
          {
              "op": "remove",
              "path": "name.givenName"
          }
      ]
  }