Anaplan SCIM APIs in Postman

ChrisStauffer

WHAT IS SCIM?

System for Cross-domain Identity Management, is a REST and JSON-based protocol open standard created in 2011 that allows companies to securely automate the exchange of user identity data between an identity provider, such as OKTA or Azure Active Directory, and an enterprise SaaS application, such as Anaplan or Slack.

WHAT IS ANAPLAN SCIM?

The Anaplan SCIM Service is the Anaplan implementation of the System for Cross-domain Identity Management (SCIM) standard. Here are the eight Anaplan endpoints:

• Get single user and workspace details
• Get multiple users
• Add a user and their workspaces
• Replace user
• Edit user details
• Get supported SCIM capabilities
• Get resource types
• Get resource schema

The steps below provide details on how to test the Anaplan SCIM APIs using Postman, a tool used by developers to create, share, test, and document APIs.

Authenticate: To use the SCIM APIs, the User account needs to be a user admin.

Get a single user and workspace details

1. Set the user id as a variable in the Postman environment {{api-user-id}} is a user id.

2. https://api.anaplan.com/scim/1/0/v2/Users/{{api-user-id}}

3. In the below example I am retrieving my user account details where userName is your Anaplan email login.

Get multiple users

1. Use this endpoint to search for users and associated workspaces. For example, I’ve search for a user whose family name equals “Doe”

2. https://api.anaplan.com/scim/1/0/v2/Users?filter=name.familyName Eq "Doe"

3. Check the searchable filter fields table in the apiary.
4. Replace with your last name to see results.

Add a user to workspace(s)

1. Use this call to add a user, their name details, and their workspace entitlements.
2. POST https://api.anaplan.com/scim/1/0/v2/Users
3. Add the Headers: Accept and Content-Type = application/scim+json
4. Paste and edit this in the body section (replace with your new user details). Reference the apiary for user attribute parameters and entitlement type syntax.

     {

        "schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],

        "userName":"input",

        "externalId":"input",

        "name":{

          "formatted":"input",

          "familyName":"input",

          "givenName":"input"

        },

        "displayName": "input",

        "entitlements":[

        {

          "value":"input",

          "display": "input",

          "type":"WORKSPACE"

        }

        ]

     }

Below shows the request as typed into the body tab.

The below shows the result, a new user named “Janet Doe” added to the Partner Success Dev workspace.

Below shows the result in Anaplan Administration of the new user named Janet Doe.

Replace user details

1. Use this API request to replace user details. Paste in your userid in the call below.
2. PUT https://api.anaplan.com/scim/1/0/v2/Users/userid
3. In the body paste in the below. “id” = userid of the user you are changing.

     {

        "schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],

        "id":" input ",

        "userName":"input",

        "externalId":"input",

        "name":{

          "formatted":"input",

          "familyName":" input ",

          "givenName":" input "

        },

        "displayName": " input ",

        "entitlements":[

        {

          "value":" input ",

          "display": " input ",

          "type":"WORKSPACE"

        }

        ]

     }

Below shows the request in the body tab to change the user’s name from Janet Doe to James Doe.

The Postman Response shows the new name.

And the updated name in Anaplan Administration.

NOTE: The user details in the model itself require a call to a core refresh endpoint, which is not done from all SCIM endpoints because it can be a blocking event in core for models with thousands of users.  Therefore you can either run this api call to refresh users:

 

https://api.anaplan.com/2/0/workspaces/workspaceID/refreshUsers

 

 * OR *

 

You can manually force a core call by making a change to another user in the model (e.g. add/remove a model role) to trigger the model to refresh itself.  Otherwise you will see the changes the next time core reads it into memory.

 

Edit User Details

1. Use this API request to edit user details.
2. PATCH https://api.anaplan.com/scim/1/0/v2/Users/userid
3. Paste the user id into the above call.
4. Paste the below into the Body, there are many mutable attributes.

{

    "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],

    "Operations": [{

        "op": "add",

        "path": "name.familyName",

        "value": " input "

    }]

}

In the below shows the request to edit the last name from "Doe" to "Smith".

And the Postman response.

The change updated in Anaplan Administration.

Get supported SCIM capabilities

1. Provides readout of all Anaplan SCIM abilities
2. https://api.anaplan.com/scim/1/0/v2/ServiceProviderConfig

Get All Resource Types

1. Use this call to retrieve all of the resource types supported.
2. https://api.anaplan.com/scim/1/0/v2/ResourceTypes

Get Resource schema

1. Use this call to obtain the supported attributes for resources (e.g., User) and the attribute meta-data.
2. https://api.anaplan.com/scim/1/0/v2/Schemas

Here is a video demonstrating OKTA-Anaplan integration using Anaplan SCIM APIs behind the scenes:

Here is a link to the Anaplan SCIM apiary:

Happy API-ing! Reach out to me if you would like the Postman collection.

Contributing author Anne-Julie Balsamo.

KrisC

Hi all.  How do you simply remove access to 1 workspace.  Removal of all is overkill, and just replacing the word 'add' with 'remove' in the edit user details fails.  Documentation does not appear to have this detail spelled out, so appreciate any help you can provide.