====== SCIM module - Creating a user with group assigned ======

{{tag> scim}}

[[devel:documentation:modules_scim | SCIM]] module was added in CzechIdM 8.1.0. 

The aim of this tutorial is to create a new group (~ IdM role), a user (~ IdM identity) with contract (~ IdM identity contract). Then assign him a group (~IdM identity role).

===== What do you need before you start =====

  * We need to install CzechIdM 8.1.0 (and higher). In the example below, we use localhost:8080 as url on which the CzechIdM run.
  * We need to install [[devel:documentation:modules_scim|Scim module]] into CzechIdM.
  * Create an identity, which has permission to create and read reports. We are using the default ''admin:admin'' identity.

Note: [[devel:documentation:modules_scim#swagger|Swagger]] can be used in the example.

===== 01 Create user =====

Only ''userName'' attribute is required for creating a user:

<code bash>
curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'Authorization: Basic YWRtaW46YWRtaW4=' -d '{ 
    "schemas": [ 
      "urn:ietf:params:scim:schemas:core:2.0:User" 
     ],
     "userName": "scimOne"
 }' 'http://localhost:8080/idm/api/v1/scim/Users'
</code>

===== 02 Create contract =====

Default contract is created automatically for new user (if default contract is enabled by [[.:application_configuration:dev:backend#identity|configuration]]).

Created contracts for user can be found:

<code bash>
curl -X GET --header 'Accept: application/json' --header 'Authorization: Basic YWRtaW46YWRtaW4=' 'http://localhost:8080/idm/api/v1/scim/Users/scimOne/Contracts'
</code>

But if we want to create new contract:
<code bash>
curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'Authorization: Basic YWRtaW46YWRtaW4=' -d '{ 
 "schemas": [ 
     "urn:ietf:params:scim:schemas:CzechIdM:8.1:Contract" 
   ], 
 "user": "scimOne", 
 "position": "test" 
 }' 'http://localhost:8080/idm/api/v1/scim/Contracts'
</code>

We will use returned contract ''id'' attribute in next requests. 

===== 03 Create group with member =====

Now we have user and contract. Now we will create new role with this role assigned to user's contract. We can create and assing role with one request:

<code bash>
curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'Authorization: Basic YWRtaW46YWRtaW4=' -d '{ 
       "schemas": [ 
         "urn:ietf:params:scim:schemas:core:2.0:Group" 
       ], 
 "displayName": "roleScimOne", 
 "members": [{ 
 "$ref": "/Users/scimOne/Contracts/5ea857ff-2ec1-4c29-813b-c0d37fc23065" 
 } 
 ] 
 }' 'http://localhost:8080/idm/api/v1/scim/Groups'
</code>

<note tip>Congratulations, you can see from response, group is assigned to given user.</note>

===== Advanced =====

[[.:scim_form_value]]