Entitlement required: readUserGroups (Read users and groups), or manageUserGroups (Manage users and groups), or manageAllUserGroups (Synchronize users and groups), or manageUserStandardGroups (Manage users and standard groups), or readUsers (Read all users but not group memberships), or readUsersGroupMembership (Read all users and group memberships), or readUsersStandardGroupMembership (Read all users and standard group memberships), or manageUsers (Manage all users), or manageUsersInStandardGroups (Manage users in standard groups).
Note: You only need one entitlement, but you can have more than one.
Overview
Searching, sorting, paging, and filtering are supported. A maximum of 2500 records are returned for a search query. To retrieve more than 2500 records, use User reports.
Performance Optimization
To improve performance, use the attributes query parameter to specify only the attributes you need. Choose faster search operators when possible.
Operator Performance:
- Faster operators: eq, sw, ew, ge, le
- Slower operators: pr, npr, co, gt, lt, ne
Best Practices:
- Use ge and le instead of gt and lt
- Use sw or ew instead of co when possible
- Avoid the ne operator
Supported Search Operators
- eq - Equal. The attribute and operator values must be identical for a match.
- sw - Starts with. The operator value must match the beginning of the attribute value.
- ew - Ends with. The operator value must match the end of the attribute value.
- ge - Greater than or equal. The attribute value is greater than or equal to the operator value.
- le - Less than or equal. The attribute value is less than or equal to the operator value.
- ne - Not equal. The attribute and operator values are not identical.
- co - Contains. The entire operator value must be a substring of the attribute value.
- pr - Present. Matches if the attribute has a value.
- npr - Not present. Matches if the attribute does not have a value.
- gt - Greater than. The attribute value is greater than the operator value.
- lt - Less than. The attribute value is less than the operator value.
Example Search Queriesfilter=userName eq "bob"&attributes=userNamefilter=name.familyName eq "Marley"&attributes=namefilter=urn:ietf:params:scim:schemas:extension:ibm:2.0:User:customAttributes.favoriteColor eq "blue"&attributes=urn:ietf:params:scim:schemas:extension:ibm:2.0:User:customAttributes.favoriteColorfilter=urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department eq "2A"&attributes=urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:departmentfilter=emails ew "@example.com" and (phoneNumbers.mobile eq "15551212" or phoneNumbers.mobile eq "1(555)1212")&attributes=phoneNumbers.mobile,emails
Phone Number Filtering
Special syntax is available for phoneNumbers to filter by type. Example:GET /v2.0/Users?filter=phoneNumbers.mobile eq "{value}"&attributes=phoneNumbers.mobile
Using phoneNumbers without type will search for all types of phoneNumbers which is not efficient.
Large Groups Support
For tenants that support large groups, additional features are available:
- Search for users in a specific group by using the memberOf SCIM attribute. Example: GET /v2.0/Users?filter=userName sw "patel" and memberOf eq "{group ID}"
- Restrict HelpDesk administrators to manage specific groups of users by using Admin Roles.
To determine whether the tenant supports large groups, run the GET /v2.0/SCIM/capabilities API.
| Time | Status | User Agent | |
|---|---|---|---|
Retrieving recent requests… | |||
