Retrieves a list of users that belong to a specified tenant and match the search filter criteria.

Entitlement required: readUserGroups (Read users and groups), or manageUserGroups (Manage users and groups), or manageAllUserGroups (Synchronize users and groups), or manageUserStandardGroups (Manage users and standard groups), or readUsers (Read all users but not group memberships), or readUsersGroupMembership (Read all users and group memberships), or readUsersStandardGroupMembership (Read all users and standard group memberships), or manageUsers (Manage all users), or manageUsersInStandardGroups (Manage users in standard groups).
Note: You only need one entitlement, but you can have more than one.

Searching, sorting, paging, and filtering are supported. A maximum of 2500 records are returned for a search query.

To improve performance, specify the list of the attributes that you want returned by using the attributes query parameter.

Search operators supported:

eqThe attribute and operator values must be identical for a match.
neThe attribute and operator values are not identical.
coThe entire operator value must be a substring of the attribute value for a match. For performance reasons, use sw or ew operators instead of co.
swThe entire operator value must be a substring of the attribute value, starting at the beginning of the attribute value.
ewThe entire operator value must be a substring of the attribute value, matching at the end of the attribute value.
prIf the attribute has a value, there is a match.
nprIf the attribute does not have a value, there is a match.
gtIf the attribute value is greater than the operator value, there is a match. The actual comparison is dependent on the attribute type.
geIf the attribute value is greater than or equal to the operator value, there is a match. The actual comparison is dependent on the attribute type.
ltIf the attribute value is less than the operator value, there is a match. The actual comparison is dependent on the attribute type.
leIf the attribute value is less than or equal to the operator value, there is a match. The actual comparison is dependent on the attribute type.


Example search queries:
filter=userName eq "bob"&attributes=userName
filter=name.familyName eq "Marley"&attributes=name
filter=meta.created ge "2011-09-20T00:00:00Z" and meta.created le "2021-09-21T00:00:00Z"&attributes=userName,meta.created,emails&sortBy=userName&count=2500
filter=urn:ietf:params:scim:schemas:extension:ibm:2.0:User:customAttributes.favoriteColor eq "blue"&attributes=userName,urn:ietf:params:scim:schemas:extension:ibm:2.0:User:customAttributes.favoriteColor&count=2500
filter=urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department eq "2A"&attributes=userName,emails,urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager
filter=not (emails ew "@example.com")&attributes=userName,emails
filter=emails ew "@example.com" and (phoneNumbers eq "15551212" or phoneNumbers eq "1(555)1212")&attributes=userName,phoneNumbers,emails
Note: There are some special syntax for "phoneNumbers" to allow filtering using the type, such as GET /v2.0/Users?filter=phoneNumbers.work eq "{value}"&attributes=phoneNumbers.work


For tenants that support large groups, additional feature are available. They are:
- Search for users in a specific group by using the "memberOf" SCIM attribute. For example. GET /v2.0/Users?filter=userName sw "patel" and memberOf eq "{group ID}"
- Restrict HelpDesk administrators to manage specific groups of users by using Admin Roles.

To check whether the tenant supports large groups, run the GET /v2.0/SCIM/capabilities API.

Language
URL