FreeSCIM API | Okta-Compatible SCIM Lifecycle Platform

Interface contract map

The API space is split by resource families and lifecycle mode: discover, read, write, disable, reconcile, and error recovery all carry explicit expectations for Okta clients and FreeIPA-backed operations.

Integration expectations

Every integration must support tokenized auth and idempotent user lifecycle semantics.
Discovery endpoints such as /scim/v2/ServiceProviderConfig, /Schemas, and /ResourceTypes should be accurate before provisioning rollout.
Filters and paging should stay inside the implemented grammar to avoid unplanned response amplification.
Client behavior should capture both status and correlation headers for replay diagnostics.

Read first

User APIs

Create, update, disable, pagination, and patch behavior.

Groups APIs

Visibility, creation, displayName filtering, and authority boundaries.

Error model

Classify and recover from failures.

SCIM protocol contract checks

Pagination

Default and max page size must be explicit and bounded.

Filtering

Grammar mismatch must return structured errors with deterministic remediation.

Mutations

Idempotent writes require stable client keys and correlation context.