Not supported Constraints Errors Examples Member operations examples

PatchGroup

Existing groups can be updated by calling upon the PATCH operation to replace specific attribute values. For more information, see the Examples section.

Not supported

The IAM Identity Center SCIM implementation does not support the following aspects of this API operation.

None

Constraints

The IAM Identity Center SCIM implementation has the following constraints for this API operation.

Only displayName, members, and externalId attributes are allowed in the request.
A maximum of 100 membership changes are allowed in a single request.

Errors

The following IAM Identity Center SCIM implementation errors are common for this API operation.

Error	Condition	HTTP Status Code
`ValidationException`	Request cannot be parsed, is syntactically incorrect, or violates schema. This error also occurs if the operation is unsupported.	400
`UnauthorizedException`	Authorization header is invalid or missing. This error also occurs if the tenant ID is incorrect.	401
`AccessDeniedException`	Operation is not permitted based on the supplied authorization.	403
`ResourceNotFoundException`	Specified group does not exist.	404
`ThrottlingException`	Too many requests exceeded the limits.	429
`InternalServerException`	Service failed to process the request.	500

Examples

Following are example requests and responses for this API operation.

Example Request


PATCH https://scim.us-east-1.amazonaws.com/{tenant_id}/scim/v2/Groups/9067729b3d-f987ac4d-a175-44f0-a528-6d23c5d2ec4d
User-Agent: Mozilla/5.0
Authorization: Bearer <bearer_token>

{
    "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
    "Operations": [{
        "op": "replace",
        "value": {
            "id": "9067729b3d-07124c20-d960-4a47-93ff-460d76461f81",
            "displayName": "Group Foo New"
        }
    }]
}

Example Response


HTTP/1.1 204 
Date: Tue, 07 Apr 2020 23:59:09 GMT
Content-Type: application/json
x-amzn-RequestId: dad0c91c-1ea8-4b36-9fdb-4f099b59c1c9

Member operations examples

The following three different member operations are supported using the patch operation for a group.

Add members to a group
Replace members in a group (full member list replacement)
Remove members from a group

These member operations can be applied using the examples below.

Add members to a group

In the value field, provide a list of objects containing the value of the user id. Multiple members can be added at a time. For example, if you have a user with the id 906722b2be-ee23ed58-6e4e-4b2f-a94a-3ace8456a36c that you want to add to the group with an id of 9067729b3d-f987ac4d-a175-44f0-a528-6d23c5d2ec4d, use the following call:

Example Request


PATCH  https://scim.us-east-1.amazonaws.com/{tenant_id}/scim/v2/Groups/9067729b3d-f987ac4d-a175-44f0-a528-6d23c5d2ec4d
User-Agent: Mozilla/5.0
Authorization: Bearer <bearer_token>
 
{
   "schemas":[
      "urn:ietf:params:scim:api:messages:2.0:PatchOp"
   ],
   "Operations":[
      {
         "op":"add",
         "path":"members",
         "value":[
            {
               "value":"906722b2be-ee23ed58-6e4e-4b2f-a94a-3ace8456a36c"
            }
         ]
      }
   ]
}

Example Response


HTTP/1.1  204
Date: Mon, 21 Sep 2020 16:39:26 GMT
Content-Type: application/json
x-amzn-RequestId: 1e9abe4c-b6e1-4d3b-bb86-73ca6187e08b

Replace members in a group

In the value field, provide a list of objects containing the value of the user id. Please note that the new list of members provided in the API call will replace all existing members in the group.

For example, if you want to replace all of the members in the group with an id of 9067729b3d-f987ac4d-a175-44f0-a528-6d23c5d2ec4d with a list of two members, use the following call:

Example Request


PATCH  https://scim.us-east-1.amazonaws.com/{tenant_id}/scim/v2/Groups/9067729b3d-f987ac4d-a175-44f0-a528-6d23c5d2ec4d
User-Agent: Mozilla/5.0
Authorization: Bearer <bearer_token>

{
   "schemas":[
      "urn:ietf:params:scim:api:messages:2.0:PatchOp"
   ],
   "Operations":[
      {
         "op":"replace",
         "path":"members",
         "value":[
            {
               "value":"906722b2be-61c204e7-56d0-4dad-882d-f41911b31ccb"
            },
            {
               "value":"906722b2be-da1f7ef3-3e37-473e-95be-df2efaa2590d"
            }
         ]
      }
   ]
}

Example Response


HTTP/1.1  204
Date: Mon, 21 Sep 2020 16:43:52 GMT
Content-Type: application/json
x-amzn-RequestId: 3155a146-f729-4765-af66-fe01c862e688

Remove members from a group

In the value field, provide a list of objects containing the value of the user id. Multiple members can be removed at a time. If the value field contains an empty list or is not provided, all of the path’s members will be removed.

For example, if you want to remove two users, one with the id 906722b2be-61c204e7-56d0-4dad-882d-f41911b31ccb and another with the id 906722b2be-da1f7ef3-3e37-473e-95be-df2efaa2590d, use the following call:

Example Request


PATCH https://scim.us-east-1.amazonaws.com/{tenant_id}/scim/v2/Groups/9067729b3d-f987ac4d-a175-44f0-a528-6d23c5d2ec4d
User-Agent: Mozilla/5.0
Authorization: Bearer <bearer_token>

{
   "schemas":[
      "urn:ietf:params:scim:api:messages:2.0:PatchOp"
   ],
   "Operations":[
      {
         "op":"remove",
         "path":"members",
         "value":[
            {
               "value":"906722b2be-61c204e7-56d0-4dad-882d-f41911b31ccb"
            },
            {
               "value":"906722b2be-da1f7ef3-3e37-473e-95be-df2efaa2590d"
            }
         ]
      }
   ]
}

Example Response


HTTP/1.1  204
Date: Mon, 21 Sep 2020 17:03:29 GMT
Content-Type: application/json
x-amzn-RequestId: 3f89b66d-77e1-4128-a0c3-a890e72f5d4c

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

ListUsers

PatchUser