IBM Business Process Manager on Cloud user provisioning REST API
You can add a user, delete a user,
or check whether a particular user ID already exists in the user registry
of your IBM® BPM
on Cloud instance
by making a REST API call.
In standard IBM BPM
on Cloud environments,
if you have the administrator role, you can use the IBM BPM
on Cloud user
provisioning API to automate the following actions:
- Checking whether an IBM BPM on Cloud user exists
- Adding a new IBM BPM on Cloud user
- Deleting an IBM BPM on Cloud userTip: To add a user to a group, remove a user from a group, or check whether a user belongs to a group, use the IBM BPM group management APIs. For more information about the group resource API, see REST interface for BPD-related resources - Group Resource.
For custom IBM BPM on Cloud environments with a dedicated LDAP directory, use the System for Cross-Domain ID Management (SCIM) API. See Provisioning users in custom IBM BPM on Cloud environments.
Checking whether an IBM BPM on Cloud user exists
To check whether a user with the email address user@example.com exists
in IBM BPM
on Cloud,
perform the following REST operation:
GET https://hostname.bpm.ibmcloud.com/bpm/portal/rest/v1/UserProvisioningService.json/user@example.com
where hostname is
the host name of your IBM BPM
on Cloud.- Status codes
- 200
- Indicates that the user exists and that the response body contains information about the user.
- 404
- The user does not exist.
- Response data
- The response body has the following structure:
{ "accountAdmin": false, "cn": "test", "developer": false, "endUser": true, "mail": "user@example.com", "operator": false, "sn": "me", "tester": false }
Adding a new IBM BPM on Cloud user
To
add a user, perform the following REST operation:
PUT https://hostname.bpm.ibmcloud.com/bpm/portal/rest/v1/UserProvisioningService.json
where hostname is
the host name of your IBM BPM
on Cloud system.- Request data
- The request data should specify appropriate values for the following
attributes. Restriction: The local part of an email address can contain the following characters: A through Z, a through z, 0 through 9, . (period), - (dash), and _ (underscore).
{ "mail": "johndoe@example.com", "cn": "John", "sn": "Doe", "accountAdmin": false, "developer": false, "endUser": true, "operator": false, "tester": false }
- Status codes
- 200
- Indicates that the user was successfully created.
- 400
- The request could not be processed because of missing or invalid input.
- 409
- No changes were made because the user with the specified email address already exists. To make changes to an existing user, you must delete them and then add them with the required attributes.
Deleting an IBM BPM on Cloud user
To
delete the user with the email address user@example.com,
perform the following REST operation:
DELETE https://hostname.bpm.ibmcloud.com/bpm/portal/rest/v1/UserProvisioningService.json/user@example.com
where hostname is
the host name of your IBM BPM
on Cloud system.- Status codes
- 200
- Indicates that the user was successfully deleted from the user
registry of the IBM BPM
on Cloud instance. Important: Deleting the user from the user registry prevents the user from accessing the IBM BPM on Cloud instance. The user ID is never completely deleted from the IBM BPM on Cloud database because of the historical data that is associated with it.
- 400
- The request could not be processed because of missing or invalid input.
Provisioning users in custom IBM BPM on Cloud environments
In custom environments that have a dedicated LDAP directory, use the System for Cross-Domain ID Management (SCIM) API for user provisioning instead of the IBM BPM on Cloud user provisioning API. You can create, modify, and delete IBM BPM on Cloud users by using the SCIM REST API V1.1. Use the following base URL for the REST API calls:https://hostname.bpm.ibmcloud.com/bpm/portal/api/scim/api_call
For more information, see System for Cross-Domain Identity Management:Protocol 1.1.