IBM BPM version 8570 cumulative fix 3

IBM Business Process Manager on Cloud user provisioning REST API

You can add a user, delete a user, or check whether a particular user ID already exists in the user registry of your IBM® BPM on Cloud instance by making a REST API call.
In standard IBM BPM on Cloud environments, if you have the administrator role, you can use the IBM BPM on Cloud user provisioning API to automate the following actions:

For custom IBM BPM on Cloud environments with a dedicated LDAP directory, use the System for Cross-Domain ID Management (SCIM) API. See Provisioning users in custom IBM BPM on Cloud environments.

Checking whether an IBM BPM on Cloud user exists

To check whether a user with the email address user@example.com exists in IBM BPM on Cloud, perform the following REST operation:
GET https://hostname.bpm.ibmcloud.com/bpm/portal/rest/v1/UserProvisioningService.json/user@example.com
where hostname is the host name of your IBM BPM on Cloud.
Status codes
200
Indicates that the user exists and that the response body contains information about the user.
404
The user does not exist.
Response data
The response body has the following structure:
{
   "accountAdmin": false,
   "cn": "test",
   "developer": false,
   "endUser": true,
   "mail": "user@example.com",
   "operator": false,
   "sn": "me",
   "tester": false }

Adding a new IBM BPM on Cloud user

To add a user, perform the following REST operation:
PUT https://hostname.bpm.ibmcloud.com/bpm/portal/rest/v1/UserProvisioningService.json
where hostname is the host name of your IBM BPM on Cloud system.
Request data
The request data should specify appropriate values for the following attributes.
Restriction: The local part of an email address can contain the following characters: A through Z, a through z, 0 through 9, . (period), - (dash), and _ (underscore).
{
   "mail": "johndoe@example.com",
   "cn": "John",
   "sn": "Doe",
   "accountAdmin": false,
   "developer": false,
   "endUser": true,
   "operator": false,
   "tester": false }
Status codes
200
Indicates that the user was successfully created.
400
The request could not be processed because of missing or invalid input.
409
No changes were made because the user with the specified email address already exists. To make changes to an existing user, you must delete them and then add them with the required attributes.

Deleting an IBM BPM on Cloud user

To delete the user with the email address user@example.com, perform the following REST operation:
DELETE https://hostname.bpm.ibmcloud.com/bpm/portal/rest/v1/UserProvisioningService.json/user@example.com
where hostname is the host name of your IBM BPM on Cloud system.
Status codes
200
Indicates that the user was successfully deleted from the user registry of the IBM BPM on Cloud instance.
Important: Deleting the user from the user registry prevents the user from accessing the IBM BPM on Cloud instance. The user ID is never completely deleted from the IBM BPM on Cloud database because of the historical data that is associated with it.
400
The request could not be processed because of missing or invalid input.

Provisioning users in custom IBM BPM on Cloud environments

In custom environments that have a dedicated LDAP directory, use the System for Cross-Domain ID Management (SCIM) API for user provisioning instead of the IBM BPM on Cloud user provisioning API. You can create, modify, and delete IBM BPM on Cloud users by using the SCIM REST API V1.1. Use the following base URL for the REST API calls:
https://hostname.bpm.ibmcloud.com/bpm/portal/api/scim/api_call

For more information, see System for Cross-Domain Identity Management:Protocol 1.1.