SCIM Schema customization

Last modified 04 May 2026 13:29 +02:00
Table of Contents

While the framework provides automatic schema discovery, you often need to customize it for your specific use case.

This document is part of the SCIM 2.0 connector tutorial. See Introduction to SCIMREST framework for other topics.

Schema customization blocks

Schema customization is defined in Groovy scripts using the objectClass() and attribute() builders with SCIM-specific blocks.

objectClass("User") {
    scim {
        extension("enterprise", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User")
    }

    attribute("givenName") {
        scim {
            path attribute("name").child("givenName")
        }
    }
}

SCIM extensions

Define SCIM schema extensions using the scim { extension(…​) } block:

objectClass("User") {
    scim {
        extension("enterprise", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User")
    }
}

Extensions allow you to reference attributes from SCIM schema extensions.

Path-based attribute mapping

SCIM uses nested attribute paths (e.g., name.givenName). Map these to flat ConnId attributes:

objectClass("User") {
    attribute("givenName") {
        scim {
            path attribute("name").child("givenName")
        }
    }

    attribute("familyName") {
        scim {
            path attribute("name").child("familyName")
        }
    }

    attribute("employeeNumber") {
        scim {
            path extension("enterprise").child("employeeNumber")
        }
    }
}

The path method specifies the SCIM attribute path. Use attribute() for regular attributes and extension() for extension attributes.

Value filter for multi-valued attributes

For multi-valued attributes with primary/primary flags, use value filters:

attribute("primaryEmail") {
    scim {
        path attribute("emails").valueFilter("primary", true).child("value")
    }
}

This maps the value field from the email object where primary is true.

ConnId attribute mapping

Map SCIM attributes to ConnId built-in attributes:

objectClass("User") {
    connIdAttribute("UID", "id")
    connIdAttribute("NAME", "userName")
}

The ConnId framework requires UID and NAME attributes. Map them to the appropriate SCIM attributes.

SCIM-specific schema blocks

The scim block supports:

Block

Description

Example

extension(name, uri)

Define SCIM schema extension

extension("enterprise", "urn:…​")

path(path)

Specify SCIM attribute path

path attribute("name").child("familyName")

name(name)

Override SCIM attribute name

name "displayName"

onlyExplicitlyListed()

Only include explicitly listed attributes

onlyExplicitlyListed()

Complete example

objectClass("User") {
    scim {
        extension("enterprise", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User")
    }

    connIdAttribute("UID", "id")
    connIdAttribute("NAME", "userName")

    attribute("givenName") {
        scim {
            path attribute("name").child("givenName")
        }
    }

    attribute("familyName") {
        scim {
            path attribute("name").child("familyName")
        }
    }

    attribute("employeeNumber") {
        scim {
            path extension("enterprise").child("employeeNumber")
        }
    }

    attribute("primaryEmail") {
        scim {
            path attribute("emails").valueFilter("primary", true).child("value")
        }
    }
}
Was this page helpful?
YES NO
Thanks for your feedback