For Authentication, you provide an OAuth 2.0 access (bearer) token. That bearer token controls access to which resources and attributes are returned. It does this through a scope that an administrator configures on the server that contains the data. What this means is that regardless of whether you use PingDirectory or PingDirectoryProxy as the endpoint server, you always configure access controls on the PingDirectory server. For more information on configuring SCIM 2.0 on PingDirectory, see Configuring SCIM 2.0 on Your Server.

If access controls determine that you cannot perform the requested operation, the response depends on the request. See the following examples.

Based on access control configuration, you may be allowed to access a resource but not all of its attributes. See your administrator if you receive incomplete resources, including resources stripped of attributes that are required by the schema.