Fleet versions
- Discovered: 4.86.0
- Reproduced: 4.86.0
Web browser and operating system: Chrome/Safari on macOS
💥 Actual behavior
SCIM endpoints (GET /api/v1/fleet/scim/Users, GET /api/v1/fleet/scim/Groups, GET /api/v1/fleet/scim/Schemas, GET /api/v1/fleet/scim/ServiceProviderConfig) are functional and return 200 OK with valid SCIM data, but they do not appear in the REST API endpoint catalog returned by GET /api/v1/fleet/rest_api. Only /api/v1/fleet/scim/details is listed.
This prevents creating API-only service accounts with SCIM-only endpoint access, as the SCIM endpoints cannot be selected for API endpoint access control.
🛠️ Expected behavior
All /scim/* endpoints should show up in Settings > Users when creating an API only user w/ specific API endpoints.
🧑💻 Steps to reproduce
- On Fleet 4.86.0+, get your API token
- Run:
curl -s https://your-fleet/api/v1/fleet/rest_api -H "Authorization: Bearer YOUR_TOKEN" | grep -i scim
- Observe only one result:
/api/v1/fleet/scim/details
- Run:
curl -s https://your-fleet/api/v1/fleet/scim/Users -H "Authorization: Bearer YOUR_TOKEN"
- Confirm endpoint returns 200 OK with user data (endpoint is live but missing from catalog)
- Go to Settings > Users > Create user > API-only toggle
- Try to select SCIM endpoints for access control — they do not appear in the endpoint selector
These steps:
🕯️ More info
SCIM endpoints confirmed working:
GET /api/v1/fleet/scim/Users ✅
GET /api/v1/fleet/scim/Groups ✅
GET /api/v1/fleet/scim/Schemas ✅
GET /api/v1/fleet/scim/ServiceProviderConfig ✅
Related feature: #38044 (API endpoint access control)
Fleet versions
Web browser and operating system: Chrome/Safari on macOS
💥 Actual behavior
SCIM endpoints (
GET /api/v1/fleet/scim/Users,GET /api/v1/fleet/scim/Groups,GET /api/v1/fleet/scim/Schemas,GET /api/v1/fleet/scim/ServiceProviderConfig) are functional and return 200 OK with valid SCIM data, but they do not appear in the REST API endpoint catalog returned byGET /api/v1/fleet/rest_api. Only/api/v1/fleet/scim/detailsis listed.This prevents creating API-only service accounts with SCIM-only endpoint access, as the SCIM endpoints cannot be selected for API endpoint access control.
🛠️ Expected behavior
All
/scim/*endpoints should show up in Settings > Users when creating an API only user w/ specific API endpoints.🧑💻 Steps to reproduce
curl -s https://your-fleet/api/v1/fleet/rest_api -H "Authorization: Bearer YOUR_TOKEN" | grep -i scim/api/v1/fleet/scim/detailscurl -s https://your-fleet/api/v1/fleet/scim/Users -H "Authorization: Bearer YOUR_TOKEN"These steps:
🕯️ More info
SCIM endpoints confirmed working:
GET /api/v1/fleet/scim/Users✅GET /api/v1/fleet/scim/Groups✅GET /api/v1/fleet/scim/Schemas✅GET /api/v1/fleet/scim/ServiceProviderConfig✅Related feature: #38044 (API endpoint access control)