diff --git a/APPL/API2/api2.inc b/APPL/API2/api2.inc
index e943ca82fc..7269d6284c 100644
--- a/APPL/API2/api2.inc
+++ b/APPL/API2/api2.inc
@@ -786,10 +786,12 @@ api2 = {
                             if (field.foreign.desc_is_unique) // Dan mag je die bij saven ook opgeven
                             {
                                 field.typ = "sql";
-                                newval = "(SELECT {0} FROM {1} WHERE {2} = {3})".format(field.foreign.key,
-                                                                                        field.foreign.tbl,
-                                                                                        field.foreign.desc,
-                                                                                        safe.quoted_sql(newval.name));
+                                var where = "{0} = {1}".format(field.foreign.desc, safe.quoted_sql(newval.name));
+                                if (typeof field.foreign.desc_is_unique == "string")
+                                    where += " AND " + field.foreign.desc_is_unique;
+                                newval = "(SELECT {0} FROM {1} WHERE {2})".format(field.foreign.key,
+                                                                                  field.foreign.tbl,
+                                                                                  where);
                             }
                         }
                     }
diff --git a/APPL/API2/api2_dispatch.inc b/APPL/API2/api2_dispatch.inc
index 64ab981332..6897ba7dd1 100644
--- a/APPL/API2/api2_dispatch.inc
+++ b/APPL/API2/api2_dispatch.inc
@@ -105,7 +105,7 @@ var api2_mapper = {
     "costtypegroups"          : { "filename": "appl/mgt/prs_kostensoortgrp.asp" },
     "costcentregroups"        : { "filename": "appl/mgt/prs_kostenplaatsgrp.asp" },
     "costcentres"             : { "filename": "appl/mgt/prs_kostenplaats.asp" },
-    "persons"                 : { "filename": "appl/mgt/prs_perslid.asp", "nodoc": true },
+    "persons"                 : { "filename": "appl/api2/api_persons.asp", "nodoc": true },
     "mandates"                : { "filename": "appl/mgt/prs_perslidkostenplaats.asp" },
     "relationtypes"           : { "filename": "appl/mgt/prs_relatietype.asp" },
     "employeefunctions"       : { "filename": "appl/mgt/prs_srtperslid.asp" },
diff --git a/APPL/API2/api2_rest.inc b/APPL/API2/api2_rest.inc
index bfb26e89b5..fd3dc28d64 100644
--- a/APPL/API2/api2_rest.inc
+++ b/APPL/API2/api2_rest.inc
@@ -587,8 +587,12 @@ api2_rest = {
 
         // str_antwoord heeft nu het te versturen antwoord
         // Bepaal eTag
-        var oCrypto = new ActiveXObject("SLNKDWF.Crypto");
-        var eTag = '"' + oCrypto.hex_sha1(String(S("cache_changecounter")) + "_" + str_antwoord).toLowerCase() + '"';
+        var eTag = api2_rest.plugin.get_eTag({}, resultdata);
+        if (!eTag)
+        {
+            var oCrypto = new ActiveXObject("SLNKDWF.Crypto");
+            var eTag = '"' + oCrypto.hex_sha1(String(S("cache_changecounter")) + "_" + str_antwoord).toLowerCase() + '"';
+        }
         Response.AddHeader("ETag", eTag);
         if (Request.ServerVariables("HTTP_IF_NONE_MATCH") == eTag)
         {   // We hebben een match! Effectief besparen wel alleen op dataverkeer, de queries zijn al geweest
@@ -850,6 +854,15 @@ api2_rest = {
                 outdata = hook.transform_outgoing(params, data);
             hook = null;
             return outdata;
+        },
+        get_eTag: function(params, data)
+        {
+            var outdata = null;
+            var hook = api2_rest.find_plugin();
+            if ("get_eTag" in hook)
+                outdata = hook.get_eTag(params, data);
+            hook = null;
+            return outdata;
         }
     }
 }
diff --git a/APPL/API2/api_persons.asp b/APPL/API2/api_persons.asp
new file mode 100644
index 0000000000..b48992921a
--- /dev/null
+++ b/APPL/API2/api_persons.asp
@@ -0,0 +1,26 @@
+<%@ language = "JavaScript" %>
+<% /*
+    $Revision$
+    $Id$
+
+    File:           api_persons.asp
+
+    Description:    ALG_GEBOUW API
+    Parameters:
+    Context:        Door een remote systeem (geen persoon) om info uit FACILITOR te halen aan te roepen
+
+    Notes:          Eigen bestand zodat we internal: true kunnen meegeven
+*/
+    DOCTYPE_Disable = true;
+    ANONYMOUS_Allowed = 1; // Eigenlijk niet waar. We regelen echter alles zelf
+    THIS_FILE = "appl/api/api_persons.asp";
+
+%>
+<!-- #include file="../Shared/common.inc" -->
+<!-- #include file="./api2_rest.inc" -->
+<!-- #include file="../Shared/json2.js" -->
+<!-- #include file="./model_prs_perslid.inc" -->
+<%
+    var perslid = new model_prs_perslid({ internal: true }); // internal zodat PUT/POST/DELETE ook kunnen
+    api2_rest.process(perslid);
+%>
\ No newline at end of file
diff --git a/APPL/API2/model_prs_perslid.inc b/APPL/API2/model_prs_perslid.inc
index 99e79bac8a..7dfc29cc98 100644
--- a/APPL/API2/model_prs_perslid.inc
+++ b/APPL/API2/model_prs_perslid.inc
@@ -51,11 +51,11 @@ function model_prs_perslid(params)
                               + "   AND fac_audit_waarde_oud IN ('{1}')"
         }
     };
-    this.softdelete = true;
+    this.soft_delete = "prs_perslid_verwijder";
     this.primary = "prs_perslid_key";
     this.record_title = L("prs_perslid");
     this.records_title = L("prs_perslid_m");
-    this.autfunction = false; // we controleren zelf
+    this.autfunction = params.internal?false:"WEB_PRSSYS"; // we controleren zelf
 
     this.fields = {
         "id": {
@@ -131,6 +131,12 @@ function model_prs_perslid(params)
             "typ": "varchar",
             "filter": "exact"
         },
+        "externallogin": {
+            "dbs": "prs_perslid_externoslogin",
+            "label": L("prs_perslid_externoslogin"),
+            "typ": "varchar",
+            "filter": "exact"
+        },
         "employment": {
             "dbs": "prs_perslid_dienstverband",
             "label": L("lcl_prs_person_dienstverband"),
@@ -160,7 +166,7 @@ function model_prs_perslid(params)
                 "tbl": "prs_srtperslid",
                 "key": "prs_srtperslid_key",
                 "desc": "prs_srtperslid_omschrijving",
-                "desc_is_unique": true
+                "desc_is_unique": "prs_srtperslid_verwijder IS NULL"
             }
         },
         "profile": {
@@ -300,6 +306,7 @@ function model_prs_perslid(params)
             return json;
         };
 
+    // We willen vooral dat je via Admin/Autorisatie personen niet met API kunt bewerken
     if (params.internal) // bijvoorbeeld idp die personen kan aanmaken
     {
         this.REST_POST   = generic_REST_POST(this);
diff --git a/APPL/API2/plugins/scimusers.wsc b/APPL/API2/plugins/scimusers.wsc
index 05c20093ce..b6df81f2dc 100644
--- a/APPL/API2/plugins/scimusers.wsc
+++ b/APPL/API2/plugins/scimusers.wsc
@@ -28,6 +28,10 @@
 		<PARAMETER name="params"/>
 		<PARAMETER name="data"/>
 	</method>
+	<method name="get_eTag">
+		<PARAMETER name="params"/>
+		<PARAMETER name="data"/>
+	</method>
 </public>
 
 <script language="javascript">
@@ -56,113 +60,132 @@ function initialize(params)
 
 function transform_filter(filter)
 {
-    filter.limit = filter.count;
+    if ("count" in filter)
+        filter.limit = filter.count;
     return filter;
 }
 
+function get_eTag(params, data)
+{
+    if (data && typeof data == "object" && "meta" in data)
+        return data.meta.version;
+    return null;
+}
+
 // We krijgen bijvoorbeeld: {"RMS":[1,-10,-11,-12,-13,-14,-15,-16,-17,2,3,-4,-5,-6,-7,-8,-9]}
 // Als het object aan staat wordt de id opgeleverd, anders -id
 function transform_incoming(params, data)
 {
-    var result = [];
-    if (!("RMS" in data))
-        return null;
-
-    for (var obj in data.RMS)
+//FCLT.DEZE.__DoLog(data);
+    var person =
     {
-        var fw = data.RMS[obj];
-        var state = fw > 0 ? "1": "0";
-        var fw_id = "FW" + String(Math.abs(fw));
-        var sql = "SELECT ins_deel_key"
-                + "  FROM ins_deel"
-                + " WHERE ins_deel_verwijder IS NULL"
-                + "   AND ins_srtdeel_key = " + scimusers_srtdeel_key
-                + "   AND ins_deel_omschrijving = " + FCLT.safe.quoted_sql(fw_id);
-        var oRs = FCLT.Oracle.Execute(sql);
-        if (!oRs.Eof)
-        {
-            result.push({
-                "id": oRs("ins_deel_key").Value,
-                "state": state
-                //"statedate": "2014-07-08T15:29:31Z",
-              })
-        }
-        oRs.Close()
+        login        : data["userName"],
+        externallogin: data["userName"],
+        externalid   : data["externalId"],
+        name         : data["name"]["displayName"],
+        lastname     : data["name"]["familyName"],
+        firstname    : data["name"]["givenName"]
+    };
+    person["function"] = { name: data["userType"] } // id mag achterwege blijven omdat desc_is_unique
+
+    if (data["emails"].length)
+    {
+        person.email = data["emails"][0].value; // type:work/primary:true opzoeken ?
     }
-    return { objects: result };
+    if (data["phoneNumbers"].length)
+    {
+        person.phone = data["phoneNumbers"][0].value; // type:work/primary:true opzoeken ?
+    }
+    // groepen negeren we nog
+
+//FCLT.DEZE.__DoLog(person);
+
+    return { person: person };
 }
 
+function transform_one_person(params, person)
+{
+    FCLT.DEZE.__Log(person);
+    var unique = FCLT.DEZE.customerId + "_person_" + String(person.id);
+    var oneuser = {
+           "userName":person.externallogin || person.login,
+           "externalId":person.externalid,
+           "id":unique,
+           "name":{
+              "formatted":person.name,
+              "familyName":person.lastname,
+              "givenName":person.firstname
+           },
+           "schemas":[
+              "urn:ietf:params:scim:schemas:core:2.0:User",
+              "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
+           ],
+           "displayName":person.name,
+           "meta":{
+              "created":person.created,
+              "lastModified":person.lastchange,
+              "location":FCLT.DEZE.HTTP.urlzelf() + "/appl/SCIM/Users/" + unique,
+              "resourceType":"User"
+           },
+           "userType":person["function"].name,
+           "emails":[
+              {
+                 "value":person.email,
+                 "type":"work",
+                 "primary":true
+              }
+           ],
+           "phoneNumbers":[
+              {
+                 "value":person.phone,
+                 "type":"work",
+                 "primary":true
+              }
+           ],
+           "groups":[]
+        }
+    var allgroups = [];
+    for (var j = 0; j < person.authorization.length; j++)
+    {
+        var group = person.authorization[j];
+        var unique = FCLT.DEZE.customerId + "_authorization_" + String(group.authorizationgroup.id);
+        oneuser.groups.push({
+                 "value":unique,
+                 "$ref":FCLT.DEZE.HTTP.urlzelf() + "/appl/SCIM/Groups/" + unique,
+                 "display":group.authorizationgroup.name
+              })
+    }
+    var oCrypto = new ActiveXObject("SLNKDWF.Crypto");
+    var eTag = '"' + oCrypto.hex_sha1(FCLT.DEZE.JSON.stringify(oneuser)).toLowerCase() + '"';
+    oneuser.meta["version"] = "W/" + eTag; // Weak eTag?
+    return oneuser;
+}
 function transform_outgoing(params, data)
 {
-    var oCrypto = new ActiveXObject("SLNKDWF.Crypto");
-    var allusers = [];
-    for (var i = 0; i < data.persons.length; i++)
+    if ("person" in data)
     {
-        var person = data.persons[i];
-        var eTag = '"' + oCrypto.hex_sha1(FCLT.DEZE.JSON.stringify(person)).toLowerCase() + '"';
-//        if (allusers.length > 9)
-//            break;
-FCLT.DEZE.__DoLog(person);
-        var unique = FCLT.DEZE.customerId + "_person_" + String(person.id);
-        var oneuser = {
-               "userName":person.login,
-               // "externalId":person.login, deze is aangeleverd door het externe systeem, person.externalid VARCHAR(320)
-               "id":unique,
-               "name":{
-                  "formatted":person.name,
-                  "familyName":person.lastname,
-                  "givenName":person.firstname
-               },
-               "schemas":[
-                  "urn:ietf:params:scim:schemas:core:2.0:User",
-                  "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
-               ],
-               "displayName":person.name,
-               "meta":{
-                  "created":person.created,
-                  "lastModified":person.lastchange,
-                  "location":FCLT.DEZE.HTTP.urlzelf() + "/SCIM/Users/" + unique,
-                  "version":"W/" + eTag, // Weak eTag?
-                  "resourceType":"User"
-               },
-               "userType":person["function"].name,
-               "emails":[
-                  {
-                     "value":person.email,
-                     "type":"work",
-                     "primary":true
-                  }
-               ],
-               "phoneNumbers":[
-                  {
-                     "value":person.phone,
-                     "type":"work",
-                     "primary":true
-                  }
-               ],
-               "groups":[]
-            }
-            var allgroups = [];
-            for (var j = 0; j < person.authorization.length; j++)
-            {
-                var group = person.authorization[j];
-                var unique = FCLT.DEZE.customerId + "_authorization_" + String(group.authorizationgroup.id);
-                oneuser.groups.push({
-                         "value":unique,
-                         "$ref":FCLT.DEZE.HTTP.urlzelf() + "/SCIM/Groups/" + unique,
-                         "display":group.authorizationgroup.name
-                      })
-            }
-            allusers.push(oneuser);
+        var oneperson = transform_one_person(params, data.person);
+        return oneperson;
     }
+    if ("persons" in data)
+    {
+        var allusers = [];
+        for (var i = 0; i < data.persons.length; i++)
+        {
+            if (params.limit && allusers.length > params.limit)
+                break;
+            var person = data.persons[i];
+            allusers.push(transform_one_person(params, person));
+        }
 
-    return {
-    	"totalResults": allusers.length,
-    	"itemsPerPage": 10,
-    	"startIndex": 1,
-    	"schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
-    	"Resources": allusers
-    };
+        return {
+        	"totalResults": allusers.length,
+        	"itemsPerPage": 10,
+        	"startIndex": 1,
+        	"schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
+        	"Resources": allusers
+        };
+    }
 }
 
 ]]>
diff --git a/APPL/FAC/fac_rewrite.config b/APPL/FAC/fac_rewrite.config
index 12e1847d94..6146fb9a17 100644
--- a/APPL/FAC/fac_rewrite.config
+++ b/APPL/FAC/fac_rewrite.config
@@ -43,8 +43,14 @@
     	<action type="Rewrite" url="default.asp?u=melding&amp;k={R:1}" appendQueryString="true" />
     </rule>
 
+    <!-- SCIM/Users/UWVA_person_2122 -->
+    <rule name="SCIMUser" stopProcessing="true">
+    	<match url="^appl/SCIM/Users/.*_person_(\d+)" />
+    	<action type="Rewrite" url="default.asp?api2=persons&amp;id={R:1}&amp;format=json&amp;plugin=scimusers&amp;include=lastchange,authorization" appendQueryString="true" />
+    </rule>
+
     <rule name="SCIMUsers" stopProcessing="true">
-    	<match url="^SCIM/Users" />
+    	<match url="^appl/SCIM/Users" />
     	<action type="Rewrite" url="default.asp?api2=persons&amp;format=json&amp;plugin=scimusers&amp;include=lastchange,authorization" appendQueryString="true" />
     </rule>
 <!--
diff --git a/APPL/SCIM/ResourceTypes/default.asp b/APPL/SCIM/ResourceTypes/default.asp
new file mode 100644
index 0000000000..d3fed3a659
--- /dev/null
+++ b/APPL/SCIM/ResourceTypes/default.asp
@@ -0,0 +1,44 @@
+{
+  "totalResults": 2,
+  "itemsPerPage": 10,
+  "startIndex": 1,
+  "schemas": [
+    "urn:ietf:params:scim:api:messages:2.0:ListResponse"
+  ],
+  "Resources": [
+    {
+      "schemas": [
+        "urn:ietf:params:scim:schemas:core:2.0:ResourceType"
+      ],
+      "id": "User",
+      "name": "User",
+      "endpoint": "\/Users",
+      "description": "User Account",
+      "schema": "urn:ietf:params:scim:schemas:core:2.0:User",
+      "schemaExtensions": [
+        {
+          "schema": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
+          "required": true
+        }
+      ],
+      "meta": {
+        "location": "https:\/\/example.com\/v2\/ResourceTypes\/User",
+        "resourceType": "ResourceType"
+      }
+    },
+    {
+      "schemas": [
+        "urn:ietf:params:scim:schemas:core:2.0:ResourceType"
+      ],
+      "id": "Group",
+      "name": "Group",
+      "endpoint": "\/Groups",
+      "description": "Group",
+      "schema": "urn:ietf:params:scim:schemas:core:2.0:Group",
+      "meta": {
+        "location": "https:\/\/example.com\/v2\/ResourceTypes\/Group",
+        "resourceType": "ResourceType"
+      }
+    }
+  ]
+}
\ No newline at end of file
diff --git a/APPL/SCIM/Schemas/default.asp b/APPL/SCIM/Schemas/default.asp
new file mode 100644
index 0000000000..e14954d56a
--- /dev/null
+++ b/APPL/SCIM/Schemas/default.asp
@@ -0,0 +1,562 @@
+{
+	"totalResults": 3,
+	"itemsPerPage": 10,
+	"startIndex": 1,
+	"schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
+	"Resources": [{
+		"id": "urn:ietf:params:scim:schemas:core:2.0:User",
+		"name": "User",
+		"description": "User Account",
+		"attributes": [{
+			"name": "userName",
+			"type": "string",
+			"multiValued": false,
+			"description": "Unique identifier for the User, typically used by the user to directly authenticate to the service provider. Each User MUST include a non-empty userName value.  This identifier MUST be unique across the service provider's entire set of Users. REQUIRED.",
+			"required": true,
+			"caseExact": false,
+			"mutability": "readWrite",
+			"returned": "default",
+			"uniqueness": "server"
+		},
+		{
+			"name": "name",
+			"type": "complex",
+			"multiValued": false,
+			"description": "The components of the user's real name. Providers MAY return just the full name as a single string in the formatted sub-attribute, or they MAY return just the individual component attributes using the other sub-attributes, or they MAY return both.  If both variants are returned, they SHOULD be describing the same name, with the formatted name indicating how the component attributes should be combined.",
+			"required": false,
+			"subAttributes": [{
+				"name": "formatted",
+				"type": "string",
+				"multiValued": false,
+				"description": "The full name, including all middle names, titles, and suffixes as appropriate, formatted for display (e.g., 'Ms. Barbara J Jensen, III').",
+				"required": false,
+				"caseExact": false,
+				"mutability": "readWrite",
+				"returned": "default",
+				"uniqueness": "none"
+			},
+			{
+				"name": "familyName",
+				"type": "string",
+				"multiValued": false,
+				"description": "The family name of the User, or last name in most Western languages (e.g., 'Jensen' given the full name 'Ms. Barbara J Jensen, III').",
+				"required": false,
+				"caseExact": false,
+				"mutability": "readWrite",
+				"returned": "default",
+				"uniqueness": "none"
+			},
+			{
+				"name": "givenName",
+				"type": "string",
+				"multiValued": false,
+				"description": "The given name of the User, or first name in most Western languages (e.g., 'Barbara' given the full name 'Ms. Barbara J Jensen, III').",
+				"required": false,
+				"caseExact": false,
+				"mutability": "readWrite",
+				"returned": "default",
+				"uniqueness": "none"
+			},
+			{
+				"name": "middleName",
+				"type": "string",
+				"multiValued": false,
+				"description": "The middle name(s) of the User (e.g., 'Jane' given the full name 'Ms. Barbara J Jensen, III').",
+				"required": false,
+				"caseExact": false,
+				"mutability": "readWrite",
+				"returned": "default",
+				"uniqueness": "none"
+			}],
+			"mutability": "readWrite",
+			"returned": "default",
+			"uniqueness": "none"
+		},
+		{
+			"name": "displayName",
+			"type": "string",
+			"multiValued": false,
+			"description": "The name of the User, suitable for display to end-users.  The name SHOULD be the full name of the User being described, if known.",
+			"required": false,
+			"caseExact": false,
+			"mutability": "readWrite",
+			"returned": "default",
+			"uniqueness": "none"
+		},
+		{
+			"name": "title",
+			"type": "string",
+			"multiValued": false,
+			"description": "The user's title, such as \"Vice President.\"",
+			"required": false,
+			"caseExact": false,
+			"mutability": "readWrite",
+			"returned": "default",
+			"uniqueness": "none"
+		},
+		{
+			"name": "userType",
+			"type": "string",
+			"multiValued": false,
+			"description": "Used to identify the relationship between the organization and the user.  Typical values used might be 'Contractor', 'Employee', 'Intern', 'Temp', 'External', and 'Unknown', but any value may be used.",
+			"required": false,
+			"caseExact": false,
+			"mutability": "readWrite",
+			"returned": "default",
+			"uniqueness": "none"
+		},
+		{
+			"name": "preferredLanguage",
+			"type": "string",
+			"multiValued": false,
+			"description": "Indicates the User's preferred written or spoken language.  Generally used for selecting a localized user interface; e.g., 'en_US' specifies the language English and country US.",
+			"required": false,
+			"caseExact": false,
+			"mutability": "readWrite",
+			"returned": "default",
+			"uniqueness": "none"
+		},
+		{
+			"name": "locale",
+			"type": "string",
+			"multiValued": false,
+			"description": "Used to indicate the User's default location for purposes of localizing items such as currency, date time format, or numerical representations.",
+			"required": false,
+			"caseExact": false,
+			"mutability": "readWrite",
+			"returned": "default",
+			"uniqueness": "none"
+		},
+		{
+			"name": "timezone",
+			"type": "string",
+			"multiValued": false,
+			"description": "The User's time zone in the 'Olson' time zone database format, e.g., 'America\/Los_Angeles'.",
+			"required": false,
+			"caseExact": false,
+			"mutability": "readWrite",
+			"returned": "default",
+			"uniqueness": "none"
+		},
+		{
+			"name": "active",
+			"type": "boolean",
+			"multiValued": false,
+			"description": "A Boolean value indicating the User's administrative status.",
+			"required": false,
+			"mutability": "readWrite",
+			"returned": "default"
+		},
+		{
+			"name": "password",
+			"type": "string",
+			"multiValued": false,
+			"description": "The User's cleartext password.  This attribute is intended to be used as a means to specify an initial password when creating a new User or to reset an existing User's password.",
+			"required": false,
+			"caseExact": false,
+			"mutability": "writeOnly",
+			"returned": "never",
+			"uniqueness": "none"
+		},
+		{
+			"name": "emails",
+			"type": "complex",
+			"multiValued": true,
+			"description": "Email addresses for the user.  The value SHOULD be canonicalized by the service provider, e.g., 'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and 'other'.",
+			"required": false,
+			"subAttributes": [{
+				"name": "value",
+				"type": "string",
+				"multiValued": false,
+				"description": "Email addresses for the user.  The value SHOULD be canonicalized by the service provider, e.g., 'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and 'other'.",
+				"required": false,
+				"caseExact": false,
+				"mutability": "readWrite",
+				"returned": "default",
+				"uniqueness": "none"
+			},
+			{
+				"name": "display",
+				"type": "string",
+				"multiValued": false,
+				"description": "A human-readable name, primarily used for display purposes.  READ-ONLY.",
+				"required": false,
+				"caseExact": false,
+				"mutability": "readWrite",
+				"returned": "default",
+				"uniqueness": "none"
+			},
+			{
+				"name": "type",
+				"type": "string",
+				"multiValued": false,
+				"description": "A label indicating the attribute's function, e.g., 'work' or 'home'.",
+				"required": false,
+				"caseExact": false,
+				"canonicalValues": ["work",
+				"home",
+				"other"],
+				"mutability": "readWrite",
+				"returned": "default",
+				"uniqueness": "none"
+			},
+			{
+				"name": "primary",
+				"type": "boolean",
+				"multiValued": false,
+				"description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred mailing address or primary email address.  The primary attribute value 'true' MUST appear no more than once.",
+				"required": false,
+				"mutability": "readWrite",
+				"returned": "default"
+			}],
+			"mutability": "readWrite",
+			"returned": "default",
+			"uniqueness": "none"
+		},
+		{
+			"name": "phoneNumbers",
+			"type": "complex",
+			"multiValued": true,
+			"description": "Phone numbers for the User.  The value SHOULD be canonicalized by the service provider according to the format specified in RFC 3966, e.g., 'tel:+1-201-555-0123'. Canonical type values of 'work', 'home', 'mobile', 'fax', 'pager', and 'other'.",
+			"required": false,
+			"subAttributes": [{
+				"name": "value",
+				"type": "string",
+				"multiValued": false,
+				"description": "Phone number of the User.",
+				"required": false,
+				"caseExact": false,
+				"mutability": "readWrite",
+				"returned": "default",
+				"uniqueness": "none"
+			},
+			{
+				"name": "display",
+				"type": "string",
+				"multiValued": false,
+				"description": "A human-readable name, primarily used for display purposes.  READ-ONLY.",
+				"required": false,
+				"caseExact": false,
+				"mutability": "readWrite",
+				"returned": "default",
+				"uniqueness": "none"
+			},
+			{
+				"name": "type",
+				"type": "string",
+				"multiValued": false,
+				"description": "A label indicating the attribute's function, e.g., 'work', 'home', 'mobile'.",
+				"required": false,
+				"caseExact": false,
+				"canonicalValues": ["work",
+				"home",
+				"mobile",
+				"fax",
+				"pager",
+				"other"],
+				"mutability": "readWrite",
+				"returned": "default",
+				"uniqueness": "none"
+			},
+			{
+				"name": "primary",
+				"type": "boolean",
+				"multiValued": false,
+				"description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred phone number or primary phone number.  The primary attribute value 'true' MUST appear no more than once.",
+				"required": false,
+				"mutability": "readWrite",
+				"returned": "default"
+			}],
+			"mutability": "readWrite",
+			"returned": "default"
+		},
+		{
+			"name": "photos",
+			"type": "complex",
+			"multiValued": true,
+			"description": "URLs of photos of the User.",
+			"required": false,
+			"subAttributes": [{
+				"name": "value",
+				"type": "reference",
+				"referenceTypes": ["external"],
+				"multiValued": false,
+				"description": "URL of a photo of the User.",
+				"required": false,
+				"caseExact": false,
+				"mutability": "readWrite",
+				"returned": "default",
+				"uniqueness": "none"
+			},
+			{
+				"name": "display",
+				"type": "string",
+				"multiValued": false,
+				"description": "A human-readable name, primarily used for display purposes.  READ-ONLY.",
+				"required": false,
+				"caseExact": false,
+				"mutability": "readWrite",
+				"returned": "default",
+				"uniqueness": "none"
+			},
+			{
+				"name": "type",
+				"type": "string",
+				"multiValued": false,
+				"description": "A label indicating the attribute's function, i.e., 'photo' or 'thumbnail'.",
+				"required": false,
+				"caseExact": false,
+				"canonicalValues": ["photo",
+				"thumbnail"],
+				"mutability": "readWrite",
+				"returned": "default",
+				"uniqueness": "none"
+			},
+			{
+				"name": "primary",
+				"type": "boolean",
+				"multiValued": false,
+				"description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred photo or thumbnail.  The primary attribute value 'true' MUST appear no more than once.",
+				"required": false,
+				"mutability": "readWrite",
+				"returned": "default"
+			}],
+			"mutability": "readWrite",
+			"returned": "default"
+		},
+		{
+			"name": "groups",
+			"type": "complex",
+			"multiValued": true,
+			"description": "A list of groups to which the user belongs, either through direct membership, through nested groups, or dynamically calculated.",
+			"required": false,
+			"subAttributes": [{
+				"name": "value",
+				"type": "string",
+				"multiValued": false,
+				"description": "The identifier of the User's group.",
+				"required": false,
+				"caseExact": false,
+				"mutability": "readOnly",
+				"returned": "default",
+				"uniqueness": "none"
+			},
+			{
+				"name": "$ref",
+				"type": "reference",
+				"referenceTypes": ["User",
+				"Group"],
+				"multiValued": false,
+				"description": "The URI of the corresponding 'Group' resource to which the user belongs.",
+				"required": false,
+				"caseExact": false,
+				"mutability": "readOnly",
+				"returned": "default",
+				"uniqueness": "none"
+			},
+			{
+				"name": "display",
+				"type": "string",
+				"multiValued": false,
+				"description": "A human-readable name, primarily used for display purposes.  READ-ONLY.",
+				"required": false,
+				"caseExact": false,
+				"mutability": "readOnly",
+				"returned": "default",
+				"uniqueness": "none"
+			},
+			{
+				"name": "type",
+				"type": "string",
+				"multiValued": false,
+				"description": "A label indicating the attribute's function, e.g., 'direct' or 'indirect'.",
+				"required": false,
+				"caseExact": false,
+				"canonicalValues": ["direct",
+				"indirect"],
+				"mutability": "readOnly",
+				"returned": "default",
+				"uniqueness": "none"
+			}],
+			"mutability": "readOnly",
+			"returned": "default"
+		}],
+		"meta": {
+			"resourceType": "Schema",
+			"location": "\/v2\/Schemas\/urn:ietf:params:scim:schemas:core:2.0:User"
+		}
+	},
+	{
+		"id": "urn:ietf:params:scim:schemas:core:2.0:Group",
+		"name": "Group",
+		"description": "Group",
+		"attributes": [{
+			"name": "displayName",
+			"type": "string",
+			"multiValued": false,
+			"description": "A human-readable name for the Group. REQUIRED.",
+			"required": false,
+			"caseExact": false,
+			"mutability": "readWrite",
+			"returned": "default",
+			"uniqueness": "none"
+		},
+		{
+			"name": "members",
+			"type": "complex",
+			"multiValued": true,
+			"description": "A list of members of the Group.",
+			"required": false,
+			"subAttributes": [{
+				"name": "value",
+				"type": "string",
+				"multiValued": false,
+				"description": "Identifier of the member of this Group.",
+				"required": false,
+				"caseExact": false,
+				"mutability": "immutable",
+				"returned": "default",
+				"uniqueness": "none"
+			},
+			{
+				"name": "$ref",
+				"type": "reference",
+				"referenceTypes": ["User",
+				"Group"],
+				"multiValued": false,
+				"description": "The URI corresponding to a SCIM resource that is a member of this Group.",
+				"required": false,
+				"caseExact": false,
+				"mutability": "immutable",
+				"returned": "default",
+				"uniqueness": "none"
+			},
+			{
+				"name": "type",
+				"type": "string",
+				"multiValued": false,
+				"description": "A label indicating the type of resource, e.g., 'User' or 'Group'.",
+				"required": false,
+				"caseExact": false,
+				"canonicalValues": ["User",
+				"Group"],
+				"mutability": "immutable",
+				"returned": "default",
+				"uniqueness": "none"
+			}],
+			"mutability": "readWrite",
+			"returned": "default"
+		}],
+		"meta": {
+			"resourceType": "Schema",
+			"location": "\/v2\/Schemas\/urn:ietf:params:scim:schemas:core:2.0:Group"
+		}
+	},
+	{
+		"id": "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
+		"name": "EnterpriseUser",
+		"description": "Enterprise User",
+		"attributes": [{
+			"name": "employeeNumber",
+			"type": "string",
+			"multiValued": false,
+			"description": "Numeric or alphanumeric identifier assigned to a person, typically based on order of hire or association with an organization.",
+			"required": false,
+			"caseExact": false,
+			"mutability": "readWrite",
+			"returned": "default",
+			"uniqueness": "none"
+		},
+		{
+			"name": "costCenter",
+			"type": "string",
+			"multiValued": false,
+			"description": "Identifies the name of a cost center.",
+			"required": false,
+			"caseExact": false,
+			"mutability": "readWrite",
+			"returned": "default",
+			"uniqueness": "none"
+		},
+		{
+			"name": "organization",
+			"type": "string",
+			"multiValued": false,
+			"description": "Identifies the name of an organization.",
+			"required": false,
+			"caseExact": false,
+			"mutability": "readWrite",
+			"returned": "default",
+			"uniqueness": "none"
+		},
+		{
+			"name": "division",
+			"type": "string",
+			"multiValued": false,
+			"description": "Identifies the name of a division.",
+			"required": false,
+			"caseExact": false,
+			"mutability": "readWrite",
+			"returned": "default",
+			"uniqueness": "none"
+		},
+		{
+			"name": "department",
+			"type": "string",
+			"multiValued": false,
+			"description": "Identifies the name of a department.",
+			"required": false,
+			"caseExact": false,
+			"mutability": "readWrite",
+			"returned": "default",
+			"uniqueness": "none"
+		},
+		{
+			"name": "manager",
+			"type": "complex",
+			"multiValued": false,
+			"description": "The User's manager.  A complex type that optionally allows service providers to represent organizational hierarchy by referencing the 'id' attribute of another User.",
+			"required": false,
+			"subAttributes": [{
+				"name": "value",
+				"type": "string",
+				"multiValued": false,
+				"description": "The id of the SCIM resource representing the User's manager.  REQUIRED.",
+				"required": false,
+				"caseExact": false,
+				"mutability": "readWrite",
+				"returned": "default",
+				"uniqueness": "none"
+			},
+			{
+				"name": "$ref",
+				"type": "reference",
+				"referenceTypes": ["User"],
+				"multiValued": false,
+				"description": "The URI of the SCIM resource representing the User's manager.  REQUIRED.",
+				"required": false,
+				"caseExact": false,
+				"mutability": "readWrite",
+				"returned": "default",
+				"uniqueness": "none"
+			},
+			{
+				"name": "displayName",
+				"type": "string",
+				"multiValued": false,
+				"description": "The displayName of the User's manager. OPTIONAL and READ-ONLY.",
+				"required": false,
+				"caseExact": false,
+				"mutability": "readOnly",
+				"returned": "default",
+				"uniqueness": "none"
+			}],
+			"mutability": "readWrite",
+			"returned": "default"
+		}],
+		"meta": {
+			"resourceType": "Schema",
+			"location": "\/v2\/Schemas\/urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
+		}
+	}]
+}
\ No newline at end of file
diff --git a/APPL/SCIM/ServiceProviderConfig/default.asp b/APPL/SCIM/ServiceProviderConfig/default.asp
new file mode 100644
index 0000000000..cbdb87c17e
--- /dev/null
+++ b/APPL/SCIM/ServiceProviderConfig/default.asp
@@ -0,0 +1,37 @@
+{
+  "patch": {
+    "supported": false
+  },
+  "bulk": {
+    "maxOperations": 0,
+    "maxPayloadSize": 0,
+    "supported": false
+  },
+  "filter": {
+    "maxResults": 0,
+    "supported": false
+  },
+  "changePassword": {
+    "supported": false
+  },
+  "sort": {
+    "supported": false
+  },
+  "etag": {
+    "supported": true
+  },
+  "authenticationSchemes": [
+    {
+        "name": "HTTP Basic",
+        "description":
+          "Authentication scheme using the HTTP Basic Standard",
+        "specUri": "http://www.rfc-editor.org/info/rfc2617",
+        "documentationUri": "http://example.com/help/httpBasic.html",
+        "type": "httpbasic"
+    }
+  ],
+  "schemas": [
+    "urn:scim:schemas:core:1.0",
+    "urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"
+  ]
+}