UsersApi
| Method | HTTP request | Description | 
|---|---|---|
| createUserUsingPOST | POST /api/web/v3/users | Create a user | 
| createUsersUsingPOST | POST /api/web/v3/users/multiple | Create multiple users | 
| deleteUserUsingDELETE | DELETE /api/web/v3/users/{id} | Delete a user | 
| deleteUsersUsingDELETE | DELETE /api/web/v3/users/multiple | Delete multiple users | 
| modifyUserAOrganizationAssociationsUsingPUT | PUT /api/web/v1/users/{userid}/organizations | Modify user organization membership | 
| syncUserUsingPOST | POST /api/web/v1/syncusers/sync | Synchronize a new user or an existing user | 
| unlockUserUsingPUT | PUT /api/web/v1/users/{id}/unlock | Unlock user | 
| unsyncUserUsingPOST | POST /api/web/v1/syncusers/unsync | Unsynchronize an existing user | 
| updateUserStateUsingPUT | PUT /api/web/v1/users/{id}/state | Update user state | 
| updateUserUsingPUT | PUT /api/web/v3/users/{id} | Update a user | 
| updateUsersUsingPUT | PUT /api/web/v3/users/multiple | Update multiple users | 
| userByExternalIdUsingPOST | POST /api/web/v3/users/externalid | Get a user by externalId | 
| userByUseridUsingPOST | POST /api/web/v3/users/userid | Get a user by userid or user alias | 
| userUsingGET | GET /api/web/v3/users/{id} | Get a user by UUID | 
| usersPagedUsingPOST | POST /api/web/v4/userspaged | Lists a page of users | 
createUserUsingPOST
User createUserUsingPOST(userParms)
Create a user
Create a user. Caller requires the USERS:ADD permission.
Parameters
| Name | Type | Description | Notes | 
|---|---|---|---|
| userParms | UserParms | 
Return type
Authorization
HTTP request headers
- Content-Type: application/json
- Accept: application/json
HTTP response details
| Status code | Description | Response headers | 
|---|---|---|
| 200 | Successful | - | 
| 400 | Bad Request | - | 
| 401 | Access denied | - | 
| 403 | Forbidden | - | 
| 404 | Not Found | - | 
| 409 | Conflict | - | 
createUsersUsingPOST
List<CreateUserResult> createUsersUsingPOST(createUsersParms)
Create multiple users
Create multiple users. Caller requires the USERS:ADD permission.
Example
Parameters
| Name | Type | Description | Notes | 
|---|---|---|---|
| createUsersParms | CreateUsersParms | 
Return type
Authorization
HTTP request headers
- Content-Type: application/json
- Accept: application/json
HTTP response details
| Status code | Description | Response headers | 
|---|---|---|
| 200 | Successful | - | 
| 400 | Bad Request | - | 
| 401 | Access denied | - | 
| 403 | Forbidden | - | 
| 404 | Not Found | - | 
| 409 | Conflict | - | 
deleteUserUsingDELETE
deleteUserUsingDELETE(id)
Delete a user
Delete the specified user. Caller requires the USERS:REMOVE permission.
Example
Parameters
| Name | Type | Description | Notes | 
|---|---|---|---|
| id | String | The UUID of the user to be deleted. | 
Return type
null (empty response body)
Authorization
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
HTTP response details
| Status code | Description | Response headers | 
|---|---|---|
| 200 | Successful | - | 
| 400 | Bad Request | - | 
| 401 | Access denied | - | 
| 403 | Forbidden | - | 
| 404 | Not Found | - | 
| 409 | Conflict | - | 
deleteUsersUsingDELETE
List<DeleteUserResult> deleteUsersUsingDELETE(deleteUsersParms)
Delete multiple users
Delete multiple users. Caller requires the USERS:REMOVE permission.
Example
Parameters
| Name | Type | Description | Notes | 
|---|---|---|---|
| deleteUsersParms | DeleteUsersParms | 
Return type
Authorization
HTTP request headers
- Content-Type: application/json
- Accept: application/json
HTTP response details
| Status code | Description | Response headers | 
|---|---|---|
| 200 | Successful | - | 
| 400 | Bad Request | - | 
| 401 | Access denied | - | 
| 403 | Forbidden | - | 
| 404 | Not Found | - | 
| 409 | Conflict | - | 
modifyUserAOrganizationAssociationsUsingPUT
modifyUserAOrganizationAssociationsUsingPUT(userid, userOrganizationParms)
Modify user organization membership
Modify the list of organizations assigned to a specified user. Caller requires the USERS:EDIT permission.
Example
Parameters
| Name | Type | Description | Notes | 
|---|---|---|---|
| userid | String | The UUID of the user whose organization membership is to be modified. | |
| userOrganizationParms | UserOrganizationParms | 
Return type
null (empty response body)
Authorization
HTTP request headers
- Content-Type: application/json
- Accept: application/json
HTTP response details
| Status code | Description | Response headers | 
|---|---|---|
| 200 | Successful | - | 
| 400 | Bad Request | - | 
| 401 | Access denied | - | 
| 403 | Forbidden | - | 
| 404 | Not Found | - | 
| 409 | Conflict | - | 
syncUserUsingPOST
SyncUser syncUserUsingPOST(syncUserParms)
Synchronize a new user or an existing user
Synchronize a user. Caller requires the USERS:EDIT permission. An Identity as a Service directory must be configured and associated with an Identity as a Service Gateway 5.0 or later. If you unsynchronize a user using the unsync API, the user becomes locally managed. In order to set the user back to an AD Sync user, the user should be synchronized again using this API. Using an AD Sync crawl will only re-synchronize the user if the user is updated in AD (i.e., the user's last update time in AD is updated) or a new custom user attribute mapping is added for the directory (this resets The last update time for all users such that all AD users will be re-synchronlized).
The following response status attribute values are possible:
- CONVERTED: the locally managed Identity as a Service user was converted into an AD Sync user.
- CREATED: a new user was created as an AD Sync user.
- DELETED: the user was not found in AD and has been deleted in Identity as a Service.
- LOCALIZED_ENABLED: the user was not found in AD and has been set as locally managed and enabled in Identity as a Service.
- LOCALIZED_DISABLED: the user was not found in AD and has been set as locally managed and disabled in Identity as a Service.
- UPDATED: the user was synchronized.
Example
Parameters
| Name | Type | Description | Notes | 
|---|---|---|---|
| syncUserParms | SyncUserParms | 
Return type
Authorization
HTTP request headers
- Content-Type: application/json
- Accept: application/json
HTTP response details
| Status code | Description | Response headers | 
|---|---|---|
| 200 | Successful | - | 
| 400 | Bad Request | - | 
| 401 | Access denied | - | 
| 403 | Forbidden | - | 
| 404 | Not Found | - | 
| 409 | Conflict | - | 
unlockUserUsingPUT
unlockUserUsingPUT(id)
Unlock user
Unlock the specified user. Caller requires the USERS:EDIT permission.
Example
Parameters
| Name | Type | Description | Notes | 
|---|---|---|---|
| id | String | The UUID of the user that will be unlocked. | 
Return type
null (empty response body)
Authorization
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
HTTP response details
| Status code | Description | Response headers | 
|---|---|---|
| 200 | Successful | - | 
| 400 | Bad Request | - | 
| 401 | Access denied | - | 
| 403 | Forbidden | - | 
| 404 | Not Found | - | 
| 409 | Conflict | - | 
unsyncUserUsingPOST
unsyncUserUsingPOST(unsyncUserParms)
Unsynchronize an existing user
Unsynchronize a user. Caller requires the USERS:EDIT permission. An Identity as a Service directory must be configured and associated with an Identity as a Service Gateway 5.0 or later. If you unsynchronize a user using this API, the user becomes locally managed. In order to set the user back to an AD Sync user, the user should be synchronized again using the sync API. Using an AD Sync crawl will only re-synchronize the user if the user is updated in AD (i.e., the user's last update time in AD is updated) or a new custom user attribute mapping is added for the directory (this resets the last update time for all users such that all AD users will be re-synchronlized).
Example
Parameters
| Name | Type | Description | Notes | 
|---|---|---|---|
| unsyncUserParms | UnsyncUserParms | 
Return type
null (empty response body)
Authorization
HTTP request headers
- Content-Type: application/json
- Accept: application/json
HTTP response details
| Status code | Description | Response headers | 
|---|---|---|
| 200 | Successful | - | 
| 400 | Bad Request | - | 
| 401 | Access denied | - | 
| 403 | Forbidden | - | 
| 404 | Not Found | - | 
| 409 | Conflict | - | 
updateUserStateUsingPUT
updateUserStateUsingPUT(id, userChangeStateParms)
Update user state
Update the state of the specified user. Caller requires the USERS:EDIT permission.
Example
Parameters
| Name | Type | Description | Notes | 
|---|---|---|---|
| id | String | The UUID of the user whose state is to be updated. | |
| userChangeStateParms | UserChangeStateParms | 
Return type
null (empty response body)
Authorization
HTTP request headers
- Content-Type: application/json
- Accept: application/json
HTTP response details
| Status code | Description | Response headers | 
|---|---|---|
| 200 | Successful | - | 
| 400 | Bad Request | - | 
| 401 | Access denied | - | 
| 403 | Forbidden | - | 
| 404 | Not Found | - | 
| 409 | Conflict | - | 
updateUserUsingPUT
updateUserUsingPUT(id, userParms)
Update a user
Update the specified user. Caller requires the USERS:EDIT permission.
Example
Parameters
| Name | Type | Description | Notes | 
|---|---|---|---|
| id | String | The UUID of the user to be updated. | |
| userParms | UserParms | 
Return type
null (empty response body)
Authorization
HTTP request headers
- Content-Type: application/json
- Accept: application/json
HTTP response details
| Status code | Description | Response headers | 
|---|---|---|
| 200 | Successful | - | 
| 400 | Bad Request | - | 
| 401 | Access denied | - | 
| 403 | Forbidden | - | 
| 404 | Not Found | - | 
| 409 | Conflict | - | 
updateUsersUsingPUT
List<UpdateUserResult> updateUsersUsingPUT(updateUsersParms)
Update multiple users
Update multiple users. Caller requires the USERS:EDIT permission.
Example
Parameters
| Name | Type | Description | Notes | 
|---|---|---|---|
| updateUsersParms | UpdateUsersParms | 
Return type
Authorization
HTTP request headers
- Content-Type: application/json
- Accept: application/json
HTTP response details
| Status code | Description | Response headers | 
|---|---|---|
| 200 | Successful | - | 
| 400 | Bad Request | - | 
| 401 | Access denied | - | 
| 403 | Forbidden | - | 
| 404 | Not Found | - | 
| 409 | Conflict | - | 
userByExternalIdUsingPOST
User userByExternalIdUsingPOST(userGetParms)
Get a user by externalId
Get the user with the specified externalId. Caller requires the USERS:VIEW permission.
Example
Parameters
| Name | Type | Description | Notes | 
|---|---|---|---|
| userGetParms | UserGetParms | 
Return type
Authorization
HTTP request headers
- Content-Type: application/json
- Accept: application/json
HTTP response details
| Status code | Description | Response headers | 
|---|---|---|
| 200 | Successful | - | 
| 400 | Bad Request | - | 
| 401 | Access denied | - | 
| 403 | Forbidden | - | 
| 404 | Not Found | - | 
| 409 | Conflict | - | 
userByUseridUsingPOST
User userByUseridUsingPOST(userGetParms)
Get a user by userid or user alias
Get the specified user by userid or user alias. Caller requires the USERS:VIEW permission.
Example
Parameters
| Name | Type | Description | Notes | 
|---|---|---|---|
| userGetParms | UserGetParms | 
Return type
Authorization
HTTP request headers
- Content-Type: application/json
- Accept: application/json
HTTP response details
| Status code | Description | Response headers | 
|---|---|---|
| 200 | Successful | - | 
| 400 | Bad Request | - | 
| 401 | Access denied | - | 
| 403 | Forbidden | - | 
| 404 | Not Found | - | 
| 409 | Conflict | - | 
userUsingGET
User userUsingGET(id)
Get a user by UUID
Get the specified user by UUID. Caller requires the USERS:VIEW permission.
Example
Parameters
| Name | Type | Description | Notes | 
|---|---|---|---|
| id | String | The UUID of the user to be fetched. | 
Return type
Authorization
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
HTTP response details
| Status code | Description | Response headers | 
|---|---|---|
| 200 | Successful | - | 
| 400 | Bad Request | - | 
| 401 | Access denied | - | 
| 403 | Forbidden | - | 
| 404 | Not Found | - | 
| 409 | Conflict | - | 
usersPagedUsingPOST
UsersPage usersPagedUsingPOST(searchParms)
Lists a page of users
Returns users for the provided search parameters. Caller requires the USERS:VIEW permission. The following searchByAttributes are supported:
- userId: a String value (it matches both the User ID or any alias). Allowed operators are: EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH.
- groupId: a String value should be a UUID of an existing group. Allowed operator: EQUALS.
- roleId: a String value should be a UUID of an existing role. Allowed operator: EQUALS.
- authenticator: a String with value ENTRUST_SOFT_TOKEN or FIDO or GOOGLE_AUTHENTICATOR or GRID or HARDWARE_TOKEN or KBA or OTP or PASSWORD or SMARTCREDENTIALPUSH or TEMP_ACCESS_CODE or FACE or MAGICLINK. Allowed operator: EQUALS, NOT_EQUALS.
- state: ACTIVE or INACTIVE. Allowed operator: EQUALS.
- locked: 'true' is the only value allowed. Allowed operator: EQUALS.
- userType: a String with value LOCAL or SYNC or EXTERNAL. Allowed operator: EQUALS.
- registrationRequired: true or false. Allowed operator: EQUALS.
- verificationRequired: true or false. Allowed operator: EQUALS.
- lastAuthTime: a String value representing an ISO-8601 date in UTC time (e.g., 2018-08-04T18:15:30). Allowed operators are: GREATER_THAN, GREATER_THAN_OR_EQUAL, LESS_THAN, LESS_THAN_OR_EQUAL, EXISTS, NOT_EXISTS.
- passwordExpirationTime: a String value representing an ISO-8601 date in UTC time (e.g., 2018-08-04T18:15:30). Allowed operators are: GREATER_THAN, GREATER_THAN_OR_EQUAL, LESS_THAN, LESS_THAN_OR_EQUAL, EXISTS, NOT_EXISTS.
- organizationId: a String value should be a UUID of an existing organization. Allowed operator: EQUALS.
- passwordCompromised: true or false. Allowed operator: EQUALS.
If you provide more than one search attribute, they are joined with an AND condition.
The orderByAttribute supports these attribute names: userId, state, lastAuthTime.
The following attributes can be optionally included in the returned User object: grids, tokens, smartCredentials, tempAccessCode, fidoTokens, userAttributeValues, userAliases, groups, oauthRoles, authenticatorLockoutStatus, organizations
Example
Parameters
| Name | Type | Description | Notes | 
|---|---|---|---|
| searchParms | SearchParms | 
Return type
Authorization
HTTP request headers
- Content-Type: application/json
- Accept: application/json
HTTP response details
| Status code | Description | Response headers | 
|---|---|---|
| 200 | Successful | - | 
| 400 | Bad Request | - | 
| 401 | Access denied | - | 
| 403 | Forbidden | - | 
| 404 | Not Found | - | 
| 409 | Conflict | - |