Create a tenant asynchronously
POST/api/web/v5/async/tenants
Create a new tenant for a service provider. Caller requires the TENANTS:ADD permission from a service provider role.
Notes on CreateTenantParms attributes:
adminUser (UserParms):- The locale attribute is ignored if provided. It defaults to English for the first super administrator.
- The status attributes is ignored if provided. It defaults to ACTIVE for the first super administrator.
- The userId is required.
- The spRoleId attribute is not supported. An error is returned if provided.
- The contractMode attribute is required. It must be either TRIAL or PRODUCTION.
- The quantity attribute is required.
- entitlements.issuance (EntitlementParms.IssuanceParms):
- The entitlements.issuance attribute is required if you are creating an Issuance tenant.
- The serviceBundles attribute is required. One service bundle (of those supported by the service provider contract) must be defined.
Request
- application/json
Body
required
Array [
]
Array [
]
Array [
]
Array [
]
Array [
]
Array [
]
adminApiApplication
object
Parameters for the new application.
Determines if a long-lived token is allowed in this application.
The UUID of the application template. This value is only used when creating a new application. If not specified, the default admininstration API template is used.
Short description of application.
The UUID of the IP Addresses list.
Base64 encoded logo image.
Name of application.
The UUID of the Site role to be associated with the API application. Pass an empty string value to unset the site role. Either this value or spRoleId is required when creating the application.
The UUID of the service provider role to be associated with the API application. Pass an empty string to unset the service provider role. Either this value or roleId is required when creating the application.
adminUser
object
required
Attributes for the new user.
Indicates if the user is granted a new frozen grace period. This value is not used when creating a user. If provided, it will be ignored.
The email address of this user. This value may or may not be required depending on configuration. If it is required, it must be specified when creating the user. If it is required, it must be specified when updating the user and a value is not currently set. It must be set to use EMAIL OTP authentication and other features that require an email address. To remove the existing value, set the value to an empty string.
Indicates if a verification email message should be sent to the user if the user now requires verification. The user's policy requiring user verification must also be enabled for the user. If not set, this value defaults to true.
An optional external ID for this user. This value can be used to track the external identity of an Identity as a Service user. To unset the external ID, specify an empty string.
An optional value that describes the source when the user is synchronized from an external source. To unset the external source, specify an empty string.
The first name of this user. This value may or may not be required depending on configuration. If it is required, it must be specified when creating the user. If it is required, it must be specified when updating the user and a value is not currently set. To remove the existing value, set the value to an empty string.
A list of group UUIDs to be assigned to this user. If specified, these groups replace existing groups.
The last name of this user. This value may or may not be required depending on configuration. If it is required, it must be specified when creating the user. If it is required, it must be specified when updating the user and a value is not currently set. To remove the existing value, set the value to an empty string.
Possible values: [da, de, en, es, fr, it, ja, ko, nl, nb, pl, pt, ru, sv, th, tr, zh-cn, zh-tw]
The locale of this user. If not set, the default account locale will be used. To remove the existing value, set the value to an empty string.
Indicates if all the user's authenticators are locked or not.
The mobile number of this user. This value may or may not be required depending on configuration. If it is required, it must be specified when creating the user. If it is required, it must be specified when updating the user and a value is not currently set. It must be set to use SMS OTP authentication. To remove the existing value, set the value to an empty string.
A list of oauth role UUIDs to be assigned to this user. If specified, these oauth roles replace existing oauth roles.
A list of organization UUIDs to be assigned to this user. If specified, these organizations replace existing organizations.
The phone number of this user. This value may or may not be required depending on configuration. If it is required, it must be specified when creating the user. If it is required, it must be specified when updating the user and a value is not currently set. It must be set to use VOICE OTP authentication. To remove the existing value, set the value to an empty string.
Possible values: [EMAIL, SMS, VOICE, SYSTEM]
Preferred OTP delivery type (SMS, EMAIL or VOICE) or SYSTEM to use the system defined default.
preferredOtpDeliveryContactAttributes
object
Preferred OTP delivery contact attribute for the given type (i.e., OTP_EMAIL, OTP_SMS, OTP_VOICE. An empty string means no override for that type).
Preferred OTP delivery contact attribute for the given type (i.e., OTP_EMAIL, OTP_SMS, OTP_VOICE. An empty string means no override for that type).
Indicates whether self-registration is required. If not set when the user is created, this value defaults to true.
The security ID of this user. The security ID is a unique value used to identity the user when performing smart card login to Microsoft Windows.
Possible values: [ACTIVE, INACTIVE]
The state of this user. Only users in the ACTIVE state can perform authentication. If not set when the user is created, this value defaults to ACTIVE.
userAliases
object[]
A list of user aliases for this user. Alias values must be unique with respect to the userId and other aliases of this user and other users.
The UUID of this user alias set when the user alias is created.
Possible values: [CUSTOM, DERIVED, USERID]
The type of user alias. A value of USERID is used for an alias that will represent the actual user id value. A value of CUSTOM is used for aliases manually created by an administrator. A value of DERIVED is defined for future use and should not be used at this time.
The UUID of the user to which this user alias belongs.
The value for the user alias.
userAttributeValues
object[]
A list of user attribute values for this user.
A flag indicating if this user attribute value can be modified.
The UUID of this user attribute value set when the user attribute value is created.
The last time the attribute value was updated.
userAttribute
object
Information about user attribute definitions.
The UUID for this user attribute. Generated when the user attribute is created.
A flag indicating if users must have a value for this user attribute.
The name of this user attribute.
A flag indicating if this user attribute is one of the system defined user attributes.
Possible values: [NONE, OTP_EMAIL, OTP_SMS, OTP_VOICE]
Type of user attribute. Currently only used to specify the type of contact if the attribute is to be used for OTP delivery.
A flag indicating if this attribute is intended to be unique.
The UUID of the user attribute that defines this user attribute value. The userAttributeId must be provided when creating or modifying a user attribute value.
The UUID of the user to which this user attribute value belongs.
The value for the user attribute.
userExtraAttributes
object[]
A list of extra optional attributes for this user.
The name for the extra user attribute.
Possible values: [NONE, OTP_EMAIL, OTP_SMS, OTP_VOICE]
Type of custom user attribute.
The value for the extra user attribute.
The user ID for this user. This value is required when creating the user, optional during update. The userId must be unique with respect to aliases of this user and the userId and aliases of all other users.
The user principal name of this user. This value may or may not be required depending on configuration. If it is required, it must be specified when creating the user. If it is required, it must be specified when updating the user and a value is not currently set. To remove the existing value, set the value to an empty string.
Indicates whether verification is required. If not set when the user is created, this value defaults to true.
A flag indicating if a welcome email should be delivered. If not set, it defaults to false.
entitlements
object
Parameters passed when setting the entitlements of a tenant. Entitlements are required.
additionalFeatures
object
Additional feature
Enhanced geo location additional feature.
Possible values: [PRODUCTION, TRIAL, UNKNOWN]
The contract mode of a tenant, allowable values = 'PRODUCTION', 'TRIAL', example='TRIAL'.
The contract number.
The customer ID.
The date this entitlement will end. The value must be after the start date. If not specified, this value defaults to the end date of the service provider's entitlement.
The entitlement ID.
flashPass
object
Parameters passed when setting the Issuance entitlements of a tenant.
Possible values: [25, 100]
The number of FlashPass pass claims allowed during the Trial period.
Parameters passed when setting the fleet management entitlements of a tenant.
idProofing
object[]
The ID Proofing entitlements.
Possible values: [PRE_PAID, PAY_PER_USE]
The model used for billing.
The date this entitlement will end (required). The value must be after the start date.
Possible values: >= 1 and <= 50000000
The number of entitlements assigned to the tenant (required if billingType is PRE_PAID).
The date this entitlement will start (required).
issuance
object
Parameters passed when setting the Issuance entitlements of a tenant.
Add on column to store printer cert flag
The date when the Trial period will end. The value must be after the start date. If specified, this value cannot be more than 30 days after start date.
Possible values: [25, 100]
The number of print jobs allowed during the Trial period.
serviceBundles
object[]
The service bundles supported. At least one bundle must be defined.
Possible values: [ADVANCED, ESSENTIALS, PROFESSIONAL, API, STANDARD, PLUS, PREMIUM, CONSUMER]
Identifies the bundle.
A number that allows to sort bundles of the same category by precedence. Read-only currently.
An identifier used to report usage for this bundle.
The date when the Trial period starts. This value cannot be in the future. If not specified, it defaults to the current date.
Parameters passed when setting the Printer entitlements of a tenant.
Possible values: >= 1 and <= 50000000
The number of entitlements assigned to the tenant (required during creation). The service provider must have enough available entitlements to meet this request.
Whether Smart Card Smart Login is enabled or not.
smsVoice
object
Parameters passed when setting the SMS/Voice entitlements of a tenant.
The date when the entitlement period will end. The value must be after the start date.
The number of SMS/Voice credits allowed during the entitlement period.
The number of SMS/Voice credits allowed when the entitlement is renewed.
The date when the entitlement period starts. This value cannot be in the future. If not specified, it defaults to the current date.
The date this entitlement will start. If not specified, it defaults to the current date. This value cannot be in the future.
Possible values: [ACTIVE, INACTIVE, TERMINATED]
The status of this entitlement.
Possible values: [USERS, TRANSACTIONS]
The type of entitlement. Currently this value must be USERS. If not specified, this value defaults to USERS.
Possible values: [USERS, TRANSACTIONS]
[DEPRECATED] The type of entitlement (ignored if type is provided). Currently this value must be USERS. If not specified, this value defaults to USERS.
userBundles
object[]
The entitlement bundles that defines the set of features available for authentication accounts.
Possible values: [ADVANCED, ESSENTIALS, PROFESSIONAL, API, STANDARD, PLUS, PREMIUM, CONSUMER]
Identifies the bundle.
A number that allows to sort bundles of the same category by precedence. Read-only currently.
An identifier used to report usage for this bundle.
Possible values: [PRE_PAID, PAY_PER_USE]
The billing type for user entitlements. Defaults to PRE_PAID if not provided.
tenant
object
required
Parameters passed when creating a tenant.
When creating a new tenant as a child of the root service provider set this to true if the tenant is to be an authentication service. If not specified, it defaults to true. You cannot set the authenticate and issuance values to both true or both false. A child of a non-root service provider inherits the value of its service provider and if specified, this value is ignored.
The country two-letter code (ISO 3166-1) of the location of the company that will own this account.
The name of the company that will own this account. This value is required.
The province/state two-letter code (postal abbreviation) of the location of the company that will own this account. This value is required for companies in the United States or Canada when the companyCountry attribute is provided.
The domain for this account. This value is required when creating a tenant
When creating a new tenant as a child of the root service provider set this to true if the tenant is to be an issuance service. If not specified, it defaults to false. You cannot set the authenticate and issuance values to both true or both false. A child of a non-root service provider inherits the value of its service provider and if specified, this value is ignored.
When creating a new tenant set this to true if the tenant is to be a service provider.
Responses
- 200
- 400
- 401
- 403
- 404
- 409
Successful
- application/json
- Schema
- Example (from schema)
Schema
The error message describing the first error encountered processing the operation.
The unique UUID of the operation. Used to get status and results of operation
The time this operation was initialized.
The time at which the operation completed processing.
The time at which the operation began processing.
How long the operation took to complete processing in milliseconds.
Possible values: [FAILED, CANCELLED, COMPLETED, AWAITING_DATA, PROCESSING, SCHEDULED]
The state of the operation.
The subject of this operation.
{
"errorMessage": "string",
"id": "string",
"initTime": "2019-02-19T13:15:27Z",
"processingEndTime": "2019-02-19T13:15:27Z",
"processingStartTime": "2019-02-19T13:15:27Z",
"processingTime": 0,
"state": "FAILED",
"subject": "string"
}
Bad Request
- application/json
- Schema
- Example (from schema)
Schema
Error Codes specific to cause of failure.
Additional Error Message describing the error.
Optional additional error information.
{
"errorCode": "invalid_user_response",
"errorMessage": "Application id cannot be null",
"parameters": [
{}
]
}
Access denied
- application/json
- Schema
- Example (from schema)
Schema
Error Codes specific to cause of failure.
Additional Error Message describing the error.
Optional additional error information.
{
"errorCode": "invalid_user_response",
"errorMessage": "Application id cannot be null",
"parameters": [
{}
]
}
Forbidden
- application/json
- Schema
- Example (from schema)
Schema
Error Codes specific to cause of failure.
Additional Error Message describing the error.
Optional additional error information.
{
"errorCode": "invalid_user_response",
"errorMessage": "Application id cannot be null",
"parameters": [
{}
]
}
Not Found
- application/json
- Schema
- Example (from schema)
Schema
Error Codes specific to cause of failure.
Additional Error Message describing the error.
Optional additional error information.
{
"errorCode": "invalid_user_response",
"errorMessage": "Application id cannot be null",
"parameters": [
{}
]
}
Conflict
- application/json
- Schema
- Example (from schema)
Schema
Error Codes specific to cause of failure.
Additional Error Message describing the error.
Optional additional error information.
{
"errorCode": "invalid_user_response",
"errorMessage": "Application id cannot be null",
"parameters": [
{}
]
}