Skip to main content

Get a user by UUID

GET 
/api/web/v3/users/:id

Get the specified user by UUID. Caller requires the USERS:VIEW permission.

Request

Path Parameters

    id stringrequired

    The UUID of the user to be fetched.

Responses

Successful

Schema

    alternateEmails

    object[]

    A list of all the users alternate emails.

  • Array [

    • name string

    Name of the email attribute.

    value string

    Value of the email attribute.

  • ]

    • authenticatorLockoutStatus

    object[]

    A list of all authenticators that the user has with their lockout status.

  • Array [

    • lockoutDate date-time

    The date the user was locked. Null means the user is not locked.

    lockoutExpiryDate date-time

    if remainingAuthenticationAttempts is 0 then a lockoutExpiryDate of null means the lockout never expires. Otherwise a value of null means the user isn't locked out.

    remainingAuthenticationAttempts int32

    The number of authentication attempts remaining before the user is locked out.

    type string

    Possible values: [MACHINE, PASSWORD, EXTERNAL, KBA, TEMP_ACCESS_CODE, OTP, GRID, TOKEN, TOKENPUSH, FIDO, SMARTCREDENTIALPUSH, PASSWORD_AND_SECONDFACTOR, SMART_LOGIN, IDP, PASSKEY, IDP_AND_SECONDFACTOR, USER_CERTIFICATE, FACE]

    The type of the authenticator.

  • ]

    • directoryDN string

    The DN of the user in the directory the user was synchronized from.

    directoryId string

    If the user was synchronized from a directory, the UUID of that directory.

    directoryName string

    If the user was synchronized from a directory, the name of that directory.

    directoryObjectGUID string

    The objectGUID of the user in the directory the user was synchronized from.

    directoryType string

    Possible values: [ON_PREM, AZURE, AD_CONNECTOR]

    The type of the directory user was synchronized from.

    email string

    The email address of this user. This value may or may not be required depending on configuration. It must be set to use EMAIL OTP authentication and other features that require an email address.

    externalId string

    An optional external ID for this user. This value can be used to track the external identity of an Identity as a Service user.

    externalSource string

    An optional value that describes the source when the user is synchronized from an external source.

    fidoTokens

    object[]

    A list of all the FIDO tokens owned by this user.

  • Array [

    • allowedActions string[]

    Possible values: [DELETE, ENABLE, DISABLE, RENAME]

    Administration actions that can be performed on this FIDO token.

    createDate date-time

    The date on which the FIDO token was created.

    id string

    The unique UUID assigned to the fido token when it is registered.

    lastUsedDate date-time

    The date on which this FIDO token was last used for authentication. This value will be null if the FIDO token has never been used.

    name string

    The name of this FIDO token.

    origin string

    The origin of where the FIDO token was generated.

    relyingPartyId string

    The relying party ID of where the FIDO token was generated.

    state string

    Possible values: [ACTIVE, INACTIVE]

    The state of this FIDO token. Only FIDO tokens in the ACTIVE state can be used for authentication.

    userId string

    The user Id of the user who owns this FIDO token.

    userIdStored boolean

    Indicates if the userId was stored on the FIDO token.

    userUUID string

    The UUID of the user who owns this FIDO token.

  • ]

    • firstName string

    The first name of this user. This value may or may not be required depending on configuration.

    frozen boolean

    Indicates whether a user is unable to authenticate due to inactivity.

    frozenGracePeriod date-time

    Indicates a user's frozen grace period.

    grids

    object[]

    A list of all the grids owned by this user.

  • Array [

    • allowedActions string[]

    Possible values: [CANCEL, DELETE, ENABLE, DISABLE, ASSIGN, UNASSIGN]

    A list of what actions are currently allowed for this grid.

    assignDate date-time

    For unassigned grids which were assigned to the user, the date on which the grid was assigned.

    createDate date-time

    The date on which the grid was created.

    expired boolean

    A flag indicating if this grid is currently expired.

    expiryDate date-time

    If the grid policy defines an expiry date, the date on which this grid will expire. Expired grids cannot be used for authentication.

    gridContents array[]

    The grid contents of this grid. Only administrators with the GRIDCONTENTS:VIEW permission will receive this value.

    groups string[]

    The UUIDs of groups to which this grid belongs. This value is only used for unassigned grids. Only groups to which the current administrator has access will be returned.

    id string

    The unique UUID assigned to the grid when it is created.

    lastUsedDate date-time

    The date on which this grid was last used for authentication. This value will be null if the grid has never been used.

    serialNumber int64

    The unique numeric serial number assigned to the grid when it is created.

    state string

    Possible values: [ACTIVE, INACTIVE, UNASSIGNED, PENDING, CANCELED]

    The state of this grid. Only grids in the ACTIVE or PENDING state can be used for authentication.

    userId string

    The UUID of the user who owns this grid. If the grid is not assigned, this value will be null.

    userName string

    The user Id for this user. If the grid is not assigned, this value will be null.

  • ]

    • groups

    object[]

    A list of all groups to which this user belongs.

  • Array [

    • created date-time

    When the group was created.

    externalId string

    The externalId of this group.

    id string

    The UUID of this group. This value is generated when the group is created.

    lastModified date-time

    When the group was last modified.

    name stringrequired

    The name of this group.

    type string

    Possible values: [LDAP_AD, MGMT_UI]

    The type of group indicating if this group was synchronized from a directory (LDAP_AD) or was created in Identity as a Service (MGMT_UI).

  • ]

    • id string

    The unique UUID for this user. This value is generated by the service when a user is created.

    lastAuthTime date-time

    The last time this user successfully authenticated. Null if the user has never authenticated.

    lastModified date-time

    When the user was last modified.

    lastName string

    The last name of this user. This value may or may not be required depending on configuration.

    locale string

    The locale of this user. If not set, the default account locale will be used.

    locked boolean

    A flag indicating if this user is locked.

    lockedAuthenticatorTypes string[]

    Possible values: [MACHINE, PASSWORD, EXTERNAL, KBA, TEMP_ACCESS_CODE, OTP, GRID, TOKEN, TOKENPUSH, FIDO, SMARTCREDENTIALPUSH, PASSWORD_AND_SECONDFACTOR, SMART_LOGIN, IDP, PASSKEY, IDP_AND_SECONDFACTOR, USER_CERTIFICATE, FACE]

    The user authenticators that are locked.

    lockedAuthenticators string[]deprecated

    Possible values: [PASSWORD, KBA, TEMP_ACCESS_CODE, GRID, OTP_EMAIL, OTP_SMS, OTP_VOICE, ENTRUST_SOFT_TOKEN, ENTRUST_SOFT_TOKEN_PUSH, GOOGLE_AUTHENTICATOR, HARDWARE_TOKEN, FIDO, SMARTCREDENTIALPUSH, USER_CERTIFICATE, MACHINE, FACE]

    The user authenticators that are locked. Deprecated: use lockedAuthenticatorTypes

    lockoutExpiry date-time

    If the user is locked, this value will specify the time at which the lockout will expire.

    magicLinkEnabled boolean

    Indicates whether Magic Links are enabled for this user.

    migrated boolean

    A flag indicating if this user was migrated from Entrust IdentityGuard.

    mobile string

    The mobile number of this user. This value may or may not be required depending on configuration. It must be set to use SMS OTP authentication.

    oauthRoles

    object[]

    A list of all oauth roles to which this user belongs.

  • Array [

    • ancestorIds string[]required

    The set of ancestor oauth role ids.

    descendantIds string[]required

    The set of descendant oauth role ids.

    description string

    The description of this oauth role.

    id stringrequired

    The UUID of this oauth role. This value is generated when the oauth role is created.

    inheritedResourceServerScopeIds string[]required

    The set of resource server scopes ids associated with this oauth role based on inheritance from its ancestors.

    name stringrequired

    The name of this oauth role.

    parentId string

    The UUID of the parent of this oauth role, if one exists.

    resourceServerScopeIds string[]required

    The set of resource server scopes ids associated with this oauth role.

  • ]

    • organizations

    object[]

    A list of the user organizations.

  • Array [

    • description string

    The description of the organization.

    displayName stringrequired

    The display name of the organization.

    id stringrequired

    The unique UUID assigned to the organization when it is created.

    logoUri string

    The URI of the logo to display when showing organizations.

    name stringrequired

    The name of the organization.

  • ]

    • otpCreateTime date-time

    If the user has an OTP, this attribute specifies when the user's OTP was created.

    passwordExpirationTime date-time

    The password expiration time.

    phone string

    The phone number of this user. This value may or may not be required depending on configuration. It must be set to use VOICE OTP authentication.

    preferredOtpDelivery string

    Possible values: [EMAIL, SMS, VOICE, SYSTEM]

    Preferred OTP delivery type (SMS, EMAIL or VOICE) or SYSTEM to use the system defined default.

    preferredOtpDeliveryContactAttributes

    object

    Preferred OTP delivery contact attribute for the given type (i.e., OTP_EMAIL, OTP_SMS, OTP_VOICE. An empty string means no override for that type).

    property name* string

    Preferred OTP delivery contact attribute for the given type (i.e., OTP_EMAIL, OTP_SMS, OTP_VOICE. An empty string means no override for that type).

    registrationEnabled boolean

    Indicates whether registration is enabled for this user.

    registrationRequired boolean

    Indicates whether self-registration is required. This attribute doesn't apply to administrators.

    securityId string

    The security ID of this user. The security ID is a unique value used to identity the user when performing smart card login to Microsoft Windows.

    showNotification boolean

    Indicates whether to show notifications to this user.

    smartCredentials

    object[]

    A list of all the smart credentials owned by this user.

  • Array [

    • allowedActions string[]

    Possible values: [ACTIVATE, REACTIVATE, UPDATE, UNASSIGN, UNBLOCK, ENABLE, DISABLE, DELETE, VIEW_CERTIFICATES]

    A list of administration actions currently allowed for this smart credential.

    cardDigitalConfig

    object

    Information that defines how digital ids are created in the CA.

    allCAGroups boolean

    If true, digital ids using this config will be set to have all CA groups.

    caGroups string[]

    If allCAGroups is set to false then digital ids using this config will use this specified list of CA groups.

    caId string

    The UUID of the CA for this digital id config.

    caName string

    The name of the CA for this digital id config.

    caType string

    Possible values: [EDC, MS, PKIAAS]

    The CA type of this Digital Id Config.

    certTemplates

    object[]

    A list of cert templates associated with this digital id config.

  • Array [

    • digitalIdConfigId string

    The UUID of the Digital Id Config that owns this Digital Id Config Cert Template.

    id string

    The UUID of the Digital Id Config Cert Template.

    keyType string

    Possible values: [RSA_2048, EC_P_256]

    The key type of the Digital Id Config Cert Template.

    name string

    The name of the Digital Id Config Cert Template.

    pivContainer string

    Possible values: [PivAuth, CardAuth, DigSig, KeyMgmt, None]

    The PIV container of the Digital Id Config Cert Template.

  • ]

    • certificateType string

    The CA certificate type which digital ids using this config will use.

    digitalIdConfigTemplateId string

    When creating a digital id config, default values can be provided from this specified digital id config template.

    directoryEntry boolean

    A flag indicating if digital ids using this config will create directory entries in the CA.

    dnFormat string

    The format which digital ids using this config will use for their DN.

    dnFormatSearchbaseIncluded boolean

    Whether digital ids using this config should include the searchbase in their DN.

    id string

    The UUID of this Digital Id Config.

    name string

    The name of this Digital Id Config.

    role string

    The CA role which digital ids using this config will use.

    searchbase string

    The searchbase within the CA in which digital ids using this config will be created.

    subjectAltNames

    object[]

    A list of subjectAltNames associated with this digital id config.

  • Array [

    • digitalIdConfigId string

    The UUID of the digital id config that owns this subjectAltName.

    id string

    The UUID of this Digital Id Config SubjectAltName.

    type string

    Possible values: [EMAIL, UPN, IP, DNS, OTHER, X400, DN, EDI, URI, REGISTERED_ID]

    The type of subjectAltName.

    value string

    The value for the subjectAltName.

  • ]

    • type string

    Possible values: [PIV_CARDHOLDER, PIV_CARD]

    The type of digital id.

    userType string

    The CA user type which digital ids using this config will use.

    variables

    object[]

    A list of variables associated with this digital id config.

  • Array [

    • digitalIdConfigId string

    The UUID of the Digital Id Config that owns this Digital Id Config Variable.

    id string

    The UUID of the Digital Id Config Variable.

    includedInDN boolean

    A flag indicating if values for this variable are included in the Digital Id's DN when it is generated by the CA.

    name string

    The name of the Digital Id Config Variable.

    type string

    Possible values: [CERTIFICATE, USER, VARIABLE, CUSTOM]

    The type of the Digital Id Config Variable.

    value string

    The value of the Digital Id Config Variable.

  • ]

    • cardDigitalConfigId string

    The UUID of the Card Digital Id config of this smart credential. If not set, the smart credential will not have a Card Digital Id.

    cardDigitalConfigRequired boolean

    Indicates if the card digitalid config is required or not.

    cardHolderDigitalConfig

    object

    Information that defines how digital ids are created in the CA.

    allCAGroups boolean

    If true, digital ids using this config will be set to have all CA groups.

    caGroups string[]

    If allCAGroups is set to false then digital ids using this config will use this specified list of CA groups.

    caId string

    The UUID of the CA for this digital id config.

    caName string

    The name of the CA for this digital id config.

    caType string

    Possible values: [EDC, MS, PKIAAS]

    The CA type of this Digital Id Config.

    certTemplates

    object[]

    A list of cert templates associated with this digital id config.

  • Array [

    • digitalIdConfigId string

    The UUID of the Digital Id Config that owns this Digital Id Config Cert Template.

    id string

    The UUID of the Digital Id Config Cert Template.

    keyType string

    Possible values: [RSA_2048, EC_P_256]

    The key type of the Digital Id Config Cert Template.

    name string

    The name of the Digital Id Config Cert Template.

    pivContainer string

    Possible values: [PivAuth, CardAuth, DigSig, KeyMgmt, None]

    The PIV container of the Digital Id Config Cert Template.

  • ]

    • certificateType string

    The CA certificate type which digital ids using this config will use.

    digitalIdConfigTemplateId string

    When creating a digital id config, default values can be provided from this specified digital id config template.

    directoryEntry boolean

    A flag indicating if digital ids using this config will create directory entries in the CA.

    dnFormat string

    The format which digital ids using this config will use for their DN.

    dnFormatSearchbaseIncluded boolean

    Whether digital ids using this config should include the searchbase in their DN.

    id string

    The UUID of this Digital Id Config.

    name string

    The name of this Digital Id Config.

    role string

    The CA role which digital ids using this config will use.

    searchbase string

    The searchbase within the CA in which digital ids using this config will be created.

    subjectAltNames

    object[]

    A list of subjectAltNames associated with this digital id config.

  • Array [

    • digitalIdConfigId string

    The UUID of the digital id config that owns this subjectAltName.

    id string

    The UUID of this Digital Id Config SubjectAltName.

    type string

    Possible values: [EMAIL, UPN, IP, DNS, OTHER, X400, DN, EDI, URI, REGISTERED_ID]

    The type of subjectAltName.

    value string

    The value for the subjectAltName.

  • ]

    • type string

    Possible values: [PIV_CARDHOLDER, PIV_CARD]

    The type of digital id.

    userType string

    The CA user type which digital ids using this config will use.

    variables

    object[]

    A list of variables associated with this digital id config.

  • Array [

    • digitalIdConfigId string

    The UUID of the Digital Id Config that owns this Digital Id Config Variable.

    id string

    The UUID of the Digital Id Config Variable.

    includedInDN boolean

    A flag indicating if values for this variable are included in the Digital Id's DN when it is generated by the CA.

    name string

    The name of the Digital Id Config Variable.

    type string

    Possible values: [CERTIFICATE, USER, VARIABLE, CUSTOM]

    The type of the Digital Id Config Variable.

    value string

    The value of the Digital Id Config Variable.

  • ]

    • cardHolderDigitalConfigId string

    The UUID of the Card Holder Digital Id config of this smart credential. If not set, the smart credential will not have a Card Holder Digital Id.

    cardHolderDigitalConfigRequired boolean

    Indicates if the card holder digitalid config is required or not.

    certificates

    object[]

    A list of certificates associated with this smart credential.

  • Array [

    • description string

    The description providing the purpose of this certificate.

    digitalIdId string

    The UUID of the digital id to which this certificate belongs

    digitalIdType string

    Possible values: [PIV_CARDHOLDER, PIV_CARD]

    The type of the digital Id to which this certificate belongs.

    id string

    The UUID of this Digital Id Certificate.

    issuerDN string

    The issuer DN of this certificate.

    notAfter date-time

    The expiry date of this certificate.

    notBefore date-time

    The issue date of this certificate.

    pivContainer string

    The name of the PIV container that stores this certificate on the smart card.

    serialNumber string

    The serial number of this certificate.

    status string

    Possible values: [ACTIVE, REVOKED, HOLD, EXPIRED, NOT_AVAILABLE]

    The status of this certificate. If not set, the revocation status has not been retrieved from the CA.

    subjectDN string

    The subject DN of this certificate.

  • ]

    • chipId string

    The chip id of the smart card set when the smart credential is encoded.

    digitalIds

    object[]

    A list of digital ids associated with this smart credential.

  • Array [

    • certificates

    object[]

    The certificates associated with this digital id.

  • Array [

    • description string

    The description providing the purpose of this certificate.

    digitalIdId string

    The UUID of the digital id to which this certificate belongs

    digitalIdType string

    Possible values: [PIV_CARDHOLDER, PIV_CARD]

    The type of the digital Id to which this certificate belongs.

    id string

    The UUID of this Digital Id Certificate.

    issuerDN string

    The issuer DN of this certificate.

    notAfter date-time

    The expiry date of this certificate.

    notBefore date-time

    The issue date of this certificate.

    pivContainer string

    The name of the PIV container that stores this certificate on the smart card.

    serialNumber string

    The serial number of this certificate.

    status string

    Possible values: [ACTIVE, REVOKED, HOLD, EXPIRED, NOT_AVAILABLE]

    The status of this certificate. If not set, the revocation status has not been retrieved from the CA.

    subjectDN string

    The subject DN of this certificate.

  • ]

    • digitalIdConfigId string

    The UUID of the digital Id config that defines this digital Id.

    digitalIdConfigName string

    The name of the digital id Config that defines this digital Id.

    digitalIdConfigType string

    Possible values: [PIV_CARDHOLDER, PIV_CARD]

    The type of this digital Id.

    dn string

    The current DN of the digital id.

    id string

    The UUID of this DigitalId.

  • ]

    • encodeMsg string

    For smart credentials that have failed to encode, the encode message stores a message providing information about the failure.

    encodeState string

    Possible values: [ENCODE_START, ENCODE_DONE, ENCODE_ERROR]

    The encode state of a smart credential indicates if encoding has started, completed successfully or failed.

    enrollState string

    Possible values: [ENROLLING, ENROLLED]

    The enrollment state of a smart credential indicates if all of the necessary enrollment values have been collected. Only smart credentials in the ENROLLED state can be activated.

    expiryDate date-time

    For issued smart credentials, the expiry date is the date on which the smart credential will expire.

    id string

    The unique UUID assigned to the smart credential when it is created.

    issueDate date-time

    The date on which the smart credential was issued.

    notifyEnabled boolean

    A flag indicating if notification is enabled for this smart credential.

    platform string

    The platform of the Mobile SC application on which this smart credential was encoded.

    scDefnId string

    The UUID of the Smart Credential Definition that defines this smart credential.

    scDefnName string

    The name of the smart credential definition of this smart credential.

    serialNumber string

    The unique serial number of the smart credential generated when it is created.

    state string

    Possible values: [ACTIVE, INACTIVE]

    The state of the smart credential. Only smart credentials in the ACTIVE state can be used for authentication.

    userId string

    The UUID of the user that owns this smart credential.

    userUserId string

    The user Id of the user that owns this smart credential.

    variableValues

    object[]

    Variable values for this smart credential

  • Array [

    • scDefnVariable

    object

    SC Defn Variables define the details about variables defined in the SC Defn.

    defaultValue string

    The default value of this variable.

    displayable boolean

    A flag indicating if values for this variable should be displayed.

    generate boolean

    A flag indicating if the initial value for this variable should be generated.

    generateLength int32

    A length value used when generating values for this variable.

    id string

    The UUID of this SC Defn Variable.

    modifiable boolean

    A flag indicating if values for this variable can be modified.

    name string

    The name of this SC Defn Variable.

    order int32

    A value that specifies the order of this variable with respect to the other variables in the SC Defn.

    prompt string

    Optional prompt to be used when prompting for a value for this variable.

    required boolean

    A flag indicating if a value is required for this variable.

    restrictionDigits string

    Possible values: [ALLOWED, REQUIRED, NOT_ALLOWED, NOT_SET]

    A value specifying restrictions on digits appearing in values of this variable.

    restrictionLower string

    Possible values: [ALLOWED, REQUIRED, NOT_ALLOWED, NOT_SET]

    A value specifying restrictions on lowercase characters appearing in values of this variable.

    restrictionMax int32

    A value indicating a maximum for values of this variable. How this is enforced depends on the variable type.

    restrictionMin int32

    A value indicating a minimum for values of this variable. How this is enforced depends on the variable type.

    restrictionRegex string

    A value specifying a regex that values of this variable must match.

    restrictionSpecial string

    Possible values: [ALLOWED, REQUIRED, NOT_ALLOWED, NOT_SET]

    A value specifying restrictions on special characters appearing in values of this variable.

    restrictionUpper string

    Possible values: [ALLOWED, REQUIRED, NOT_ALLOWED, NOT_SET]

    A value specifying restrictions on uppercase characters appearing in values of this variable.

    scDefnId string

    The UUID of the SC Defn that owns this variable definition.

    type string

    Possible values: [STRING, BOOLEAN, INTEGER, UUID]

    The type of this variable.

    uniqueness string

    Possible values: [GLOBAL, USER, NONE]

    A flag indicating if values of this variable must be unique and if so within what scope.

    uniquenessScopeId string

    A value that allows a variable to be defined unique in the scope of another variable.

    scDefnVariableId string

    The UUID of the SC Defn Variable that defines the variable.

    value string

    The variable value.

  • ]

    • version string

    The version of the Mobile SC application on which this smart credential was encoded.

  • ]

    • state string

    Possible values: [ACTIVE, INACTIVE]

    The state of this user. Only users in the ACTIVE state can perform authentication.

    tempAccessCode

    object

    Information returned from the service about a temporary access code.

    code string

    The actual temporary access code. This value will only be returned if the administrator has the TEMPACCESSCODECONTENTS:VIEW permission.

    createDate date-time

    The date on which this temporary access code was created.

    expired boolean

    A flag indicating if this temporary access code is expired now.

    expiryDate date-time

    The expiry date of this temporary access code. If not set, it never expires.

    id string

    The unique UUID assigned to the temporary access code when it is created.

    maxUses int32

    The maximum number of times this temporary access code can be used. If not set, there are no limits.

    numUses int32

    The number of times this temporary access code has been used.

    tokens

    object[]

    A list of all the tokens owned by this user.

  • Array [

    • algorithmType string

    Possible values: [AT, OATH_HOTP, OATH_OCRA, OATH_TOTP, VENDOR]

    The algorithm type used by the token that was created or loaded into the system to generate OTP values.

    allowedActions string[]

    Possible values: [ACTIVATE, REACTIVATE, ACTIVATE_COMPLETE, DELETE, UNLOCK, ENABLE, DISABLE, RESET, ASSIGN, UNASSIGN]

    Actions that can be performed on this token.

    description string

    Optional text describing this token.

    groups string[]

    The UUIDs of groups to which this token belongs. This value is only used for unassigned tokens. Only groups to which the current administrator has access will be returned.

    id string

    The unique UUID assigned to the token when it is created.

    label string

    Optional label to identify an assigned token: a String up to 100 characters.

    lastUsedDate date-time

    The date on which the token was last used for authentication. This value will be null if the token has never been used.

    loadDate date-time

    The date on which the token was created or loaded into the system.

    logo string

    Base-64 encoded logo. If a custom logo is provided by the customer it is returned. Otherwise a system default logo is returned.

    name string

    An optional name for the token.

    platform string

    The mobile device platform on which an Entrust Soft Token was activated.

    registeredForTransactions boolean

    A flag indicating if the Entrust Soft Token has registered for transactions. Only tokens that are registered can perform token push authentication.

    serialNumber string

    The serial number of the token either generated when the token was created or loaded into the system.

    state string

    Possible values: [NEW, ACTIVATING, ACTIVE, INACTIVE, UNASSIGNED]

    The state of the token. For most tokens, only tokens in the ACTIVE state can be used for authentication. Google Authenticator tokens in the ACTIVATING state can also be used for authentication.

    supportsChallengeResponse boolean

    A flag indicating if the Token supports challenge response processing.

    supportsResponse boolean

    A flag indicating if the Token supports response processing.

    supportsSignature boolean

    A flag indicating if the Token supports signature processing.

    supportsUnlock boolean

    A flag indicating if the Token supports unlock processing.

    supportsUnlockTOTP boolean

    A flag indicating if the Token supports unlock using TOTP processing.

    type string

    Possible values: [ENTRUST_PHYSICAL_TOKEN, ENTRUST_SOFT_TOKEN, GOOGLE_AUTHENTICATOR, OATH_PHYSICAL_TOKEN, ENTRUST_LEGACY_TOKEN]

    The type of token specified when the token was created or loaded into the system.

    userId string

    If the token is assigned to a user, this value specifies that user's user id.

  • ]

    • type string

    Possible values: [LDAP_AD, MGMT_UI, EXTERNAL]

    The type of user. A value of LDAP_AD means the user was synchronized from a directory. A value of MGMT_UI means the user was created in Identity as a Service. A value of EXTERNAL means the user was synchronized from an external source.

    userAliases

    object[]

    A list of user aliases for this user.

  • Array [

    • id string

    The UUID of this user alias set when the user alias is created.

    type string

    Possible values: [CUSTOM, DERIVED, USERID]

    The type of user alias. A value of USERID is used for an alias that will represent the actual user id value. A value of CUSTOM is used for aliases manually created by an administrator. A value of DERIVED is defined for future use and should not be used at this time.

    userId string

    The UUID of the user to which this user alias belongs.

    value string

    The value for the user alias.

  • ]

    • userAttributeValues

    object[]

    A list of user attribute values for this user.

  • Array [

    • editable boolean

    A flag indicating if this user attribute value can be modified.

    id string

    The UUID of this user attribute value set when the user attribute value is created.

    lastUpdate date-time

    The last time the attribute value was updated.

    userAttribute

    object

    Information about user attribute definitions.

    id string

    The UUID for this user attribute. Generated when the user attribute is created.

    mandatory booleanrequired

    A flag indicating if users must have a value for this user attribute.

    name stringrequired

    The name of this user attribute.

    systemDefined booleanrequired

    A flag indicating if this user attribute is one of the system defined user attributes.

    type string

    Possible values: [NONE, OTP_EMAIL, OTP_SMS, OTP_VOICE]

    Type of user attribute. Currently only used to specify the type of contact if the attribute is to be used for OTP delivery.

    unique booleanrequired

    A flag indicating if this attribute is intended to be unique.

    userAttributeId string

    The UUID of the user attribute that defines this user attribute value. The userAttributeId must be provided when creating or modifying a user attribute value.

    userId string

    The UUID of the user to which this user attribute value belongs.

    value string

    The value for the user attribute.

  • ]

    • userCreationTime date-time

    The time this user was created.

    userExtraAttributes

    object[]

    A list of extra optional attributes for this user.

  • Array [

    • id string

    The UUID of this extra user attribute.

    name string

    The name for the extra user attribute.

    type string

    Possible values: [NONE, OTP_EMAIL, OTP_SMS, OTP_VOICE]

    Type of custom user attribute.

    value string

    The value for the extra user attribute.

  • ]

    • userId string

    The user ID for this user.

    userPrincipalName string

    The user principal name of this user. This value may or may not be required depending on configuration.

    verificationEnabled boolean

    Indicates whether verification is enabled for this user.

    verificationRequired boolean

    Indicates whether verification is required. This attribute doesn't apply to administrators.

Loading...