Users
User controllers
📄️ Synchronize a new user or an existing user
Synchronize a user. Caller requires the USERS:EDIT permission. An Identity as a Service directory must be configured and associated with an Identity as a Service Gateway 5.0 or later. If you unsynchronize a user using the unsync API, the user becomes locally managed. In order to set the user back to an AD Sync user, the user should be synchronized again using this API. Using an AD Sync crawl will only re-synchronize the user if the user is updated in AD (i.e., the user's last update time in AD is updated) or a new custom user attribute mapping is added for the directory (this resets The last update time for all users such that all AD users will be re-synchronlized).<br/><br/>The following response status attribute values are possible: <ul><li>CONVERTED: the locally managed Identity as a Service user was converted into an AD Sync user.</li><li>CREATED: a new user was created as an AD Sync user.</li><li>DELETED: the user was not found in AD and has been deleted in Identity as a Service.</li><li>LOCALIZED_ENABLED: the user was not found in AD and has been set as locally managed and enabled in Identity as a Service.</li><li>LOCALIZED_DISABLED: the user was not found in AD and has been set as locally managed and disabled in Identity as a Service.</li><li>UPDATED: the user was synchronized.</li></ul>
📄️ Unsynchronize an existing user
Unsynchronize a user. Caller requires the USERS:EDIT permission. An Identity as a Service directory must be configured and associated with an Identity as a Service Gateway 5.0 or later. If you unsynchronize a user using this API, the user becomes locally managed. In order to set the user back to an AD Sync user, the user should be synchronized again using the sync API. Using an AD Sync crawl will only re-synchronize the user if the user is updated in AD (i.e., the user's last update time in AD is updated) or a new custom user attribute mapping is added for the directory (this resets the last update time for all users such that all AD users will be re-synchronlized).
📄️ Update user state
Update the state of the specified user. Caller requires the USERS:EDIT permission.
📄️ Unlock user
Unlock the specified user. Caller requires the USERS:EDIT permission.
📄️ Create and get the Magic Link for a user
Create and get the Magic Link for the specified user. Caller requires the MAGICLINKS:ADD permission.
📄️ Delete the Magic Link for a given user
Delete the Magic Link for the specified user. Caller requires the MAGICLINKS:REMOVE permission.
📄️ Modify user organization membership
Modify the list of organizations assigned to a specified user. Caller requires the USERS:EDIT permission.
📄️ Create a user
Create a user. Caller requires the USERS:ADD permission.
📄️ Get a user by externalId
Get the user with the specified externalId.
📄️ Update multiple users
Update multiple users. Caller requires the USERS:EDIT permission.
📄️ Create multiple users
Create multiple users. Caller requires the USERS:ADD permission.
📄️ Delete multiple users
Delete multiple users. Caller requires the USERS:REMOVE permission.
📄️ Get a user by userid or user alias
Get the specified user by userid or user alias.
📄️ Get a user by UUID
Get the specified user by UUID.
📄️ Update a user
Update the specified user. Caller requires the USERS:EDIT permission.
📄️ Delete a user
Delete the specified user. Caller requires the USERS:REMOVE permission.
📄️ Lists a page of users
Returns users for the provided search parameters. Caller requires the USERS:VIEW permission. The following searchByAttributes are supported: <ul><li>userId: a String value (it matches both the User ID or any alias). Allowed operators are: EQUALS, NOT_EQUALS, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH. </li><li>groupId: a String value should be a UUID of an existing group. Allowed operator: EQUALS. </li><li>roleId: a String value should be a UUID of an existing role. Allowed operator: EQUALS. </li><li>authenticator: a String with value ENTRUST_SOFT_TOKEN or FIDO or GOOGLE_AUTHENTICATOR or GRID or HARDWARE_TOKEN or KBA or OTP or PASSWORD or SMARTCREDENTIALPUSH or TEMP_ACCESS_CODE or FACE. Allowed operator: EQUALS, NOT_EQUALS. </li><li>state: ACTIVE or INACTIVE. Allowed operator: EQUALS. </li><li>locked: 'true' is the only value allowed. Allowed operator: EQUALS. </li><li>userType: a String with value LOCAL or SYNC or EXTERNAL. Allowed operator: EQUALS. </li><li>registrationRequired: true or false. Allowed operator: EQUALS. </li><li>verificationRequired: true or false. Allowed operator: EQUALS. </li><li>lastAuthTime: a String value representing an ISO-8601 date in UTC time (e.g., 2018-08-04T18:15:30). Allowed operators are: GREATER_THAN, GREATER_THAN_OR_EQUAL, LESS_THAN, LESS_THAN_OR_EQUAL, EXISTS, NOT_EXISTS.</li><li>passwordExpirationTime: a String value representing an ISO-8601 date in UTC time (e.g., 2018-08-04T18:15:30). Allowed operators are: GREATER_THAN, GREATER_THAN_OR_EQUAL, LESS_THAN, LESS_THAN_OR_EQUAL, EXISTS, NOT_EXISTS.</li><li>organizationId: a String value should be a UUID of an existing organization. Allowed operator: EQUALS. </li></ul>If you provide more than one search attribute, they are joined with an AND condition.<br/><br/>The orderByAttribute supports these attribute names: userId, state, lastAuthTime.<br/><br/>The following attributes can be optionally included in the returned User object: grids, tokens, smartCredentials, tempAccessCode, fidoTokens, userAttributeValues, userAliases, groups, oauthRoles, authenticatorLockoutStatus, organizations