Create a user

post https://{hostname}/identity-management/v3/user-admin/ui-identities

This operation creates a user, or clones an existing user's role assignments, in the account specified in your API client credentials. Optionally, sends a randomly generated one-time use password to the new user. If you send the email with the password directly to the user, the response for this operation doesn't include that password. If you don't send the password to the user through email, the password is included in the response.

Recipes

Create a user

Open Recipe

Clone a user

Open Recipe

Query Params

sendEmail

boolean

Defaults to true

Sends a one-time password to the new user, true by default.

accountSwitchKey

string

For customers who manage more than one account, this runs the operation from another account. The Identity and Access Management API provides a list of available account switch keys.

Body Params

additionalAuthentication

string

required

Specifies the user's multi-factor authentication method, confirming their identity. Either TFA, MFA, or NONE, which offers no additional authentication.

address

string

length ≥ 1

The user's street address.

authGrants

array

required

The user's role assignments, per group. You need to assign at least one role to a user, with only one role allowed for the user per group. Account level roles are optional. Provide either this or the cloneFrom.

authGrants*

city

string

length ≥ 1

The user's city.

cloneFrom

string

length ≥ 1

The username to clone a user's authGrants from. Provide either this or the authGrants.

contactType

string

length ≥ 1

User's contact type. To get the available values, run the View contact types operation.

country

string

required

length ≥ 1

User's country. To get the available values, run the View supported countries operation.

string

required

The user's email address. It needs to be a valid email address users can access, as they'll be sent a OTP to enter while logging in for the first time. To learn more, see Frequently asked questions.

firstName

string

required

length ≥ 1

The user's first name.

jobTitle

string

length ≥ 1

The user's position at the company.

lastName

string

required

length ≥ 1

The user's surname.

mobilePhone

string

length ≥ 1

The user's mobile phone number in ITU-T E.164 format, that is, +country code-area code-subscriber number. For example, +3551234567891 or +441234567891. For Canadian and US phone numbers, you can provide them with a country code (for example, +11234567891) or without it as a ten-digit integer within a string (for example, 1234567891).

notifications

object

Specifies email notifications the user receives for products.

phone

string

length ≥ 1

preferredLanguage

string

length ≥ 1

The user's language. To get the available values, run the View languages operation.

secondaryEmail

string

The user's alternate email address.

sessionTimeOut

integer

≥ 0

The number of seconds it takes for the user's Control Center session to time out after no activity. To get the available values, run the View timeout policies operation. Make sure to select a value that's equal or smaller to the Max session timeout value, set for your account in the Identity and Access Management interface's Settings tab.

state

string

length ≥ 1

The user's state or province if user's country is USA or Canada. To get the available values, run the View states for a user profile operation.

timeZone

string

length ≥ 1

The user's time zone. To get the available values, run the View time zones operation.

zipCode

string

length ≥ 1

The user's five-digit postal code, represented as a string.

Response

Response body

object

accountId

string

length ≥ 1

Unique identifier for each account.

actions

object

Specifies permissions available to the user for this group. This data is available when you specify the actions parameter of the same name.

delete

boolean

required

Whether the user is deletable.

apiClient

boolean

required

Enables the administrator to create an API client.

edit

boolean

required

Whether the user is editable.

isCloneable

boolean

required

Enables an administrator to create a new user with permissions cloned from this user.

resetPassword

boolean

required

Enables an administrator to send a user a password by email or see a one-time token.

thirdPartyAccess

boolean

required

Enables the administrator to manage extended access.

additionalAuthentication

string

required

Specifies the user's multi-factor authentication method, confirming their identity. Either TFA, MFA, or NONE, which offers no additional authentication.

TFA MFA NONE

additionalAuthenticationConfigured

boolean

required

Whether the user has multi-factor authentication configured.

address

string

required

length ≥ 1

The user's street address.

authGrants

array of objects

length ≥ 0

A user's role assignments, per group.

authGrants

object

groupId

integer

≥ 0

Unique identifier for each group. It's returned only for group roles.

groupName

string

length ≥ 1

Descriptive label for the group.

isBlocked

boolean

Whether a user's access to a group is blocked.

roleDescription

string

length ≥ 1

Descriptive label for the role to convey its use.

roleId

integer

required

≥ 1

Unique identifier for each role.

roleName

string

required

length ≥ 1

Descriptive label for the role.

subGroups

array of objects

length ≥ 0

Children of the parent group. Permissions cascade downward from parent to child unless the child group's isBlocked is true.

subGroups

object

city

string

length ≥ 1

The user's city.

contactType

string

length ≥ 1

User's contact type.

country

string

required

length ≥ 1

User's country.

string

required

The user's email address.

emailUpdatePending

boolean

Whether there are any pending changes to the email address.

firstName

string

required

length ≥ 1

The user's first name.

isLocked

boolean

Whether the user's account is locked. To learn more, see Temporary account lockout.

jobTitle

string

length ≥ 1

The user's position at the company.

lastLoginDate

date-time

ISO 8601 timestamp indicating when the user last logged in.

lastName

string

required

length ≥ 1

The user's surname.

mobilePhone

string

length ≥ 1

The user's mobile phone number in ITU-T E.164 format, that is, +country code-area code-subscriber number.

notifications

object

Specifies email notifications the user receives for products.

options

object

required

Specifies email notifications settings.

enableEmailNotifications

boolean

required

Enables email notifications.

passwordExpiryDate

date-time

The date a user's password expires.

phone

string

length ≥ 1

The user's mobile phone number in ITU-T E.164 format, that is, +country code-area code-subscriber number.

preferredLanguage

string

length ≥ 1

The user's language.

secondaryEmail

string

The user's alternate email address.

sessionTimeOut

integer

≥ 0

The number of seconds it takes for the user's Control Center session to time out after no activity.

state

string

length ≥ 1

The user's state or province if user's country is USA or Canada.

tfaConfigured

boolean

Whether TFA is configured.

tfaEnabled

boolean

Whether TFA is enabled.

timeZone

string

required

length ≥ 1

The user's time zone. To get the available values, run the View time zones operation.

uiIdentityId

string

required

length ≥ 1

Unique identifier for each user, which corresponds to their Control Center profile or client ID. Also known as a contactId in other APIs.

uiUserName

string

length ≥ 1

The user's username in Control Center.

zipCode

string

length ≥ 1

The user's five-digit postal code, represented as a string.

Headers

object

Location

string

A URL path to the newly created object.

Language

Authentication

Remember to add your authentication credentials to run this code.

URL


xxxxxxxxxx
1
curl --request POST \
2
     --url https://hostname/identity-management/v3/user-admin/ui-identities \
3
     --header 'accept: application/json' \
4
     --header 'content-type: application/json' \
5
     --data '
6
{
7
  "additionalAuthentication": "TFA"
8
}
9
'


xxxxxxxxxx
65
}
1
{
2
  "actions": {
3
    "delete": true,
4
    "apiClient": true,
5
    "edit": true,
6
    "isCloneable": true,
7
    "resetPassword": true,
8
    "thirdPartyAccess": false
9
  },
10
  "additionalAuthentication": "TFA",
11
  "additionalAuthenticationConfigured": false,
12
  "address": "first Street",
13
  "authGrants": [
14
    {
15
      "groupId": 12345,
16
      "groupName": "Main Street Corporation",
17
      "roleDescription": "Provides the maximum access to users.",
18
      "roleId": 3,
19
      "roleName": "Admin",
20
      "subGroups": [
21
        {
22
          "groupId": 54321,
23
          "groupName": "Internet Company",
24
          "subGroups": [
25
            {

201User or clone successfully created.