Create a user

This operation creates a user, or clones an existing user's role assignments, in the account specified in your API client credentials. Optionally, sends a randomly generated one-time use password to the new user. If you send the email with the password directly to the user, the response for this operation doesn't include that password. If you don't send the password to the user through email, the password is included in the response.

Recipes
Create a user
Open Recipe
Clone a user
Open Recipe
Query Params
boolean
Defaults to true

Sends a one-time password to the new user, true by default.

string

For customers who manage more than one account, this runs the operation from another account. The Identity and Access Management API provides a list of available account switch keys.

Body Params
string
required

Specifies the user's multi-factor authentication method, confirming their identity. Either TFA, MFA, or NONE, which offers no additional authentication.

string
length ≥ 1

The user's street address.

authGrants
array
required

The user's role assignments, per group. You need to assign at least one role to a user, with only one role allowed for the user per group. Account level roles are optional. Provide either this or the cloneFrom.

authGrants*
string
length ≥ 1

The user's city.

string
length ≥ 1

The username to clone a user's authGrants from. Provide either this or the authGrants.

string
length ≥ 1

User's contact type. To get the available values, run the View contact types operation.

string
required
length ≥ 1

User's country. To get the available values, run the View supported countries operation.

string
required

The user's email address. It needs to be a valid email address users can access, as they'll be sent a OTP to enter while logging in for the first time. To learn more, see Frequently asked questions.

string
required
length ≥ 1

The user's first name.

string
length ≥ 1

The user's position at the company.

string
required
length ≥ 1

The user's surname.

string
length ≥ 1

The user's mobile phone number in ITU-T E.164 format, that is, +country code-area code-subscriber number. For example, +3551234567891 or +441234567891. For Canadian and US phone numbers, you can provide them with a country code (for example, +11234567891) or without it as a ten-digit integer within a string (for example, 1234567891).

notifications
object

Specifies email notifications the user receives for products.

string
length ≥ 1

The user's mobile phone number in ITU-T E.164 format, that is, +country code-area code-subscriber number. For example, +3551234567891 or +441234567891. For Canadian and US phone numbers, you can provide them with a country code (for example, +11234567891) or without it as a ten-digit integer within a string (for example, 1234567891).

string
length ≥ 1

The user's language. To get the available values, run the View languages operation.

string

The user's alternate email address.

integer
≥ 0

The number of seconds it takes for the user's Control Center session to time out after no activity. To get the available values, run the View timeout policies operation. Make sure to select a value that's equal or smaller to the Max session timeout value, set for your account in the Identity and Access Management interface's Settings tab.

string
length ≥ 1

The user's state or province if user's country is USA or Canada. To get the available values, run the View states for a user profile operation.

string
length ≥ 1

The user's time zone. To get the available values, run the View time zones operation.

string
length ≥ 1

The user's five-digit postal code, represented as a string.

Response

Response body
object
string
length ≥ 1

Unique identifier for each account.

actions
object

Specifies permissions available to the user for this group. This data is available when you specify the actions parameter of the same name.

boolean
required

Whether the user is deletable.

boolean
required

Enables the administrator to create an API client.

boolean
required

Whether the user is editable.

boolean
required

Enables an administrator to create a new user with permissions cloned from this user.

boolean
required

Enables an administrator to send a user a password by email or see a one-time token.

boolean
required

Enables the administrator to manage extended access.

string
required

Specifies the user's multi-factor authentication method, confirming their identity. Either TFA, MFA, or NONE, which offers no additional authentication.

TFA MFA NONE

boolean
required

Whether the user has multi-factor authentication configured.

string
required
length ≥ 1

The user's street address.

authGrants
array of objects
length ≥ 0

A user's role assignments, per group.

authGrants
object
integer
≥ 0

Unique identifier for each group. It's returned only for group roles.

string
length ≥ 1

Descriptive label for the group.

boolean

Whether a user's access to a group is blocked.

string
length ≥ 1

Descriptive label for the role to convey its use.

integer
required
≥ 1

Unique identifier for each role.

string
required
length ≥ 1

Descriptive label for the role.

subGroups
array of objects
length ≥ 0

Children of the parent group. Permissions cascade downward from parent to child unless the child group's isBlocked is true.

subGroups
object
string
length ≥ 1

The user's city.

string
length ≥ 1

User's contact type.

string
required
length ≥ 1

User's country.

string
required

The user's email address.

boolean

Whether there are any pending changes to the email address.

string
required
length ≥ 1

The user's first name.

boolean

Whether the user's account is locked. To learn more, see Temporary account lockout.

string
length ≥ 1

The user's position at the company.

date-time

ISO 8601 timestamp indicating when the user last logged in.

string
required
length ≥ 1

The user's surname.

string
length ≥ 1

The user's mobile phone number in ITU-T E.164 format, that is, +country code-area code-subscriber number.

notifications
object

Specifies email notifications the user receives for products.

options
object
required

Specifies email notifications settings.

boolean
required

Enables email notifications.

date-time

The date a user's password expires.

string
length ≥ 1

The user's mobile phone number in ITU-T E.164 format, that is, +country code-area code-subscriber number.

string
length ≥ 1

The user's language.

string

The user's alternate email address.

integer
≥ 0

The number of seconds it takes for the user's Control Center session to time out after no activity.

string
length ≥ 1

The user's state or province if user's country is USA or Canada.

boolean

Whether TFA is configured.

boolean

Whether TFA is enabled.

string
required
length ≥ 1

The user's time zone. To get the available values, run the View time zones operation.

string
required
length ≥ 1

Unique identifier for each user, which corresponds to their Control Center profile or client ID. Also known as a contactId in other APIs.

string
length ≥ 1

The user's username in Control Center.

string
length ≥ 1

The user's five-digit postal code, represented as a string.

Headers
object
string

A URL path to the newly created object.

Language
Authentication
URL