User

akamai_iam_user

Create a new user and manage their data on the Akamai platform.

resource "akamai_iam_user" "my_user" {
  first_name      = "John"
  last_name       = "Smith"
  email           = "jsmith@email.com"
  country         = "USA"
  address         = "5th Avenue"
  city            = "New York"
  state           = "NY"
  zip_code        = "12345"
  phone           = "+19876543219"
  enable_tfa      = true
  contact_type    = "Business Decision Maker"
  job_title       = "Consultant"
  time_zone       = "America/New_York"
  session_timeout = 900
  auth_grants_json = jsonencode([
    {
      roleId  = 1234
      groupId = 123456
    },
    {
      roleId  = 9876
      groupId = 987654
    }
  ])
  lock = false
  user_notifications {
    api_client_credential_expiry_notification = false
    new_user_notification                     = true
    password_expiry                           = true
    proactive = [
      "Privacy",
      "Security"
    ]
    upgrade = [
      "NetStorage",
      "Privacy",
      "Security"
    ]
    enable_email_notifications = true
  }
}

Arguments

Send all required arguments to create or update a user.

Argument	Required	Description
`first_name`	✔	The user's first name.
`last_name`	✔	The user's surname.
`email`	✔	The user's email address.
`country`	✔	As part of the user's location, the value can be any that are available from the view-supported-countries operation.
`auth_grants_json`	✔	A user's per-group role assignments in JSON format. The user needs to have at least one group and role assigned. Run the view-roles operation to list all `role_ids` you can assign. Run the view-groups operation to list all `group_ids` you can assign.
`phone`		The user's phone number in `ITU-T E.164` format, `+country-code_area-code_subscriber-number`. For example, `+3551234567891` or `+441234567891`. For Canadian and US phone numbers, the country code is optional.
`enable_tfa`		Indicates whether two-factor authentication is configured. `true` enables two-factor authentication. `false` disables it.
`enable_mfa`		Indicates whether multi-factor authentication is configured. `true` enables multi-factor authentication. `false` disables it.
`contact_type`		To help characterize the user, the value can be any that are available from the view-contact-types operation.
`job_title`		The user's position at the company.
`time_zone`		The user's time zone. The default is GMT. The value can be any that are available from the view-time-zones operation.
`secondary_email`		The user's secondary email address.
`mobile_phone`		The user's mobile phone number in `ITU-T E.164` format, `+country-code_area-code_subscriber-number`. For example, `+3551234567891` or `+441234567891`. For Canadian and US phone numbers, the country code is optional.
`address`		The user's street address.
`city`		The city where the user is located.
`state`		The state where the user is located. The value can be any that are available from the view-states operation. If the user's state or province is unknown, use the `TBD` value.
`zip_code`		The user's postal code.
`preferred_language`		The user's language. The default is English. The value can be any that are available from the view-languages operation.
`session_timeout`		The number of seconds it takes for the user's Control Center session to time out if there hasn't been any activity. The default is `64800`. The value can be any that are available from the view-timeout-policies operation.
`lock`		Indicates whether to block a user account. `true` blocks the user account. `false` doesn't block it.
`password`		Sets a new password for the user.
`user_notifications`		Subscribes or unsubscribes users to product notification emails. Contains these notification settings: `password_expiry`. Required. Notify on an expiring password. `true` to notify. `enable_email_notifications`. Required. Whether to enable email notifications. `true` to enable. `proactive`. Required. The list of products the user gets notified about service issues. Run the View products for a user profile operation from the Identity and Access Management API to retrieve product names you can add here. Leave the list empty if you don't want to add any products. `upgrade`. Required. The list of products the user get notified about upgrades. Run the View products for a user profile operation from the Identity and Access Management API to retrieve the product names you can add here. Leave the list empty if you don't want to add any products. `api_client_credential_expiry_notification`. Notify on expiring API client credentials. Default is `false`. `new_user_notification`. Notify group administrator when the user creates new users. Default is `true`.

Attributes

There is no default standard output. Upon creation, the last line of the process log contains a success message with your newly created or updated user's ID.

Adding an output block returns the user details you provided on create along with the computed attributes.

Attribute	Description
`user_name`	The user's login ID. Typically, the user's email address.
`last_login`	The ISO 8601 timestamp indicating when the user last logged in.
`password_expired_after`	The date the user's password expires.
`tfa_configured`	Indicates whether two-factor authentication is configured. `true` means it's enabled.
`email_update_pending`	Indicates whether there're any pending changes to the email address. `true`. There're some pending changes. `false`. There aren't any.

Updated 6 months ago