Skip to main content
Version: 4.18.1

Create User

Create User is used to add a new user in the mID Provider (IAM). The function records the username and email information and allows user specific actions to be set for the initial login. A list of pre-defined user attributes can be added as well, as per the user preference.

Resource Informations

Requires authentication?Yes
Rate limited?No


Request headers

AuthorizationBearer token

HTTP request URL for SSMS

POST https://{tenantId}.{hostname}/digitanium/v4/users

HTTP request URL for SHIFT

POST https://{hostname}/auth/realms/{tenantId}/v3_user

API requests must be made over https. Calls made over plain http will fail.


No parameter fields are required.

Request body (* Required)

Field NameTypeDescription
attributesListBased on the user requirement the user attributes can be updated. User can add any customized attribute in form of key value pair. Refer Attributes Representation for details.
credentialsArray of Credential representationsUser credentials. Refer credential representation for details.
RequiredActionsList(String)List the actions which need to be performed during initial login. Refer Required Actions to know the supported actions.
EnabledBooleanEnable user. Per Default false
* usernameStringUnique username of the user
firstNameStringFirst name of user
lastNameStringLast name of user
emailStringUnique email corresponding to the user
ClientRolesListConfigure the client roles for which the actions need to be performed by the user. Note: Using the composite role suffice in the request body, which gets all the sub roles available for it.
realmRolesListConfigure the realm roles for which the actions need to be performed by the user.

mID Provider supports these special characters in Username $@(.)-*_[]~!&+ . Usage of any other special characters or symbols are not supported.

Credential representation

Field NameTypeDescription
valueStringPassword data.
temporarybooleanEnable temporary, default true.
typeStringSet type as password.

Attributes Representation

Field NameTypeDescription
digitaniumUserIdDeleteBooleanWhen user already exist and set to "true", user will be deleted including all his 2fa devices. Per default false (Hidden Attribute).
digitaniumUserIdOnboardingTypeStringletter or onscreen: letter - when user is not activated, does not have any active 2FA devices, login webpage shows instructions how to activate user.

onscreen - when user is not activated, does not have any active 2FA devices, login webpage shows instructions and directly activation code. This method should only be combined with username password authentication.
digitaniumActivationCodeStringThe code which is required to register an user 2FA device. The ActivationCode will entered manually (Example: 10101010). If empty it will be auto generated, based on system configuration (Hidden Attribute). Note: To produce digitaniumActivationCode, the value of digitaniumCreateActivation must be set to true.
digitaniumActivationValidityStringThe Activationcode validity in epoch time, in seconds (Hidden Attribute).
digitaniumClearActivationBooleanDelete all old activation codes before creating new one. Per default false (Hidden Attribute).
digitaniumActivationSecretBooleanStore activation code encrypted in database and not visible for Admin and other operators. Per default false (Hidden Attribute).
digitaniumCreateActivationBooleanSet true to create activation code to the user. Default value is True.
groupsStringTo add the user for a praticular group while creating a user.

On activation code creation, the parameters digitaniumActivationValidity and digitaniumActivationSecret will be set.


Hidden Attribute - Even admin won't be able to view it.

Sample Request

"attributes": {
"digitaniumUserIdDelete" : false,
"digitaniumUserIdOnboardingType" : "onscreen",
"digitaniumUserId" : "",
"digitaniumActivationCode": "10101010",
"digitaniumActivationValidity": "",
"digitaniumClearActivation" : true,
"digitaniumActivationSecret" : false,
"digitaniumCreateActivation": true,
"username" : "username",
"groups": ["ks-users"]

"credentials": [{
"value": "123",
"temporary": false,
"type": "password"
"enabled": true,
"username": "ngk",
"firstName": "first",
"lastName": "last",
"email": "",
"clientRoles": {
"client_Name": ["client_role1", "client_role2", "client_role3", "client_role4"]
"realmRoles": ["realm_role1", "realm_role2"]



Field NameTypeDescription
messageStringMessage explains result of the API call. Refer Response status Information for details.
statusStringThe status of the API call. Refer Response status Information for details.
subSystemIntegersubSystem categorizes the type of API that has been called. Refer Subsystem details for details.

Sample Response

"subSystem": 5,
"status": "OK",
"message": "User created successfully"

Response Status Information

Status CodeStatusMessage
202AcceptedUser created successfully.
400BAD_REQUESTUsername should not be null or empty
401UnauthorizedHTTP 401 Unauthorized