Create User
Create User is used to add a new user in the mID Provider (IAM). The function records the username and email information and allows user specific actions to be set for the initial login. A list of pre-defined user attributes can be added as well, as per the user preference.
Resource Informations
| Name | Value |
|---|---|
| Requires authentication? | Yes |
| Rate limited? | No |
Request
Request headers
| Key | Value |
|---|---|
| Authorization | Bearer token |
| Content-Type | application/json |
HTTP request URL for SSMS
POST https://{tenantId}.{hostname}/digitanium/v4/users
HTTP request URL for SHIFT
POST https://{hostname}/auth/realms/{tenantId}/v3_user
note
API requests must be made over https. Calls made over plain http will fail.
Parameters
No parameter fields are required.
Request body (Required)
| Field Name | Type | Description |
|---|---|---|
| attributes | List | Based on the user requirement the user attributes can be updated. User can add any customized attribute in form of key value pair. Refer Attributes Representation for details. |
| credentials | Array of Credential representations | User credentials. Refer credential representation for details. |
| RequiredActions | List(String) | List the actions which need to be performed during initial login. Refer Required Actions to know the supported actions. |
| Enabled | Boolean | Enable user. Per Default false |
| username (Required) | String | Unique username of the user |
| firstName | String | First name of user |
| lastName | String | Last name of user |
| String | Unique email corresponding to the user | |
| ClientRoles | List | Configure the client roles for which the actions need to be performed by the user. Note: Using the composite role suffice in the request body, which gets all the sub roles available for it. |
| realmRoles | List | Configure the realm roles for which the actions need to be performed by the user. |
note
mID Provider supports these special characters in Username $@(.)-*_[]~!&+ . Usage of any other special characters or symbols are not supported.
Credential representation
| Field Name | Type | Description |
|---|---|---|
| value | String | Password data. |
| temporary | boolean | Enable temporary, default true. |
| type | String | Set type as password. |
Attributes Representation
| Field Name | Type | Description |
|---|---|---|
| digitaniumUserIdDelete | Boolean | When user already exist and set to "true", user will be deleted including all his 2fa devices. Per default false (Hidden Attribute). |
| digitaniumUserIdOnboardingType | String | letter or onscreen: letter - when user is not activated, does not have any active 2FA devices, login webpage shows instructions how to activate user.onscreen - when user is not activated, does not have any active 2FA devices, login webpage shows instructions and directly activation code. This method should only be combined with username password authentication. |
| digitaniumActivationCode | String | The code which is required to register an user 2FA device. The ActivationCode will entered manually (Example: 10101010). If empty it will be auto generated, based on system configuration (Hidden Attribute). Note: To produce digitaniumActivationCode, the value of digitaniumCreateActivation must be set to true. |
| digitaniumActivationValidity | String | The Activationcode validity in epoch time, in seconds (Hidden Attribute). |
| digitaniumClearActivation | Boolean | Delete all old activation codes before creating new one. Per default false (Hidden Attribute). |
| digitaniumActivationSecret | Boolean | Store activation code encrypted in database and not visible for Admin and other operators. Per default false (Hidden Attribute). |
| digitaniumCreateActivation | Boolean | Set true to create activation code to the user. Default value is True. |
| groups | String | To add the user for a praticular group while creating a user. |
important
On activation code creation, the parameters digitaniumActivationValidity and digitaniumActivationSecret will be set.
note
Hidden Attribute - Even admin won't be able to view it.
Sample Request
{
"attributes": {
"digitaniumUserIdDelete" : false,
"digitaniumUserIdOnboardingType" : "onscreen",
"digitaniumUserId" : "",
"digitaniumActivationCode": "10101010",
"digitaniumActivationValidity": "",
"digitaniumClearActivation" : true,
"digitaniumActivationSecret" : false,
"digitaniumCreateActivation": true,
"username" : "username",
"groups": ["ks-users"]
},
"credentials": [{
"value": "123",
"temporary": false,
"type": "password"
}],
"enabled": true,
"username": "ngk",
"firstName": "first",
"lastName": "last",
"email": "aaa@aaa.com",
"clientRoles": {
"client_Name": ["client_role1", "client_role2", "client_role3", "client_role4"]
},
"realmRoles": ["realm_role1", "realm_role2"]
}
Response
| Field Name | Type | Description |
|---|---|---|
| message | String | Message explains result of the API call. Refer Response status Information for details. |
| status | String | The status of the API call. Refer Response status Information for details. |
| subSystem | Integer | subSystem categorizes the type of API that has been called. Refer Subsystem details for details. |
Sample Response
{
"subSystem": 5,
"status": "OK",
"message": "User created successfully"
}
Response Status Information
| Status Code | Status | Message |
|---|---|---|
| 202 | Accepted | User created successfully. |
| 400 | BAD_REQUEST | Username should not be null or empty |
| 401 | Unauthorized | HTTP 401 Unauthorized |