A user is a child object of a domain or unit. A user belongs to a domain or unit, and only one domain or unit only. A user can belong to many groups, however. In a way, a group can be seen as one of the parents of a user.
Attributes
Attribute | type | values | default | mandate | comment |
firstName | string | true | |||
lastName | string | true | |||
loginName | string | true | |||
password | string | true | |||
string | false | ||||
mobile | string | ||||
string | |||||
telephone | string | ||||
canonicalName | string | ||||
userPrincipalName | string | ||||
personalEmail | string | ||||
personalTelephone | string | ||||
personalTwitter | string | ||||
personalMobile | string | ||||
userLocale | string | ||||
status | string | INACTIVE, | ACTIVE | ||
description | string | false | |||
domain | object | true | the domain it belongs to | ||
unit | object | false | The parent unit | ||
groups | coll | false | Associated groups | ||
roles | coll | false | Assigned roles | ||
tokens | coll | false | Assigned tokens | ||
tokenAssignments | coll | ||||
tempPasses | Coll<TempPass> | false | |||
qnas | coll | false | |||
siteStamps | coll | false | |||
images | coll | false | |||
certificates | Coll<UserCertificate> | ||||
lastLogin | date | ||||
radiusAttributes | coll | ||||
failCount | integer | 0 | |||
mustChangePassword | Boolean | False | |||
passwordNeverExpires | Boolean | False | |||
lastChangePassword | date |
UserCertificate attributes
Attribute | type | values | default | mandate | comment |
subjectDn | string | readOnly | |||
serialNumber | integer | readOnly | |||
signature | string | readOnly | |||
issuerDn | string | readOnly | |||
startDate | date | readOnly | |||
expiryDate | date | readOnly | |||
certificatePem | string | readOnly |
/user/create
To create a new user, we must specify the name of the user and its parent: either a domain or a unit. On success, the method always returns the internal user id of the newly created user.
{ "attrs": { "domain.id": "parent domain id", "loginName": "the login name", "password": "the password", "email": "the email", ... } }
{ "error":0, "result":{"id":"the id of the newly created user"} }
/user/search
Examples:
Note: in the following examples, you can use any "searchable" attributes in user as the match condition, not only the attributes in the example.
e.g.
["loginName", "=", "john"]
or
["email", "=", "john@acme.com"]
Search users in a domain
Parameters{ "match": [ [domain.id", "=", "domain id 1"], ["lastName", "=", "Smith"] ], "return":["id", "loginName", "email"], "sort":"loginName", "order":"asc", "max": 20, "offset": 0 }
Response{ "error":0, "result": { "total": 20, "rows": [ { "id":"user id 1", "loginName":"John Smith", "email": "john.smith@acme.com" }, { "id":"user id 2", "loginName":"Alice Smith", "email": "alice.smith@acme.com" }, ... ] } }
Search users in a unit
Parameters{ "match": [ [unit.id", "=", "unit id 1"], ], "return":["id", "loginName", "email"], "sort":"loginName", "order":"asc", "max": 20, "offset": 0 }
Response{ "error":0, "result": { "total": 20, "rows": [ { "id":"user id 1", "loginName":"John Smith", "email": "john.smith@acme.com" }, { "id":"user id 3", "loginName":"Bob Smith", "email": "bob.smith@acme.com" }, ... ] } }
Search users in a group
Parameters{ "match": [ [group.id", "=", "group id 1"], ], "return":["id", "loginName", "email"], "sort":"loginName", "order":"asc", "max": 20, "offset": 0 }
Response{ "error":0, "result": { "total": 20, "rows": [ { "id":"user id 1", "loginName":"John Smith", "email": "john.smith@acme.com" }, { "id":"user id 2", "loginName":"Alice Smith", "email": "alice.smith@acme.com" }, ... ] } }
/user/get
Method: /user/get
{ "match": [ [domain.id", "=", "domain id 1"], [id", "=", "user id 1"] // or ["loginName", "=", "john"] etc, any searchable user attributes can be used as the match condition ], "return":["id", "loginName", "email"] }
{ "error":0, "result": { "id":"user id 1", "loginName":"John Smith", "email": "john.smith@acme.com" } }
/user/set
Method:/user/set
{ "id":"user id 1", "attrs": {"email": "john.smith@acme.com"} }
{ "error":0 }
/user/disable
Method:/user/disable
{ "id":"user id 1" }
{ "error":0 }
/user/enable
Method:/user/enable
{ "id":"user id", "authorizationCode": "Authorization Code" }
{ "error":0 }
/user/delete
Method:/user/delete
{ "id":"user id 1" }
{ "error":0 }
/user/joinGroup
Method: /user/joinGroup
{ "user":{"id":1}, "groups": [ {"id":"id1"}, {"id":"id2"} ], "action":"join | unjoin" }
{ "error":0 }
/user/assignToken
Method: /user/assignToken
Assign an existing token
{ "user":{"id":"user id 1"}, "token: { "id":"token 5", "product.manufactureCode":mc, "product.productCode":pc, "serial":xxx, }, "credential": // optional { "otp": "xxxx" }, "autoAssign":true|false, "action":"assign | unassign", "isOwner":true | false, "starts":xxx, "expires":xxx, "usageLimit":50, "status":"active | inactive | disabled", "pin":"the token pin" }
{ "error":0, "id":"tokenAssignmentId" }
/user/resetPassword
Method: /user/resetPassword
{ "user":{"id":"user id 1"}, "attrs": { "password":"new password", "userMustChangePassword":true|false } }
{ "error":0 }
/user/getMessageTemplate
Examples:
Method:/user/getMessageTemplate
{ "user":{"id":"user id 1"}, "templateItemName":"SMTP_OTP" }
{ "error":0, "result":"template in json string" }
/user/ listProvisioningUrls
{ "user":{"id":"user id 1"} }
{ "error":0, "result": { "total": 2, "rows": [ "http://provioning.deepnetsecurity.local:8072", "http://provioning2.deepnetsecurity.local:8073" ] } }
/user/import
This method is a task running in the background
Examples:
Method:/user/import
{ "attrs": { "format":"csv or xml", "data":"...", "charset":"UTF-8"// optional } }
{ "error":0 }
/user/issueCertificate
Method:/user/issueCertificate
{ "user":{"id":"user id 1"}, "csr":"csr data", "return": [ "id", "subjectDn" ] }
{ "error":0, "result": { "id": "cert id", "subjectDn": "the subject dn" } }
/user/importCertificate
Method:/user/importCertificate
{ "user":{"id":"user id 1"}, "certificate": { "data":"data in PEM format" }, "return": [ "id", "subjectDn" ] }
{ "error":0, "result": { "id": "cert id", "subjectDn": "the subject dn" } }
/user/deleteCertificate
Method:/user/deleteCertificate
{ "user":{"id":"user id 1"}, "certificate": { "id":"cert id" } }
{ "error":0 }
/user/getPolicy
Method: /user/getPolicy
{ "user":{"id":"user id 1"}, "category": { "name":"logon" }, "return":["name", "id","options"] }
{ "error":0, "result": { "id": "policy id", "name: "policy name", "options": "options" } }