| Table of Contents |
|---|
A user is a child object of a domain or unit. A user belongs to a domain or unit, and only one domain or unit only. A user can belong to many groups, however. In a way, a group can be seen as one of the parents of a user.
| Anchor | ||||
|---|---|---|---|---|
|
Attribute | type | values | default | mandate | comment | |||||||||||||||||||||||||||||||||||||||||||||
namefirstName | string | true | ||||||||||||||||||||||||||||||||||||||||||||||||
lastName | attribute istring | falsetrue | ||||||||||||||||||||||||||||||||||||||||||||||||
statusloginName | string | INACTIVE, trueACTIVE, | ||||||||||||||||||||||||||||||||||||||||||||||||
password | LOCKED, stringDISABLED | true | ||||||||||||||||||||||||||||||||||||||||||||||||
ACTIVEemail | description | string | false | |||||||||||||||||||||||||||||||||||||||||||||||
domainmobile | objectstring | true | the domain it belongs to | unit | object | false | The parent unit | groups | coll | false | Associated groups | roles | coll | false | Assigned roles | tokens | coll | false | Assigned tokens | tokenAssignments | coll | tempPasses | Coll<TempPass> | false | qnas | coll | false | siteStamps | coll | false | images | coll | false | certificates | Coll<UserCertificate> | lastLogin | date | radiusAttributes | coll | failCount | integer | 0 | mustChangePassword | Boolean | False | passwordNeverExpires | Boolean | False | lastChangePassword | date |
...
Attribute
...
type
...
values
...
default
...
mandate
...
comment
...
subjectDn
...
string
...
readOnly
...
serialNumber
...
integer
...
readOnly
...
signature
...
string
...
readOnly
...
issuerDn
...
string
...
readOnly
...
startDate
...
date
...
readOnly
...
expiryDate
...
date
...
readOnly
...
certificatePem
...
string
...
readOnly
...
string | |||||
telephone | string | ||||
canonicalName | string | ||||
userPrincipalName | string | ||||
personalEmail | string | ||||
personalTelephone | string | ||||
personalTwitter | string | ||||
personalMobile | string | ||||
| userLocale | string | ||||
status | string | INACTIVE, | ACTIVE | ||
description | string | false | |||
domain | object | true | the domain it belongs to | ||
unit | object | false | The parent unit | ||
groups | coll | false | Associated groups | ||
roles | coll | false | Assigned roles | ||
tokens | coll | false | Assigned tokens | ||
tokenAssignments | coll | ||||
tempPasses | Coll<TempPass> | false | |||
qnas | coll | false | |||
siteStamps | coll | false | |||
images | coll | false | |||
certificates | Coll<UserCertificate> | ||||
lastLogin | date | ||||
radiusAttributes | coll | ||||
failCount | integer | 0 | |||
mustChangePassword | Boolean | False | |||
passwordNeverExpires | Boolean | False | |||
lastChangePassword | date |
| Anchor | ||||
|---|---|---|---|---|
|
Attribute | type | values | default | mandate | comment |
subjectDn | string | readOnly | |||
serialNumber | integer | readOnly | |||
signature | string | readOnly | |||
issuerDn | string | readOnly | |||
startDate | date | readOnly | |||
expiryDate | date | readOnly | |||
certificatePem | string | readOnly |
| Anchor | ||||
|---|---|---|---|---|
|
To create a new user, we must specify the name of the user and its parent: either a domain or a unit. On success, the method always returns the internal user id of the newly created user.
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"attrs":
{
"domain.id": "parent domain id",
"loginName": "the login name",
"password": "the password",
"email": "the email",
...
}
} |
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"error":0,
"result":{"id":"the id of the newly created user"}
} |
| Anchor | ||||
|---|---|---|---|---|
|
| Anchor | ||||
|---|---|---|---|---|
|
Examples:
Note: in the following examples, you can use any "searchable" attributes in user as the match condition, not only the attributes in the example.
e.g.
["loginName", "=", "john"]
or
["email", "=", "john@acme.com"]
Search users in a domain
Code Block language js title Parameters { "match": [ [domain.id", "=", "domain id 1"], ["lastName", "=", "Smith"] ], "return":["id", "loginName", "email"], "sort":"loginName", "order":"asc", "max": 20, "offset": 0 }Code Block language js title Response { "error":0, "result": { "total": 20, "rows": [ { "id":"user id 1", "loginName":"John Smith", "email": "john.smith@acme.com" }, { "id":"user id 2", "loginName":"Alice Smith", "email": "alice.smith@acme.com" }, ... ] } }Search users in a unit
Code Block language js title Parameters { "match": [ [unit.id", "=", "unit id 1"], ], "return":["id", "loginName", "email"], "sort":"loginName", "order":"asc", "max": 20, "offset": 0 }Code Block language js title Response { "error":0, "result": { "total": 20, "rows": [ { "id":"user id 1", "loginName":"John Smith", "email": "john.smith@acme.com" }, { "id":"user id 3", "loginName":"Bob Smith", "email": "bob.smith@acme.com" }, ... ] } }Search users in a group
Code Block language js title Parameters { "match": [ [group.id", "=", "group id 1"], ], "return":["id", "loginName", "email"], "sort":"loginName", "order":"asc", "max": 20, "offset": 0 }Code Block language js title Response { "error":0, "result": { "total": 20, "rows": [ { "id":"user id 1", "loginName":"John Smith", "email": "john.smith@acme.com" }, { "id":"user id 2", "loginName":"Alice Smith", "email": "alice.smith@acme.com" }, ... ] } }
| Anchor | ||||
|---|---|---|---|---|
|
Method: /user/get
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"match":
[
[domain.id", "=", "domain id 1"],
[id", "=", "user id 1"] // or ["loginName", "=", "john"] etc, any searchable user attributes can be used as the match condition
],
"return":["id", "loginName", "email"] |
To create a new user, we must specify the name of the user and its parent: either a domain or a unit. On success, the method always returns the internal user id of the newly created user.
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"attrs":
{
"domain.id": "parent domain id",
"loginName": "the login name",
"password": "the password",
"email": "the email",
...
}
} |
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"error":0,
"result":
{
"id":"the id of the newly created user"user id 1",
"loginName":"John Smith",
"email": "john.smith@acme.com"
}
} |
| Anchor | ||||
|---|---|---|---|---|
|
...
set
...
Method:/user/
...
set
...
| Code Block |
|---|
...
|
...
| |||
{
"id":"user id 1",
"attrs": {"email": "john.smith@acme.com"}
} |
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"error":0
} |
| Anchor | ||||
|---|---|---|---|---|
|
Method:/user/disable
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"id":"user id 1"
} |
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"error":0
} |
| Anchor | ||||
|---|---|---|---|---|
|
Method:/user/enable
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"id":"user id",
"authorizationCode": "Authorization Code"
} |
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"error":0
} |
| Anchor | ||||
|---|---|---|---|---|
|
Method:/user/delete
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"id":"user id 1"
} |
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"error":0
} |
| Anchor | ||||
|---|---|---|---|---|
|
Method: /user/joinGroup
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"user":{"id":1},
"groups":
[
{"id":"id1"},
{"id":"id2"}
],
"action":"join | unjoin"
} |
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"error":0
} |
| Anchor | ||||
|---|---|---|---|---|
|
Method: /user/assignToken
Assign an existing token
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"user":{"id":"user id 1"},
"token:
{
"id":"token 5",
"product.manufactureCode":mc,
"product.productCode":pc,
"serial":xxx,
},
"credential": // optional
{
"otp": "xxxx"
},
"autoAssign":true|false,
"action":"assign | unassign",
"isOwner":true | false,
"starts":xxx,
"expires":xxx,
"usageLimit":50,
"status":"active | inactive | disabled",
"pin":"the token pin"
} |
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"error":0,
"id":"tokenAssignmentId"
} |
| Anchor | ||||
|---|---|---|---|---|
|
Method: /user/resetPassword
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"user":{"id":"user id 1"},
"attrs":
{
"password":"new password",
"userMustChangePassword":true|false
}
} |
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"error":0
} |
| Anchor | ||||
|---|---|---|---|---|
|
Examples:
Method:/user/getMessageTemplate
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"user":{"id":"user id 1"},
"templateItemName":"SMTP_OTP"
} |
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"error":0,
"result":"template in json string"
} |
| Anchor | ||||
|---|---|---|---|---|
|
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"user":{"id":"user id 1"}
} |
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"error":0,
"result":
{
"total": 2,
"rows":
[
"http://provioning.deepnetsecurity.local:8072",
"http://provioning2.deepnetsecurity.local:8073"
]
}
} |
| Anchor | ||||
|---|---|---|---|---|
|
This method is a task running in the background
Examples:
Method:/user/import
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"attrs":
{
"format":"csv or xml",
"data":"...",
"charset":"UTF-8"// optional
}
} |
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"error":0
} |
| Anchor | ||||
|---|---|---|---|---|
|
Method:/user/issueCertificate
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"user":{"id":"user id 1"},
"csr":"csr data",
"return":
[
"id", "subjectDn"
]
} |
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"error":0,
"result":
{
"id": "cert id",
"subjectDn": "the subject dn"
}
} |
| Anchor | ||||
|---|---|---|---|---|
|
Method:/user/importCertificate
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"user":{"id":"user id 1"},
"certificate":
{
"data":"data in PEM format"
},
"return":
[
"id", "subjectDn"
]
} |
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"error":0,
"result":
{
"id": "cert id",
"subjectDn": "the subject dn"
}
|
Examples:
- Search users in a domain
| Wiki Markup |
|---|
Method:/user/search
Parameters:
\{
"match":
\[
\[domain.id", "=", "1"\]
\],
"return":\["name", "id"\],
"sort":"name",
"order":"asc",
"max": 20,
"offset": 0
\}
Response:
\{
"error":0,
"result":
\[
\{
"name":"John Smith",
"id":"1",
\},
\{
...
\}
\]
\}
\\ |
- Search users in a unit
| Wiki Markup |
|---|
Method:/user/search
Parameters:
\{
"match":
\[
\[unit.id", "=", "2"\]
\],
"return":\["name", "id"\],
"sort":"name",
"order":"asc",
"max": 20,
"offset": 0
\}
Response:
\{
"error":0,
"result":
\[
\{
"name":"Joe Blog",
"id":"2",
\},
\{
...
\}
\]
\}
\\ |
- Search users in a group
| Wiki Markup |
|---|
Method:/user/search
Parameters:
\{
"match":
\[
\[group.id", "=", "2"\]
\],
"return":\["name", "id"\],
"sort":"name",
"order":"asc",
"max": 20,
"offset": 0
\}
Response:
\{
"error":0,
"result":
\[
\{
"name":"Joe Blog",
"id":"2",
\},
\{
...
\}
\]
\}
\\ |
...
| Wiki Markup |
|---|
Method:/user/get
Parameters:
\{
"match":
\[
\["id", "=", 2\],
\],
"return":\["name", "id"\],
\}
Response:
\{
"error":0,
"result":
\{
"name":"Joe Blog",
"id":"2",
\}
\} |
...
Method:/user/set
Parameters:
{
"id":1,
"attrs":{"email":"john.smith@acme.com"}
}
Response:
{
"error":0
}
...
Method:/user/delete
Parameters:
{
"id":1
}
Response:
{
"error":0
}
Other methods:
Unit
- moveUnit
...
- joinGroup(join/unjoin)
...
| Wiki Markup |
|---|
Method: /user/joinGroup
Parameters:
\{
"user":\{"id":1\},
"groups:
\[
\{"id":5\},
\{"id":6\},
\{"id":7\}
\],
"action":"join | unjoin"
\}
Response:
\{
"error":0
\}
\\
\\
+Role+ |
- assignRole(assign/unassign)
...
- assignToken(assign/unassign)
...
Method: /user/assignToken
Assign an existing token
Parameters:
{
"user":{
"id":1,
"domain.id":domainId,
"loginName":loginName
},
"token:{
"id":5,
"product.manufactureCode":mc,
"product.productCode":pc,
"serial":xxx,
},
"credential":{ // optional
"otp":xxxx
},
"autoAssign":true|false,
"action":"assign | unassign",
"isOwner":true | false,
"starts":xxx,
"expires":xxx,
"usageLimit":50,
"status":"active | inactive | disabled",
"pin":"the token pin"
}
Response:
{
"error":0,
"id":tokenAssignmentId
}
...
| Wiki Markup |
|---|
\\
+Examples:+
Method:/user/ listProvisioningUrls
\\
Parameters:
\{
"user":
\{
"domain.name":"xxx"
"loginName":"abc"
\}
\}
Response:
\{
"error":0,
"result":
\{
"total":2,
"rows":
\[
"[http://provioning.deepnetsecurity.local:8072|http://provioning.deepnetsecurity.local:8072]",
"http://provioning2.deepnetsecurity.local:8073"
\]
\}
\}
\\ |
...
This method is a task running in the background
Examples:
Method:/user/import
Parameters:
{
"attrs":
{
"format":"csv or xml",
"data":"...",
"charset":"UTF-8"// optional
}
}
Response:
{
"error":0
}
...
Method:/user/issueCertificate
Parameters:
{
"user":
{
"loginName":"xxx",
"domain.Name":"somedomain"
},
"csr":"csr data"
"return":
{
"id", "subjectDn"
}
}
Response:
{
"error":0
}
...
} |
| Anchor | ||||
|---|---|---|---|---|
|
Method:/user/deleteCertificate
| Code Block | ||||
|---|---|---|---|---|
|
...
{ |
...
"user": |
...
{ |
...
" |
...
id":" |
...
user id 1"}, "certificate": |
...
{ "id":"cert id" |
...
}
} |
| Code Block | ||||
|---|---|---|---|---|
| ||||
{ "error":0 |
...
} |
| Anchor | ||||
|---|---|---|---|---|
|
...
...
Method: /user/getPolicy
| Code Block | ||||
|---|---|---|---|---|
| ||||
Parameters: \{ "user": \{ "loginNameid":"login name", "domain.id":domainid \user id 1"}, "category": \ { "name":"logon" \ }, "return":\["name", "id","options"\] \} Response: \{ } |
| Code Block | ||||
|---|---|---|---|---|
| ||||
{ "error":0, "result": \ { "id": "1policy id", "name": "Systempolicy logon policyname", "options": \{ "key":"valueoptions", ... \} \ } \} \\ \\ \\ |