User Resource

activated-at

Date and time at which the user’s status was set to 1 (active).

comment

Notes entered about the user.

company

Company the user is associated with.

created-at

Date and time at which the user was created.

Provides a list of custom attribute fields (also known as custom user fields) that are available for your account.

The values returned correspond to the values you provided in the Shortname field when you defined the custom user field.

For more info about defining custom user fields, see Custom User Fields.

department

Department the user works in.

directory-id

ID of the directory (Active Directory, LDAP, for example) from which the user was created.

distinguished-name

Synchronized from Active Directory.

email

User’s email address, which he also uses to log in to OneLogin.

external-id

External ID that can be used to uniquely identify the user in another system.

firstname

User’s first name.

group-id

Group to which the user belongs.

id

User’s unique ID in OneLogin.

invalid-login-attempts

Number of sequential invalid login attempts the user has made that is less than or equal to the Maximum invalid login attempts value defined on the Session page in OneLogin.

When this number reaches this value, the user account will be locked for the amount of time defined by the Lock effective period field on the Session page and this value will be reset to 0.

invitation-sent-at

Date and time at which an invitation to OneLogin was sent to the user.

last_login

Date and time of the user’s last login.

lastname

User’s last name.

locale-code

Represents a geographical, political, or cultural region. Some features may use the locale value to tailor the display of information, such as numbers, for the user based on locale-specific customs and conventions.

locked-until

Date and time at which the user’s account will be unlocked.

manager-ad-id

ID of the user’s manager in Active Directory.

manager-user-id

OneLogin ID of the user’s manager.

member-of

Synchronized from Active Directory.

openid-name

OpenID URL that can be configured in other applications that accept OpenID for sign-in.

password-changed-at

Date and time at which the user’s password was last changed.

phone

User’s phone number.

role_id

Role IDs to which the user is assigned.

samaccountname

Synchronized from Active Directory.

Represents the user’s stage in a process (such as user account approval). User state determines the possible statuses a user account can be in.

States include:

• 0: Unapproved
• 1: Approved
• 2: Rejected
• 3: Unlicensed

status

Determines the user’s ability to log in to OneLogin.

Possible values:

• 0: Unactivated
• 1: Active Only users assigned this status can log in to OneLogin.
• 2: Suspended
• 3: Locked
• 4: Password expired
• 5: Awaiting password reset The user is required to reset their password
• 7: Password Pending The user has not yet set a password
• 8: Security questions required The user has not yet set their security questions

title

User’s title.

updated-at

Date and time at which the user’s information was last updated.

username

If the user’s directory is set to authenticate using a user name value, this is the value used to sign in.

userprincipalname

Synchronized from Active Directory.

trusted_idp_id

Identifies the trusted IDP.