See api-docs Menu

User Resource

User-related dates and times use the Coordinated Universal Time (UTC) format: YYYY-MM-DDThh:mm:ss.mscZ. For example: 2016-01-21T09:20:15.990Z.

Element Description

activated-at

Date and time at which the user’s status was set to 1 (active).

created-at

Date and time at which the user was created.

custom_attributes

Provides a list of custom attribute fields (also known as custom user fields) that are available for your account.

The values returned correspond to the values you provided in the Shortname field when you defined the custom user field.

For more info about defining custom user fields, see Custom User Fields.

directory-id

ID of the directory (Active Directory, LDAP, for example) from which the user was created.

distinguished-name

Synchronized from Active Directory.

email

User’s email address, which he also uses to log in to OneLogin.

external-id

External ID that can be used to uniquely identify the user in another system.

firstname

User’s first name.

group-id

Group to which the user belongs.

id

User’s unique ID in OneLogin.

invalid-login-attempts

Number of sequential invalid login attempts the user has made that is less than or equal to the Maximum invalid login attempts value defined on the Session page in OneLogin.

When this number reaches this value, the user account will be locked for the amount of time defined by the Lock effective period field on the Session page and this value will be reset to 0.

invitation-sent-at

Date and time at which an invitation to OneLogin was sent to the user.

last-login

Date and time of the user’s last login.

lastname

User’s last name.

locale-code

Represents a geographical, political, or cultural region. Some features may use the locale value to tailor the display of information, such as numbers, for the user based on locale-specific customs and conventions.

locked-until

Date and time at which the user’s account will be unlocked.

manager-ad-id

ID of the user’s manager in Active Directory.

member-of

Synchronized from Active Directory.

notes

Notes entered for the user.

openid-name

OpenID URL that can be configured in other applications that accept OpenID for sign-in.

password-changed-at

Date and time at which the user’s password was last changed.

phone

User’s phone number.

role_id

Role IDs to which the user is assigned.

samaccountname

Synchronized from Active Directory.

state

Represents the user’s stage in a process (such as user account approval). User state determines the possible statuses a user account can be in.

States include:

  • 0: Unapproved
  • 1: Approved
  • 2: Rejected
  • 3: Unlicensed

status

Determines the user’s ability to log in to OneLogin.

Possible values:

  • 0: Unactivated
  • 1: Active Only users assigned this status can log in to OneLogin.
  • 2: Suspended
  • 3: Locked
  • 4: Password expired
  • 5: Awaiting password reset

updated-at

Date and time at which the user’s information was last updated.

username

If the user’s directory is set to authenticate using a user name value, this is the value used to sign in.

userprincipalname

Synchronized from Active Directory.


Have a Question?

Have a how-to question? Seeing a weird error? Ask us about it on StackOverflow.

Found a bug? Submit a support ticket.

Have a product idea or request? Share it with us in our Ideas Portal.

StackOverflow discussions about "[onelogin] user api"

  • 6
    Votes

    A: OneLogin REST API with PowerShell's Invoke-RestMethod

    Answered Sep 05 2016

    saved to `$global:helpme" break } Then, wrap all of your Invoke-RestMethod calls in a try Catch block like this. try { $e = Invoke-WebRequest 'https://api.us.onelogin.com/api/1/users/$id … ":"notes is not a valid attribute for user model","attribute":"notes"}}} The request body has been saved to $global:helpme This was super helpful in helping me get rid of the errors I …

  • 4
    Votes

    Q: AWS API credentials with OneLogin SAML and MFA

    Asked Oct 30 2016

    We want to allow our users to retrieve a set of temporary CLI credentials for a given AWS role by signing in to OneLogin with password and MFA. We have a working solution, but it requires the user … to fully re-authenticate to OneLogin (including MFA) every 60 minutes as the AWS temporary credentials expire. I think that won't fly - our users are accustomed to permanent API credentials tied …

  • 2
    Votes
    2
    Answers

    Q: OneLogin REST API with PowerShell's Invoke-RestMethod

    Asked Sep 04 2016

    I'm working against the OneLogin REST API and can't seem to get any calls with a PUT method working. When I test in Postman, I can pass a raw JSON body like this: { "role_id_array … ": [ 115028 ] } to the endpoint: https://api.us.onelogin.com/api/1/users//add_roles This works just fine. However, when I attempt to do the same with PowerShell's …

  • 2
    Votes
    3
    Answers

    Q: Can I use OneLogin API to generate SAML assertions in a standalone app?

    Asked Aug 16 2016

    this? OneLogin people, can you add an API credential type for calling only the SAML Assertion APIs? Or you could just make the API open. (Note that AWS's "AssumeRoleWithSAML" API doesn't require user … I want to use OneLogin to write a command-line program that takes a username/password and generates a SAML assertion that can be used to authenticate to other sites. The problem is that calling …

  • 2
    Votes
    1
    Answers

    Q: OneLogin session_via_api_token and Chrome

    Asked Nov 14 2016

    I am getting a session token via an ajax call. This in turn calls the API method https://api.us.onelogin.com/api/1/login/auth $.post("onelogin.ashx?action=sessiontoken", data, function (s … ="hidden" id="session_token" name="session_token" value=""> <input type="submit" placeholder="GO"> <input id="auth_token" type="hidden"> </form> In IE and Firefox the user …

Loading...