See api-docs Menu

Update User

Use this API to update the attributes of a user in OneLogin.

Early Preview

This API is in early preview and may be subject to change.

Mappings

By default mappings will be run after the response for this API is returned. If you’re relying on mappings to update a user value and you want that in the response then set the mappings query parameter to sync.

It’s also possible to update custom attributes and change passwords.

To update roles for a user, use the Assign Role to a User or Remove Role from a User API.

Mappings

By default mappings will be run after the response for this API is returned. If you’re relying on mappings to update a user value and you want that in the response then set the mappings query parameter to sync.

Resource URL

https://<api-domain>/api/2/users/:id

Header Parameters

Authorization

required

string

Set to bearer:<access_token>.

Set <access_token> to the access token you generated using the Generate Token API.

The access token must have been generated using an API credential pair created using the scope required to call this API. This API can be called using any one of the following scopes: Manage users or Manage All.

Content-Type

required

string

Set to application/json.

Resource Parameter

id

required

integer

Set to the id of the user that you want to update. If you don’t know the user’s id, use the List Users API call to return all users and their id values.

Query Parameters

mappings Controls how mappings will be applied to the user on update.

Defaults to async

async: Mappings will be run after the API returns a response
sync: Mappings will be run before the API returns a response
disabled: Mappings will not be run for this user

Request Parameters

username string A username for the user
email string A valid email for the user
firstname string The users first name
lastname string The users last name
password string The password to set for a user.
password_confirmation string Required if the password is being set
password_algorithm string Only use this when importing a password has already been hashed.

salt+sha256
Set to the password value using a SHA-256-encoded value.
If you are including your own salt value in your
request, prepend the salt value to the cleartext password
value before SHA-256-encoding it.

For example, if your salt value is hello and your
cleartext password value is password, the value you
need to SHA-256-encode is hellopassword. The resulting
encoded value would be
9fb8dc1cdabee85d13f5b4ba680a5e71cb8c80e78e5ffe8c01b698fa39346006.

b​crypt

salt string The salt value that was used with the password_algorithm.
title string The users job title
department string The users department
company string The company the user belongs to
comment string Free text related to the user
group_id integer The ID of the Group in OneLogin that the user will be assigned to
role_ids array A list of OneLogin Role IDs the user will be assigned to.
phone string The E.164 format phone number for a user.
state integer 0: Unapproved
1: Approved
2: Rejected
3: Unlicensed
status integer 0: Unactivated
1: Active
2: Suspended
3: Locked
4: Password expired
5: Awaiting password reset
7: Password Pending
8: Security questions required
directory_id integer The ID of the OneLogin Directory the user will be assigned to
trusted_idp_id integer The ID of the OneLogin Trusted IDP the user will be assigned to
manager_ad_id integer The ID of the users manager in Active Directory
manager_user_id integer The OneLogin User ID of the users manager
samaccountname string The users Active Directory username
member_of string The users directory membership
userprincipalname string The principle name of the user
distinguished_name string The distinguished name of the user
external_id string The ID of the user in an external directory

Sample Request Body

Update a users password

{
  "password": "helloworld123",
  "password_confirmation": "helloworld123"
}

Change a users state

{
    "state": 3
}

Sample Response

The full user resource is returned
{
    "created_at": "2020-07-16T03:29:41.420Z",
    "id": 87735981,
    "state": 1,
    "department": null,
    "email": null,
    "last_login": null,
    "password_changed_at": "2020-07-16T03:29:41.377Z",
    "preferred_locale_code": null,
    "firstname": "Scuba",
    "status": 1,
    "userprincipalname": null,
    "title": null,
    "role_ids": [],
    "custom_attributes": {
        "food": null,
        "employeenumber": null
    },
    "lastname": "Steve",
    "updated_at": "2020-07-16T03:29:41.420Z",
    "member_of": null,
    "phone": null,
    "company": null,
    "username": "scuba.steve",
    "manager_ad_id": null,
    "activated_at": null,
    "samaccountname": null,
    "directory_id": null,
    "external_id": null,
    "group_id": null,
    "invalid_login_attempts": 0,
    "invitation_sent_at": null,
    "trusted_idp_id": null,
    "comment": null,
    "distinguished_name": null,
    "locked_until": null,
    "manager_user_id": null
}
{
    "message": "unknown attribute: employee_number",
    "name": "BadRequestError",
    "statusCode": 400
}
Content-Type header was set to application/x-www-form-urlencoded
{
    "message": "unknown attribute: {\n    \"firstname\": \"Steve\",\n    \"lastname\": \"Smith\",\n    \"password\": \"new-password\",\n    \"password_confirmation\": \"new-password\"\n}",
    "name": "BadRequestError",
    "statusCode": 400
}

Typically, this error means that your access token value is invalid.

{
    "message": "Unauthorized",
    "name": "UnauthorizedError",
    "statusCode": 401
}
{
    "message": "The resource with the given id could not be found",
    "name": "NotFoundError",
    "statusCode": 404
}
{
    "message": "Validation failed: Username must be unique within {subdomain}",
    "name": "UnprocessableEntityError",
    "statusCode": 422
}
{
    "message": "Validation failed: Your new password and confirmation password do not match",
    "name": "UnprocessableEntityError",
    "statusCode": 422
}

Postman Collection

Replace sample variables indicated by < > in the sample request body with your actual values. Also, be sure to set Postman-specific environment variables indicated by {{ }}.

Download for the Users API

Sample Code

cURL

Replace sample values indicated by < > with your actual values.

curl 'https://<api-domain>/api/2/users/<id>' \
-X PUT \
-H "Authorization: bearer:<access_token>" \
-H "Content-Type: application/json" \
-d '{
    "lastname":"<lastname>"
}'

Have a Question?

Have a how-to question? Seeing a weird error? Ask us about it on StackOverflow.

Found a bug? Submit a support ticket.

Have a product idea or request? Share it with us in our Ideas Portal.