v1-v3 APIs have been deprecated.
Although these APIs are not shut off yet, all new development with APIs should use the newest version of our API if available, and the version /1 in all other cases. These later versions are based on RESTful principles, secured by OAuth 2.0, and provide JSON messages, search, pagination, sorting, and filtering.
Create User
For a description of each element in the User resource, see User Resource.
Resource URL
Before calling this API, consider using its version /1 or version /2 equivalent.
https://api.onelogin.com/api/v3/users.xmlParameters
Content-Type required string |
Set to application/xml. |
company string |
Company the user works for. |
department string |
Department the user works for. |
string |
At a minimum, you must provide either an email or username value. |
firstname string |
Set to the user’s first name. |
username string |
At a minimum, you must provide either a username or email value. |
lastname string |
Set to the user’s last name. |
openid-name string |
If not explicitly provided and you have provided an email value, this is set to the email value minus the @abcde.fgh. If not explicitly provided and you have provided a username value and no email value, this is set to the username value. |
password string |
This value must meet the complexity requirements set at the account level. If you provide a password value, the status of the newly created user will be set to 1 (Active). If no password value is provided, the status will be set to 0 (Unactivated). |
password_confirmation string |
If you provide a |
phone string |
Set to the user’s phone number. |
title string |
User’s title. |
Sample Response
- 201 Created
- 400 Bad Request
<user>
<activated-at nil="true"></activated-at>
<created-at>2015-04-27T15:03:27-07:00</created-at>
<directory-id nil="true"></directory-id>
<distinguished-name nil="true"></distinguished-name>
<email>dora.garza@example.com</email>
<external-id nil="true"></external-id>
<firstname>Dora</firstname>
<group-id nil="true"></group-id>
<id>123456</id>
<invalid-login-attempts nil="true"></invalid-login-attempts>
<invitation-sent-at nil="true"></invitation-sent-at>
<last-login nil="true"></last-login>
<lastname>Garza</lastname>
<locale-code nil="true"></locale-code>
<locked-until nil="true"></locked-until>
<member-of nil="true"></member-of>
<openid-name>dora.garza</openid-name>
<password-changed-at>2015-04-27T15:03:27-07:00</password-changed-at>
<phone>555-555-1212</phone>
<status>1</status>
<updated-at>2015-04-27T15:03:27-07:00</updated-at>
<username>dgarza</username>
</user>Here are a few different errors that will return a 400 Bad Request status code:
--------------------------------------------------------
<error>
<title>Invalid Request</title>
<message>Validation failed: Username must be unique within onelogininc</message>
</error>
--------------------------------------------------------
<error>
<title>Invalid Request</title>
<message>Validation failed: The two passwords don't match</message>
</error>
--------------------------------------------------------
<error>
<title>Unknown Attribute</title>
<message>unknown attribute: confirm_password</message>
</error>
--------------------------------------------------------
<error>
<title>Invalid Request</title>
<message>Validation failed: The password must be at least 8 characters,
The password must contain upper and lowercase letters and digits</message>
</error>
--------------------------------------------------------
<error>
<title>Invalid Request</title>
<message>Validation failed: The password must contain both letters and digits</message>
</error>Assign Custom Attributes
You can also include custom attributes to a user in the create request message. See the sample cURL request below for the required format. The {custom_attribute_name} must already exist.
Assign Roles
You cannot assign roles to the user using this API. To assign roles, create the user first and then use the Update user by username or Update user by ID to update the user with her role memberships.
Sample cURL Request
Try it out with a test account first: Start off with using this cURL request with a test OneLogin account and API key. Once you’ve familiarized yourself with the API’s behavior, switch over to using your production OneLogin account and API key.
Be sure to replace placeholder values surrounded by { } with actual values.
curl -u {api_key}:x -X POST -H "Content-Type: application/xml" \
-d '<user>
<email>{email}</email>
<firstname>{firstname}</firstname>
<lastname>{lastname}</lastname>
<username>{username}</username>
<openid-name>{openid_name}</openid-name>
<phone>{phone}</phone>
<password>{password}</password>
<password_confirmation>{password_confirmation}</password_confirmation>
<department>{department}</department>
<company>{company}</company>
<title>{title}</title>
<custom_attribute_{custom_attribute_name}>{custom_attribute_value}/custom_attribute_{custom_atrribute_name}>
</user>' \
https://api.onelogin.com/api/v3/users.xml
Postman Collection
- Clicking Run in Postman button navigates to the page where you can fork the collection to your workspace. Forking the collection into your workspace will enable you to contribute to the source collection using pull requests. You can also view the collection in a public workspace if you like and even import a copy of the collection using the links present on the screen.
Have a Question?
Found a problem or a bug? Submit a support ticket.
Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.
Have a product idea or request? Share it with us in our Ideas Portal.