See api-docs Menu

v1-v3 APIs have been deprecated

Don't worry, these APIs are deprecated, but they won't be shut off until 2017, at the earliest. Questions? Contact devsupport@onelogin.com.

All new development with APIs should use the newest version of our API: /1. API /1 is based on RESTful principles, is secured by OAuth 2.0, and provides JSON messages, search, pagination, sorting, and filtering.

Create User

For a description of each element in the User resource, see User Resource.

Resource URL

https://api.onelogin.com/api/v3/users.xml

Parameters

Content-Type

 required

string

Set to application/xml.

company

string

Company the user works for.

department

string

Department the user works for.

email

string

At a minimum, you must provide either an email or username value.

firstname

string

Set to the user’s first name.

username

string

At a minimum, you must provide either a username or email value.

lastname

string

Set to the user’s last name.

openid-name

string

If not explicitly provided and you have provided an email value, this is set to the email value minus the @abcde.fgh. If not explicitly provided and you have provided a username value and no email value, this is set to the username value.

password

string

This value must meet the complexity requirements set at the account level. If you provide a password value, the status of the newly created user will be set to 1 (Active). If no password value is provided, the status will be set to 0 (Unactivated).

password_confirmation

string

If you provide a password value, you must provide this value. This value must match the password value.

phone

string

Set to the user’s phone number.

title

string

User’s title.

Sample Response

<user>
    <activated-at nil="true"></activated-at>
    <created-at>2015-04-27T15:03:27-07:00</created-at>
    <directory-id nil="true"></directory-id>
    <distinguished-name nil="true"></distinguished-name>
    <email>dora.garza@example.com</email>
    <external-id nil="true"></external-id>
    <firstname>Dora</firstname>
    <group-id nil="true"></group-id>
    <id>123456</id>
    <invalid-login-attempts nil="true"></invalid-login-attempts>
    <invitation-sent-at nil="true"></invitation-sent-at>
    <last-login nil="true"></last-login>
    <lastname>Garza</lastname>
    <locale-code nil="true"></locale-code>
    <locked-until nil="true"></locked-until>
    <member-of nil="true"></member-of>
    <openid-name>dora.garza</openid-name>
    <password-changed-at>2015-04-27T15:03:27-07:00</password-changed-at>
    <phone>555-555-1212</phone>
    <status>1</status>
    <updated-at>2015-04-27T15:03:27-07:00</updated-at>
    <username>dgarza</username>
</user>

Here are a few different errors that will return a 400 Bad Request status code:

--------------------------------------------------------

<error>
    <title>Invalid Request</title>
    <message>Validation failed: Username must be unique within onelogininc</message>
</error>

--------------------------------------------------------

<error>
    <title>Invalid Request</title>
    <message>Validation failed: The two passwords don't match</message>
</error>

--------------------------------------------------------

<error>
    <title>Unknown Attribute</title>
    <message>unknown attribute: confirm_password</message>
</error>

--------------------------------------------------------

<error>
    <title>Invalid Request</title>
    <message>Validation failed: The password must be at least 8 characters, 
    The password must contain upper and lowercase letters and digits</message>
</error>

--------------------------------------------------------

<error>
    <title>Invalid Request</title>
    <message>Validation failed: The password must contain both letters and digits</message>
</error>

Assign Custom Attributes

You can also include custom attributes to a user in the create request message. See the sample cURL request below for the required format. The {custom_attribute_name} must already exist.

Assign Roles

You cannot assign roles to the user using this API. To assign roles, create the user first and then use the Update user by username or Update user by ID to update the user with her role memberships.

Sample cURL Request

Try it out with a test account first: Start off with using this cURL request with a test OneLogin account and API key. Once you’ve familiarized yourself with the API’s behavior, switch over to using your production OneLogin account and API key.

Be sure to replace placeholder values surrounded by { } with actual values.

curl -u {api_key}:x -X POST -H "Content-Type: application/xml" \
-d '<user>
    <email>{email}</email>
    <firstname>{firstname}</firstname>
    <lastname>{lastname}</lastname>
    <username>{username}</username>
    <openid-name>{openid_name}</openid-name>
    <phone>{phone}</phone>
    <password>{password}</password>
    <password_confirmation>{password_confirmation}</password_confirmation>
    <department>{department}</department>
    <company>{company}</company>
    <title>{title}</title>
    <custom_attribute_{custom_attribute_name}>{custom_attribute_value}/custom_attribute_{custom_atrribute_name}>
</user>' \
https://api.onelogin.com/api/v3/users.xml

Postman Collection

Try it out with a test account first: Start off with using this Postman Collection with a test OneLogin account and API key. Once you’ve familiarized yourself with the API’s behavior, switch over to using your production OneLogin account and API key.

Replace sample variables indicated by { } in the sample request body with your actual values. Also, be sure to set Postman-specific environment variables indicated by {{ }}.

Download for the Users API