v1-v3 APIs have been deprecated
Don't worry, these APIs are deprecated, but they aren't shut off yet.
All new development with APIs should use the newest version of our API: /1. API /1 is based on RESTful principles, is secured by OAuth 2.0, and provides JSON messages, search, pagination, sorting, and filtering.
Create User
For a description of each element in the User resource, see User Resource.
Resource URL
https://api.onelogin.com/api/v3/users.xml
Parameters
Content-Type required string |
Set to application/xml . |
company string |
Company the user works for. |
department string |
Department the user works for. |
string |
At a minimum, you must provide either an email or username value. |
firstname string |
Set to the user’s first name. |
username string |
At a minimum, you must provide either a username or email value. |
lastname string |
Set to the user’s last name. |
openid-name string |
If not explicitly provided and you have provided an email value, this is set to the email value minus the @abcde.fgh . If not explicitly provided and you have provided a username value and no email value, this is set to the username value. |
password string |
This value must meet the complexity requirements set at the account level. If you provide a password value, the status of the newly created user will be set to 1 (Active). If no password value is provided, the status will be set to 0 (Unactivated). |
password_confirmation string |
If you provide a |
phone string |
Set to the user’s phone number. |
title string |
User’s title. |
Sample Response
- 201 Created
- 400 Bad Request
<user>
<activated-at nil="true"></activated-at>
<created-at>2015-04-27T15:03:27-07:00</created-at>
<directory-id nil="true"></directory-id>
<distinguished-name nil="true"></distinguished-name>
<email>dora.garza@example.com</email>
<external-id nil="true"></external-id>
<firstname>Dora</firstname>
<group-id nil="true"></group-id>
<id>123456</id>
<invalid-login-attempts nil="true"></invalid-login-attempts>
<invitation-sent-at nil="true"></invitation-sent-at>
<last-login nil="true"></last-login>
<lastname>Garza</lastname>
<locale-code nil="true"></locale-code>
<locked-until nil="true"></locked-until>
<member-of nil="true"></member-of>
<openid-name>dora.garza</openid-name>
<password-changed-at>2015-04-27T15:03:27-07:00</password-changed-at>
<phone>555-555-1212</phone>
<status>1</status>
<updated-at>2015-04-27T15:03:27-07:00</updated-at>
<username>dgarza</username>
</user>
Here are a few different errors that will return a 400 Bad Request status code:
--------------------------------------------------------
<error>
<title>Invalid Request</title>
<message>Validation failed: Username must be unique within onelogininc</message>
</error>
--------------------------------------------------------
<error>
<title>Invalid Request</title>
<message>Validation failed: The two passwords don't match</message>
</error>
--------------------------------------------------------
<error>
<title>Unknown Attribute</title>
<message>unknown attribute: confirm_password</message>
</error>
--------------------------------------------------------
<error>
<title>Invalid Request</title>
<message>Validation failed: The password must be at least 8 characters,
The password must contain upper and lowercase letters and digits</message>
</error>
--------------------------------------------------------
<error>
<title>Invalid Request</title>
<message>Validation failed: The password must contain both letters and digits</message>
</error>
Assign Custom Attributes
You can also include custom attributes to a user in the create request message. See the sample cURL request below for the required format. The {custom_attribute_name}
must already exist.
Assign Roles
You cannot assign roles to the user using this API. To assign roles, create the user first and then use the Update user by username or Update user by ID to update the user with her role memberships.
Sample cURL Request
Try it out with a test account first: Start off with using this cURL request with a test OneLogin account and API key. Once you’ve familiarized yourself with the API’s behavior, switch over to using your production OneLogin account and API key.
Be sure to replace placeholder values surrounded by { }
with actual values.
curl -u {api_key}:x -X POST -H "Content-Type: application/xml" \
-d '<user>
<email>{email}</email>
<firstname>{firstname}</firstname>
<lastname>{lastname}</lastname>
<username>{username}</username>
<openid-name>{openid_name}</openid-name>
<phone>{phone}</phone>
<password>{password}</password>
<password_confirmation>{password_confirmation}</password_confirmation>
<department>{department}</department>
<company>{company}</company>
<title>{title}</title>
<custom_attribute_{custom_attribute_name}>{custom_attribute_value}/custom_attribute_{custom_atrribute_name}>
</user>' \
https://api.onelogin.com/api/v3/users.xml
Postman Collection
Try it out with a test account first: Start off with using this Postman Collection with a test OneLogin account and API key. Once you’ve familiarized yourself with the API’s behavior, switch over to using your production OneLogin account and API key.
Replace sample variables indicated by { }
in the sample request body with your actual values. Also, be sure to set Postman-specific environment variables indicated by {{ }}
.
Download for the Users API
Have a Question?

Found a problem or a bug? Submit a support ticket.

Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.

Have a product idea or request? Share it with us in our Ideas Portal.