Home >
API >
v1-v3 >
Users >
User Resource

v1-v3 APIs have been deprecated.

Although these APIs are not shut off yet, all new development with APIs should use the newest version of our API if available, and the version /1 in all other cases. These later versions are based on RESTful principles, secured by OAuth 2.0, and provide JSON messages, search, pagination, sorting, and filtering.

User Resource

Here’s a detailed description of the elements in a User resource.

For more info about Users in OneLogin, see Introduction to User Management.

All dates and times use this format: YYYY-MM-DDThh:mm:ss-time zone designator (where -time zone designatorshould be set to -Z, +hh:mm, or -hh:mm). For example: 2015-01-21T09:20:15-08:00.

Element	Description
`activated-at`	Date and time at which the user’s status was set to `1` (active).
`company`	Company that the user works for.
`created-at`	Date and time at which the user was created.
`custom_attribute_`	Custom field defined for the user. One custom_attribute_ element displays for each custom field. For example, if the user has a custom attribute `branch_name`, a `custom_attribute_branch_name` element displays.
`department`	Department that the user works in.
`directory-id`	ID of the directory (Active Directory, LDAP, for example) from which the user was created.
`distinguished-name`	Synchronized from Active Directory.
`email`	User’s email address, which he also uses to log in to OneLogin.
`external-id`	External ID that can be used to uniquely identify the user in another system.
`firstname`	User’s first name.
`group-id`	Group to which the user belongs.
`id`	User’s unique ID in OneLogin.
`invalid-login-attempts`	Number of sequential invalid login attempts the user has made that is less than or equal to the Maximum invalid login attempts value defined on the Session page in OneLogin. When this number reaches this value, the user account will be locked for the amount of time defined by the Lock effective period field on the Session page and this value will be reset to `0`.
`invitation-sent-at`	Date and time at which an invitation to OneLogin was sent to the user.
`last-login`	Date and time of the user’s last login.
`lastname`	User’s last name.
`locale-code`	Represents a geographical, political, or cultural region. Some features may use the locale value to tailor the display of information, such as numbers, for the user based on locale-specific customs and conventions.
`locked-until`	Date and time at which the user’s account will be unlocked.
`member-of`	Synchronized from Active Directory.
`openid-name`	OpenID URL that can be configured in other applications that accept OpenID for sign-in.
`password-changed-at`	Date and time at which the user’s password was last changed.
`phone`	User’s phone number.
`roles`	Roles to which the user is assigned. Consists of role elements. The role element consists of `id` and `name` values.
`samaccountname`	Synchronized from Active Directory.
`status`	Determines the user’s ability to log in to OneLogin. Possible values: `0`: Unactivated. `1`: Active. Only users assigned this status can log in to OneLogin. `2`: Suspended. `3`: Locked. `4`: Password expired. `5`: Awaiting password reset.
`title`	User’s title.
`updated-at`	Date and time at which the user’s information was last updated.
`username`	If the user’s directory is set to authenticate using a user name value, this is the value used to sign in.
`userprincipalname`	Synchronized from Active Directory.

Have a Question?

Found a problem or a bug? Submit a support ticket.

Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.

Have a product idea or request? Share it with us in our Ideas Portal.