Introduction
With the User Management API, you can manage the users within your account, such as inviting, retrieving, updating, or removing users. You can also manage user profiles and settings. In addition to the account ID, this API uses the user's IAM ID. The IAM ID is a digital identity that is used to identify a user or service in IBM Cloud. SDKs for Java, Node, Python, and Go are available to make it easier to programmatically access the API from your code. The client libraries that are provided by the SDKs implement best practices for using the API and reduce the amount of code that you need to write. The tab for each language includes code examples that demonstrate how to use the client libraries. For more information about using the SDKs, see the IBM Cloud SDK Common project on GitHub.
User Management is a platform service, which means that it uses platform management IAM roles to determine access permissions. For information about User Management roles, see Platform management roles in the IAM documentation.
User account status
A user can be in the following states.
State | Description |
---|---|
ACTIVE |
An active user state. |
VPN_ONLY |
In this state, the user cannot log in through the IBM Cloud console. |
DISABLED_CLASSIC_INFRASTRUCTURE |
In this state, the user cannot access classic infrastructure (SoftLayer) resources. |
PROCESSING |
This state is a read-only system state. |
PENDING |
This state is a read only system state. |
SUSPENDED |
In this state, the user has a suspended account. |
ERROR_WHILE_PROCESSING |
This state is caused by an error while creating the user. |
ERROR_WHILE_DELETING |
This state is caused by an error during V3 delete of the user. |
IAMID_INVALID |
In this state, the IBMid of this user may no longer exist. |
Users with the appropriate User Management IAM role can change a user between the ACTIVE
, VPN_ONLY
, and DISABLED_CLASSIC_INFRASTRUCTURE
states. PROCESSING
, PENDING
, ERROR_WHILE_PROCESSING
, ERROR_WHILE_DELETING
, and IAMID_INVALID
states are read-only system states that cannot be updated through the API.
The code examples on this tab use the client library that is provided for Java.
Maven
<dependency>
<groupId>com.ibm.cloud</groupId>
<artifactId>user-management</artifactId>
<version>{version}</version>
</dependency>
Gradle
compile 'com.ibm.cloud:user-management:{version}'
View on GitHub
Installing the Go SDK
Go modules (recommended): Add the following import in your code, and then run go build
or go mod tidy
import (
"github.com/IBM/platform-services-go-sdk/usermanagementv1"
)
Go get
go get -u github.com/IBM/platform-services-go-sdk/usermanagementv1
View on GitHub
The code examples on this tab use the client library that is provided for Node.js.
Installation
npm install @ibm-cloud/platform-services
View on GitHub
The code examples on this tab use the client library that is provided for Python.
Installation
pip install --upgrade "ibm-platform-services"
View on GitHub
Endpoint URLs
The User Management API uses the following global endpoint URL for all regions. When you call the API, add the path for each method to form the complete API endpoint for your requests.
https://user-management.cloud.ibm.com
Virtual private cloud (VPC) based access requires a virtual private endpoint gateway (VPE gateway). For more information, see Creating an endpoint gateway.
- Private endpoint URL for VPC infrastructure:
https://private.user-management.cloud.ibm.com
. VPE gateway creation is supported in following datacenters:- Dallas
- Washington
If you enabled service endpoints in your account, you can send API requests over the IBM Cloud® private network at the following base endpoint URLs. For more information, see Enabling VRF and service endpoints.
- Private endpoint URLs for classic infrastructure:
- Dallas:
https://private.us-south.user-management.cloud.ibm.com
- Washington DC:
https://private.us-east.user-management.cloud.ibm.com
- Dallas:
Example API request
curl -X {request_method} "https://user-management.cloud.ibm.com/{method_endpoint}"
Replace {request_method}
and {method_endpoint}
in this example with the values for your particular API call.
Authentication
Authorization to the user management REST API is enforced by using an IAM access token. The token is used to determine the roles that the identity has access to when using user management services. For information about how to obtain an IAM token for an authenticated user or service ID, see the IAM Identity Service API documentation.
Adequate access is required to use the API. Each method lists the IAM action that you need to be assigned access to. For more information about IAM actions and how they map to roles, see see Assigning access to account management services.
The User Management API does not cover user access. To manage user access, use the IAM Policy Management API and IAM Access Group API instead.
Obtaining an IAM token for an authenticated user or service ID is described in the IAM Identity Services API documentation.
To use the API, add a valid IAM token to the HTTP Authorization request header, for example, -H 'Authorization: Bearer <TOKEN>'
.
When you use the SDK, configure an IAM authenticator with the IAM API key. The authenticator automatically obtains the IAM access token for the API key and includes it with each request. You can construct an authenticator in either of two ways:
- Programmatically by constructing an IAM authenticator instance and supplying your IAM API key
- By defining the API key in external configuration properties and then using the SDK authenticator factory to construct an IAM authenticator that uses the configured IAM API key
In this example of using external configuration properties, an IAM authenticator instance is created with the configured API key, and then the service client is constructed with this authenticator instance and the configured service URL.
For more information, see the Authentication section of the IBM Cloud SDK Common documentation.
To call each method, you'll need to be assigned a role that includes the required IAM actions. Each method lists the associated action. For more information about IAM actions and how they map to roles, see Assigning access to account management services.
To retrieve your access token:
curl -X POST "https://iam.cloud.ibm.com/identity/token" --header 'Content-Type: application/x-www-form-urlencoded' --header 'Accept: application/json' --data-urlencode 'grant_type=urn:ibm:params:oauth:grant-type:apikey' --data-urlencode 'apikey={api_key}'
Replace <API_KEY>
with your service credentials. Then use the full IAM token
value, prefixed by the Bearer token type, to authenticate your API requests.
Example that sets options by using environment variables
export USER_MANAGEMENT_APIKEY=<API_KEY>
import {
"github.com/IBM/platform-services-go-sdk/usermanagementv1"
}
...
userManagementServiceOptions := &usermanagementv1.UserManagementV1Options{}
userManagementService, err := usermanagementv1.NewUserManagementV1UsingExternalConfig(userManagementServiceOptions)
Replace <API_KEY>
with your IBM Cloud IAM API key. Invoke service operations by using the userManagementService
variable.
For more authentication examples, check out the IBM Cloud SDK Common project on GitHub.
Example that sets options by using environment variables
export USER_MANAGEMENT_APIKEY=<API_KEY>
import com.ibm.cloud.platform_services.user_management.v1.UserManagement;
...
GlobalSearch userManagementService = UserManagement.newInstance();
Replace <API_KEY>
with your IBM Cloud IAM API key. Invoke service operations by using the userManagementService
variable.
For more authentication examples, check out the IBM Cloud SDK Common project on GitHub.
Example that sets options by using environment variables
export USER_MANAGEMENT_APIKEY=<API_KEY>
const UserManagementV1 = require('@ibm-cloud/platform-services/user-management/v1');
...
const userManagementService = UserManagementV1.newInstance({});
Replace <API_KEY>
with your IBM Cloud IAM API key. Invoke service operations by using the userManagementService
variable.
For more authentication examples, check out the IBM Cloud SDK Common project on GitHub.
Example that sets options by using environment variables
export USER_MANAGEMENT_APIKEY=<API_KEY>
from ibm_platform_services import UserManagementV1
...
user_management_service = UserManagementV1.new_instance()
Replace <API_KEY>
with your IBM Cloud IAM API key. Invoke service operations by using the user_management_service
variable.
For more authentication examples, check out the IBM Cloud SDK Common project on GitHub.
Auditing
You can monitor API activity within your account by using the IBM Cloud Activity Tracker service. When an API method is called, an event is generated that you can then track and audit from within Activity Tracker. The specific event type is listed for each individual method.
For more information about how to track activity in an enterprise, see Auditing events for account management.
Error handling
This API uses standard HTTP response codes to indicate whether a method completed successfully. A 2xx
response indicates success. A 4xx
type response indicates a failure, and a 500
type response indicates an internal system error.
HTTP Error Code | Description | Recovery |
---|---|---|
200 |
Success | The request was successful. |
202 |
Accepted | The request was accepted. |
204 |
No Content | The request was successful. No response body is provided. |
401 |
Unauthorized | You are not authorized to make this request. Log in to IBM Cloud and try again. If this error persists, contact the account owner to check your permissions. |
403 |
Forbidden | The supplied authentication is not authorized to access '{namespace}'. |
404 |
Not Found | The requested resource could not be found. |
500 |
Internal Server Error | Your request could not be processed. Wait a few minutes and try again. |
Methods
List users
Retrieve users in the account. You can use the IAM service token or a user token for authorization. To use this method, the requesting user or service ID must have at least the viewer, editor, or administrator role on the User Management service. If unrestricted view is enabled, the user can see all users in the same account without an IAM role. If restricted view is enabled and user has the viewer, editor, or administrator role on the user management service, the API returns all users in the account. If unrestricted view is enabled and the user does not have these roles, the API returns only the current user. Users are returned in a paginated list with a default limit of 100 users. You can iterate through all users by following the next_url
field. Additional substring search fields are supported to filter the users.
Retrieve users in the account. You can use the IAM service token or a user token for authorization. To use this method, the requesting user or service ID must have at least the viewer, editor, or administrator role on the User Management service. If unrestricted view is enabled, the user can see all users in the same account without an IAM role. If restricted view is enabled and user has the viewer, editor, or administrator role on the user management service, the API returns all users in the account. If unrestricted view is enabled and the user does not have these roles, the API returns only the current user. Users are returned in a paginated list with a default limit of 100 users. You can iterate through all users by following the next_url
field.
Retrieve users in the account. You can use the IAM service token or a user token for authorization. To use this method, the requesting user or service ID must have at least the viewer, editor, or administrator role on the User Management service. If unrestricted view is enabled, the user can see all users in the same account without an IAM role. If restricted view is enabled and user has the viewer, editor, or administrator role on the user management service, the API returns all users in the account. If unrestricted view is enabled and the user does not have these roles, the API returns only the current user. Users are returned in a paginated list with a default limit of 100 users. You can iterate through all users by following the next_url
field.
Retrieve users in the account. You can use the IAM service token or a user token for authorization. To use this method, the requesting user or service ID must have at least the viewer, editor, or administrator role on the User Management service. If unrestricted view is enabled, the user can see all users in the same account without an IAM role. If restricted view is enabled and user has the viewer, editor, or administrator role on the user management service, the API returns all users in the account. If unrestricted view is enabled and the user does not have these roles, the API returns only the current user. Users are returned in a paginated list with a default limit of 100 users. You can iterate through all users by following the next_url
field.
Retrieve users in the account. You can use the IAM service token or a user token for authorization. To use this method, the requesting user or service ID must have at least the viewer, editor, or administrator role on the User Management service. If unrestricted view is enabled, the user can see all users in the same account without an IAM role. If restricted view is enabled and user has the viewer, editor, or administrator role on the user management service, the API returns all users in the account. If unrestricted view is enabled and the user does not have these roles, the API returns only the current user. Users are returned in a paginated list with a default limit of 100 users. You can iterate through all users by following the next_url
field.
GET /v2/accounts/{account_id}/users
(userManagement *UserManagementV1) ListUsers(listUsersOptions *ListUsersOptions) (result *UserList, response *core.DetailedResponse, err error)
(userManagement *UserManagementV1) ListUsersWithContext(ctx context.Context, listUsersOptions *ListUsersOptions) (result *UserList, response *core.DetailedResponse, err error)
ServiceCall<UserList> listUsers(ListUsersOptions listUsersOptions)
listUsers(params)
list_users(self,
account_id: str,
*,
limit: int = None,
start: str = None,
user_id: str = None,
**kwargs
) -> DetailedResponse
Request
Instantiate the ListUsersOptions
struct and set the fields to provide parameter values for the ListUsers
method.
Use the ListUsersOptions.Builder
to create a ListUsersOptions
object that contains the parameter values for the listUsers
method.
Path Parameters
The account ID of the specified user.
Query Parameters
The number of results to be returned.
Possible values: value ≤ 100
Default:
100
The user settings to be returned. Set to true to view language, allowed IP address, and authentication settings.
The desired search results to be returned. To view the list of users with the additional search filter, use the following query options:
firstname
,lastname
,email
,state
,substate
,iam_id
,realm
, anduserId
. HTML URL encoding for the search query and:
must be used. For example, search=state%3AINVALID returns a list of invalid users. Multiple search queries can be combined to obtainOR
results using,
operator (not URL encoded). For example, search=state%3AINVALID,email%3Amail.test.ibm.com.An optional token that indicates the beginning of the page of results to be returned. If omitted, the first page of results is returned. This value is obtained from the 'next_url' field of the operation response.
Filter users based on their user ID.
Filter users based on their email address.
Filter users based on realm. The realm identifies the provider of the user, such as IBMid or an external identity provider. For more information, see see Users
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The ListUsers options.
The account ID of the specified user.
The number of results to be returned.
Possible values: value ≤ 100
Examples:10
An optional token that indicates the beginning of the page of results to be returned. If omitted, the first page of results is returned. This value is obtained from the 'next_url' field of the operation response.
Filter users based on their user ID.
The listUsers options.
The account ID of the specified user.
The number of results to be returned.
Possible values: value ≤ 100
Examples:10
An optional token that indicates the beginning of the page of results to be returned. If omitted, the first page of results is returned. This value is obtained from the 'next_url' field of the operation response.
Filter users based on their user ID.
parameters
The account ID of the specified user.
The number of results to be returned.
Possible values: value ≤ 100
An optional token that indicates the beginning of the page of results to be returned. If omitted, the first page of results is returned. This value is obtained from the 'next_url' field of the operation response.
Filter users based on their user ID.
parameters
The account ID of the specified user.
The number of results to be returned.
Possible values: value ≤ 100
An optional token that indicates the beginning of the page of results to be returned. If omitted, the first page of results is returned. This value is obtained from the 'next_url' field of the operation response.
Filter users based on their user ID.
curl -X GET https://user-management.cloud.ibm.com/v2/accounts/987d4cfd77b04e9b9e1a6asdcc861234/users -H 'Authorization: Bearer <IAM_TOKEN>'
listUsersOptions := &usermanagementv1.ListUsersOptions{ AccountID: &accountID, } pager, err := userManagementService.NewUsersPager(listUsersOptions) if err != nil { panic(err) } var allResults []usermanagementv1.UserProfile for pager.HasNext() { nextPage, err := pager.GetNext() if err != nil { panic(err) } allResults = append(allResults, nextPage...) } b, _ := json.MarshalIndent(allResults, "", " ") fmt.Println(string(b))
ListUsersOptions listUsersOptions = new ListUsersOptions.Builder() .accountId(accountId) .build(); UsersPager pager = new UsersPager(userManagementService, listUsersOptions); List<UserProfile> allResults = new ArrayList<>(); while (pager.hasNext()) { List<UserProfile> nextPage = pager.getNext(); allResults.addAll(nextPage); } System.out.println(GsonSingleton.getGson().toJson(allResults));
const params = { accountId: accountId, }; const allResults = []; try { const pager = new UserManagementV1.UsersPager(userManagementService, params); while (pager.hasNext()) { const nextPage = await pager.getNext(); expect(nextPage).not.toBeNull(); allResults.push(...nextPage); } console.log(JSON.stringify(allResults, null, 2)); } catch (err) { console.warn(err); }
all_results = [] pager = UsersPager( client=user_management_service, account_id=account_id, ) while pager.has_next(): next_page = pager.get_next() assert next_page is not None all_results.extend(next_page) print(json.dumps(all_results, indent=2))
Response
The users returned.
The number of users returned.
A limit to the number of users returned in a page.
The first URL of the get users API.
The next URL of the get users API.
A list of users in the account.
The users returned.
The number of users returned.
A limit to the number of users returned in a page.
The first URL of the get users API.
The next URL of the get users API.
A list of users in the account.
- Resources
An alphanumeric value identifying the user profile.
An alphanumeric value identifying the user's IAM ID.
The realm of the user. The value is either
IBMid
orSL
.The user ID used for login.
The first name of the user.
The last name of the user.
The state of the user. Possible values are
PROCESSING
,PENDING
,ACTIVE
,DISABLED_CLASSIC_INFRASTRUCTURE
, andVPN_ONLY
.The email address of the user.
The phone number of the user.
The alternative phone number of the user.
A link to a photo of the user.
An alphanumeric value identifying the account ID.
The timestamp for when the user was added to the account.
The users returned.
The number of users returned.
A limit to the number of users returned in a page.
The first URL of the get users API.
The next URL of the get users API.
A list of users in the account.
- resources
An alphanumeric value identifying the user profile.
An alphanumeric value identifying the user's IAM ID.
The realm of the user. The value is either
IBMid
orSL
.The user ID used for login.
The first name of the user.
The last name of the user.
The state of the user. Possible values are
PROCESSING
,PENDING
,ACTIVE
,DISABLED_CLASSIC_INFRASTRUCTURE
, andVPN_ONLY
.The email address of the user.
The phone number of the user.
The alternative phone number of the user.
A link to a photo of the user.
An alphanumeric value identifying the account ID.
The timestamp for when the user was added to the account.
The users returned.
The number of users returned.
A limit to the number of users returned in a page.
The first URL of the get users API.
The next URL of the get users API.
A list of users in the account.
- resources
An alphanumeric value identifying the user profile.
An alphanumeric value identifying the user's IAM ID.
The realm of the user. The value is either
IBMid
orSL
.The user ID used for login.
The first name of the user.
The last name of the user.
The state of the user. Possible values are
PROCESSING
,PENDING
,ACTIVE
,DISABLED_CLASSIC_INFRASTRUCTURE
, andVPN_ONLY
.The email address of the user.
The phone number of the user.
The alternative phone number of the user.
A link to a photo of the user.
An alphanumeric value identifying the account ID.
The timestamp for when the user was added to the account.
The users returned.
The number of users returned.
A limit to the number of users returned in a page.
The first URL of the get users API.
The next URL of the get users API.
A list of users in the account.
- resources
An alphanumeric value identifying the user profile.
An alphanumeric value identifying the user's IAM ID.
The realm of the user. The value is either
IBMid
orSL
.The user ID used for login.
The first name of the user.
The last name of the user.
The state of the user. Possible values are
PROCESSING
,PENDING
,ACTIVE
,DISABLED_CLASSIC_INFRASTRUCTURE
, andVPN_ONLY
.The email address of the user.
The phone number of the user.
The alternative phone number of the user.
A link to a photo of the user.
An alphanumeric value identifying the account ID.
The timestamp for when the user was added to the account.
Status Code
Users were returned successfully.
Your access token is not valid, or the authenication of your token failed.
Your access token is valid, but it does not have the necessary permissions to access this resource.
The resource could not be found.
Your request could not be processed. Try again later. If the problem persists, note the
transaction-id
in the response header and contact IBM Cloud support.
{ "total_results": 1, "limit": 100, "first_url": "/v2/accounts/987d4cfd77b04e9b9e1a6asdcc861234/users", "resources": [ { "id": "83699daa4a0d4647b6bef17f9f73c1234", "iam_id": "IBMid-1000000000", "realm": "IBMid", "user_id": "cloud_api_example@ibm.com", "firstname": "firstname", "lastname": "lastname", "state": "ACTIVE", "email": "cloud_api_example@ibm.com", "phonenumber": "1234567890", "altphonenumber": "1234567891", "photo": "https://32a7b.https.cdn.softlayer.net/8032A7B/dal05.objectstorage.softlayer.net/v1/AUTH_f2968d51-d955-4506-8fc5-7345a06eb123/bluemix-photos/", "account_id": "987d4cfd77b04e9b9e1a6asdcc861234", "added_on": "2019-02-13T00:56:59.266Z" } ] }
{ "total_results": 1, "limit": 100, "first_url": "/v2/accounts/987d4cfd77b04e9b9e1a6asdcc861234/users", "resources": [ { "id": "83699daa4a0d4647b6bef17f9f73c1234", "iam_id": "IBMid-1000000000", "realm": "IBMid", "user_id": "cloud_api_example@ibm.com", "firstname": "firstname", "lastname": "lastname", "state": "ACTIVE", "email": "cloud_api_example@ibm.com", "phonenumber": "1234567890", "altphonenumber": "1234567891", "photo": "https://32a7b.https.cdn.softlayer.net/8032A7B/dal05.objectstorage.softlayer.net/v1/AUTH_f2968d51-d955-4506-8fc5-7345a06eb123/bluemix-photos/", "account_id": "987d4cfd77b04e9b9e1a6asdcc861234", "added_on": "2019-02-13T00:56:59.266Z" } ] }
Invite users to an account
Invite users to the account. You must use a user token for authorization. Service IDs can't invite users to the account. To use this method, the requesting user must have the editor or administrator role on the User Management service. For more information, see the Inviting users documentation. You can specify the user account role and the corresponding IAM policy information in the request body.
When you invite a user to an account, the user is initially created in the PROCESSING
state. After the user is successfully created, all specified permissions are configured, and the activation email is sent, the invited user is transitioned to the PENDING
state. When the invited user clicks the activation email and creates and confirms their IBM Cloud account, the user is transitioned to ACTIVE
state. If the user email is already verified, no email is generated.
Invite users to the account. You must use a user token for authorization. Service IDs can't invite users to the account. To use this method, the requesting user must have the editor or administrator role on the User Management service. For more information, see the Inviting users documentation. You can specify the user account role and the corresponding IAM policy information in the request body.
When you invite a user to an account, the user is initially created in the PROCESSING
state. After the user is successfully created, all specified permissions are configured, and the activation email is sent, the invited user is transitioned to the PENDING
state. When the invited user clicks the activation email and creates and confirms their IBM Cloud account, the user is transitioned to ACTIVE
state. If the user email is already verified, no email is generated.
Invite users to the account. You must use a user token for authorization. Service IDs can't invite users to the account. To use this method, the requesting user must have the editor or administrator role on the User Management service. For more information, see the Inviting users documentation. You can specify the user account role and the corresponding IAM policy information in the request body.
When you invite a user to an account, the user is initially created in the PROCESSING
state. After the user is successfully created, all specified permissions are configured, and the activation email is sent, the invited user is transitioned to the PENDING
state. When the invited user clicks the activation email and creates and confirms their IBM Cloud account, the user is transitioned to ACTIVE
state. If the user email is already verified, no email is generated.
Invite users to the account. You must use a user token for authorization. Service IDs can't invite users to the account. To use this method, the requesting user must have the editor or administrator role on the User Management service. For more information, see the Inviting users documentation. You can specify the user account role and the corresponding IAM policy information in the request body.
When you invite a user to an account, the user is initially created in the PROCESSING
state. After the user is successfully created, all specified permissions are configured, and the activation email is sent, the invited user is transitioned to the PENDING
state. When the invited user clicks the activation email and creates and confirms their IBM Cloud account, the user is transitioned to ACTIVE
state. If the user email is already verified, no email is generated.
Invite users to the account. You must use a user token for authorization. Service IDs can't invite users to the account. To use this method, the requesting user must have the editor or administrator role on the User Management service. For more information, see the Inviting users documentation. You can specify the user account role and the corresponding IAM policy information in the request body.
When you invite a user to an account, the user is initially created in the PROCESSING
state. After the user is successfully created, all specified permissions are configured, and the activation email is sent, the invited user is transitioned to the PENDING
state. When the invited user clicks the activation email and creates and confirms their IBM Cloud account, the user is transitioned to ACTIVE
state. If the user email is already verified, no email is generated.
POST /v2/accounts/{account_id}/users
(userManagement *UserManagementV1) InviteUsers(inviteUsersOptions *InviteUsersOptions) (result *InvitedUserList, response *core.DetailedResponse, err error)
(userManagement *UserManagementV1) InviteUsersWithContext(ctx context.Context, inviteUsersOptions *InviteUsersOptions) (result *InvitedUserList, response *core.DetailedResponse, err error)
ServiceCall<InvitedUserList> inviteUsers(InviteUsersOptions inviteUsersOptions)
inviteUsers(params)
invite_users(self,
account_id: str,
*,
users: List['InviteUser'] = None,
iam_policy: List['InviteUserIamPolicy'] = None,
access_groups: List[str] = None,
**kwargs
) -> DetailedResponse
Request
Instantiate the InviteUsersOptions
struct and set the fields to provide parameter values for the InviteUsers
method.
Use the InviteUsersOptions.Builder
to create a InviteUsersOptions
object that contains the parameter values for the inviteUsers
method.
Path Parameters
The account ID of the specified user.
Request body to invite a user.
A list of users to be invited.
A list of IAM policies.
A list of access groups.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The InviteUsers options.
The account ID of the specified user.
A list of users to be invited.
- Users
The email of the user to be invited.
The account role of the user to be invited.
A list of IAM policies.
- IamPolicy
The policy type. This can be either "access" or "authorization".
A list of IAM roles.
- Roles
An alphanumeric value identifying the origin.
A list of resources.
- Resources
A list of IAM attributes.
- Attributes
The name of the attribute.
The value of the attribute.
A list of access groups.
The inviteUsers options.
The account ID of the specified user.
A list of users to be invited.
- users
The email of the user to be invited.
The account role of the user to be invited.
A list of IAM policies.
- iamPolicy
The policy type. This can be either "access" or "authorization".
A list of IAM roles.
- roles
An alphanumeric value identifying the origin.
A list of resources.
- resources
A list of IAM attributes.
- attributes
The name of the attribute.
The value of the attribute.
A list of access groups.
parameters
The account ID of the specified user.
A list of users to be invited.
- users
The email of the user to be invited.
The account role of the user to be invited.
A list of IAM policies.
- iamPolicy
The policy type. This can be either "access" or "authorization".
A list of IAM roles.
- roles
An alphanumeric value identifying the origin.
A list of resources.
- resources
A list of IAM attributes.
- attributes
The name of the attribute.
The value of the attribute.
A list of access groups.
parameters
The account ID of the specified user.
A list of users to be invited.
- users
The email of the user to be invited.
The account role of the user to be invited.
A list of IAM policies.
- iam_policy
The policy type. This can be either "access" or "authorization".
A list of IAM roles.
- roles
An alphanumeric value identifying the origin.
A list of resources.
- resources
A list of IAM attributes.
- attributes
The name of the attribute.
The value of the attribute.
A list of access groups.
curl -X POST https://user-management.cloud.ibm.com/v2/accounts/987d4cfd77b04e9b9e1a6asdcc861234/users -H 'Authorization: Bearer <IAM_TOKEN>' -H 'Content-Type: application/json' -d '{ "users": [ { "email": "cloud_api_example_member@ibm.com", "account_role": "Member" }], "iam_policy": [{ "type": "access", "roles": [{ "role_id": "crn:v1:bluemix:public:iam::::role:Viewer" }], "resources": [{ "attributes": [{ "name": "accountId", "value": "987d4cfd77b04e9b9e1a6asdcc861234" }, { "name": "resourceType", "value": "resource-group" }, { "name": "resource", "value": "2c7449dd871049c29ec3a53853ce123e" } ] }] }], "access_groups":[ "AccessGroupId-******-0f54-4d4f-89c2-e5fdc0b9a28c", "AccessGroupId-******-3087-4395-a382-a8e8ff9ccc23" ] }'
inviteUserModel := &usermanagementv1.InviteUser{ Email: &memberEmail, AccountRole: core.StringPtr("Member"), } roleModel := &usermanagementv1.Role{ RoleID: &viewerRoleID, } attributeModel := &usermanagementv1.Attribute{ Name: core.StringPtr("accountId"), Value: &accountID, } attributeModel2 := &usermanagementv1.Attribute{ Name: core.StringPtr("resourceGroupId"), Value: core.StringPtr("*"), } resourceModel := &usermanagementv1.Resource{ Attributes: []usermanagementv1.Attribute{*attributeModel, *attributeModel2}, } inviteUserIamPolicyModel := &usermanagementv1.InviteUserIamPolicy{ Type: core.StringPtr("access"), Roles: []usermanagementv1.Role{*roleModel}, Resources: []usermanagementv1.Resource{*resourceModel}, } inviteUsersOptions := &usermanagementv1.InviteUsersOptions{ AccountID: &accountID, Users: []usermanagementv1.InviteUser{*inviteUserModel}, IamPolicy: []usermanagementv1.InviteUserIamPolicy{*inviteUserIamPolicyModel}, AccessGroups: []string{accessGroupID}, } invitedUserList, response, err := userManagementAdminService.InviteUsers(inviteUsersOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(invitedUserList, "", " ") fmt.Println(string(b))
InviteUser inviteUserModel = new InviteUser.Builder() .email(memberEmail) .accountRole("Member") .build(); Role roleModel = new Role.Builder() .roleId(viewerRoleId) .build(); Attribute attributeModel = new Attribute.Builder() .name("accountId") .value(accountId) .build(); Attribute attributeModel2 = new Attribute.Builder() .name("resourceGroupId") .value("*") .build(); Resource resourceModel = new Resource.Builder() .addAttributes(attributeModel) .addAttributes(attributeModel2) .build(); InviteUserIamPolicy inviteUserIamPolicyModel = new InviteUserIamPolicy.Builder() .type("access") .addRoles(roleModel) .addResources(resourceModel) .build(); InviteUsersOptions inviteUsersOptions = new InviteUsersOptions.Builder() .accountId(accountId) .addUsers(inviteUserModel) .addIamPolicy(inviteUserIamPolicyModel) .addAccessGroups(accessGroupId) .build(); Response<InvitedUserList> response = userManagementServiceAdmin.inviteUsers(inviteUsersOptions).execute(); InvitedUserList invitedUserList = response.getResult(); System.out.println(invitedUserList);
const inviteUserModel = { email: memberEmail, account_role: 'Member', }; const roleModel = { role_id: viewerRoleId, }; const attributeModel = { name: 'accountId', value: accountId, }; const attributeModel2 = { name: 'resourceGroupId', value: '*', }; const resourceModel = { attributes: [attributeModel, attributeModel2], }; const inviteUserIamPolicyModel = { type: 'access', roles: [roleModel], resources: [resourceModel], }; const params = { accountId: accountId, users: [inviteUserModel], iamPolicy: [inviteUserIamPolicyModel], accessGroups: [accessGroupId], }; try { const res = await userManagementAdminService.inviteUsers(params); deleteUserId = res.result.resources[0].id; console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
invite_user_model = { 'email': member_email, 'account_role': 'Member' } role_model = {'role_id': viewer_role_id} attribute_model = {'name': 'accountId', 'value': account_id} attribute_model2 = {'name': 'resourceGroupId', 'value': '*'} resource_model = {'attributes': [attribute_model, attribute_model2]} invite_user_iam_policy_model = { 'type': 'access', 'roles': [role_model], 'resources': [resource_model] } invite_user_response = user_management_admin_service.invite_users( account_id=account_id, users=[invite_user_model], iam_policy=[invite_user_iam_policy_model], access_groups=[access_group_id] ).get_result() print(json.dumps(invite_user_response, indent=2))
Response
A collection of invited users. This is the response returned by the invite_users operation.
The list of users that have been invited to join the account.
A collection of invited users. This is the response returned by the invite_users operation.
The list of users that have been invited to join the account.
- Resources
The email address associated with the invited user.
The id associated with the invited user.
The state of the invitation for the user.
A collection of invited users. This is the response returned by the invite_users operation.
The list of users that have been invited to join the account.
- resources
The email address associated with the invited user.
The id associated with the invited user.
The state of the invitation for the user.
A collection of invited users. This is the response returned by the invite_users operation.
The list of users that have been invited to join the account.
- resources
The email address associated with the invited user.
The id associated with the invited user.
The state of the invitation for the user.
A collection of invited users. This is the response returned by the invite_users operation.
The list of users that have been invited to join the account.
- resources
The email address associated with the invited user.
The id associated with the invited user.
The state of the invitation for the user.
Status Code
The user was successfully invited.
Your access token is not valid, or the authenication of your token failed.
Your access token is valid, but it does not have the necessary permissions to access this resource.
The resource could not be found.
Your request could not be processed. Try again later. If the problem persists, note the
transaction-id
in the response header and contact IBM Cloud support.
{ "resources": [ { "id": "12000000000000000000000000000001", "email": "cloud_api_example_member@ibm.com", "state": "PROCESSING" } ] }
{ "resources": [ { "id": "12000000000000000000000000000001", "email": "cloud_api_example_member@ibm.com", "state": "PROCESSING" } ] }
Remove user from account by user ID or email
Remove a user from an account by user ID or by email and realm. You must use a user token for authorization. Service IDs can't remove users from an account. The request must contain either the user ID or email in the query parameters. This method removes only a single user. If multiple users found for the given query, a bad request returns. The requesting user must have the editor or administrator role on the User Management service. For more information, see Removing users.
DELETE /v2/accounts/{account_id}/users
Request
Path Parameters
The account ID of the specified user.
Query Parameters
The ID of the user that you want to remove from the account. Either user_id or email is required. To get the user_id of users in your account, list users.
The email address of the user that you want to remove. Either email or user_id is required.
The realm of the user that you want to remove. The realm identifies the provider of the user, such as IBMid or an external identity provider. For more information, see Users
curl -X DELETE https://user-management.cloud.ibm.com/v2/accounts/987d4cfd77b04e9b9e1a6asdcc861234/users?user_id=user%40ibm.com&email=user.email%40ibm.com&realm=ibmid -H 'Authorization: Bearer <IAM_TOKEN>' -H 'Content-Type: application/json'
Response
Status Code
The user was removed successfully.
The request has an invalid payload.
Your access token is not valid, or the authenication of your token failed.
Your access token is valid, but it does not have the necessary permissions to access this resource.
Your request could not be processed. Try again later. If the problem persists, note the
transaction-id
in the response header and contact IBM Cloud support.
No Sample Response
Get user profile
Retrieve a user's profile by the user's IAM ID in your account. You can use the IAM service token or a user token for authorization. To use this method, the requesting user or service ID must have at least the viewer, editor, or administrator role on the User Management service.
Retrieve a user's profile by the user's IAM ID in your account. You can use the IAM service token or a user token for authorization. To use this method, the requesting user or service ID must have at least the viewer, editor, or administrator role on the User Management service.
Retrieve a user's profile by the user's IAM ID in your account. You can use the IAM service token or a user token for authorization. To use this method, the requesting user or service ID must have at least the viewer, editor, or administrator role on the User Management service.
Retrieve a user's profile by the user's IAM ID in your account. You can use the IAM service token or a user token for authorization. To use this method, the requesting user or service ID must have at least the viewer, editor, or administrator role on the User Management service.
Retrieve a user's profile by the user's IAM ID in your account. You can use the IAM service token or a user token for authorization. To use this method, the requesting user or service ID must have at least the viewer, editor, or administrator role on the User Management service.
GET /v2/accounts/{account_id}/users/{iam_id}
(userManagement *UserManagementV1) GetUserProfile(getUserProfileOptions *GetUserProfileOptions) (result *UserProfile, response *core.DetailedResponse, err error)
(userManagement *UserManagementV1) GetUserProfileWithContext(ctx context.Context, getUserProfileOptions *GetUserProfileOptions) (result *UserProfile, response *core.DetailedResponse, err error)
ServiceCall<UserProfile> getUserProfile(GetUserProfileOptions getUserProfileOptions)
getUserProfile(params)
get_user_profile(self,
account_id: str,
iam_id: str,
*,
include_activity: str = None,
**kwargs
) -> DetailedResponse
Request
Instantiate the GetUserProfileOptions
struct and set the fields to provide parameter values for the GetUserProfile
method.
Use the GetUserProfileOptions.Builder
to create a GetUserProfileOptions
object that contains the parameter values for the getUserProfile
method.
Path Parameters
The account ID of the specified user.
The user's IAM ID.
Query Parameters
Include activity information of the user, such as the last authentication timestamp.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The GetUserProfile options.
The account ID of the specified user.
The user's IAM ID.
Include activity information of the user, such as the last authentication timestamp.
The getUserProfile options.
The account ID of the specified user.
The user's IAM ID.
Include activity information of the user, such as the last authentication timestamp.
parameters
The account ID of the specified user.
The user's IAM ID.
Include activity information of the user, such as the last authentication timestamp.
parameters
The account ID of the specified user.
The user's IAM ID.
Include activity information of the user, such as the last authentication timestamp.
curl -X GET https://user-management.cloud.ibm.com/v2/accounts/987d4cfd77b04e9b9e1a6asdcc861234/users/IBMid-1000000000 -H 'Authorization: Bearer <IAM_TOKEN>' \
getUserProfileOptions := userManagementService.NewGetUserProfileOptions( accountID, userID, ) userProfile, response, err := userManagementService.GetUserProfile(getUserProfileOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(userProfile, "", " ") fmt.Println(string(b))
GetUserProfileOptions getUserProfileOptions = new GetUserProfileOptions.Builder() .accountId(accountId) .iamId(userId) .build(); Response<UserProfile> response = userManagementService.getUserProfile(getUserProfileOptions).execute(); UserProfile userProfile = response.getResult(); System.out.println(userProfile);
const params = { accountId: accountId, iamId: userId, }; try { const res = await userManagementService.getUserProfile(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
user_profile = user_management_service.get_user_profile( account_id=account_id, iam_id=user_id, ).get_result() print(json.dumps(user_profile, indent=2))
Response
Returned the user profile.
An alphanumeric value identifying the user profile.
An alphanumeric value identifying the user's IAM ID.
The realm of the user. The value is either
IBMid
orSL
.The user ID used for login.
The first name of the user.
The last name of the user.
The state of the user. Possible values are
PROCESSING
,PENDING
,ACTIVE
,DISABLED_CLASSIC_INFRASTRUCTURE
, andVPN_ONLY
.The email address of the user.
The phone number of the user.
The alternative phone number of the user.
A link to a photo of the user.
An alphanumeric value identifying the account ID.
The timestamp for when the user was added to the account.
Returned the user profile.
An alphanumeric value identifying the user profile.
An alphanumeric value identifying the user's IAM ID.
The realm of the user. The value is either
IBMid
orSL
.The user ID used for login.
The first name of the user.
The last name of the user.
The state of the user. Possible values are
PROCESSING
,PENDING
,ACTIVE
,DISABLED_CLASSIC_INFRASTRUCTURE
, andVPN_ONLY
.The email address of the user.
The phone number of the user.
The alternative phone number of the user.
A link to a photo of the user.
An alphanumeric value identifying the account ID.
The timestamp for when the user was added to the account.
Returned the user profile.
An alphanumeric value identifying the user profile.
An alphanumeric value identifying the user's IAM ID.
The realm of the user. The value is either
IBMid
orSL
.The user ID used for login.
The first name of the user.
The last name of the user.
The state of the user. Possible values are
PROCESSING
,PENDING
,ACTIVE
,DISABLED_CLASSIC_INFRASTRUCTURE
, andVPN_ONLY
.The email address of the user.
The phone number of the user.
The alternative phone number of the user.
A link to a photo of the user.
An alphanumeric value identifying the account ID.
The timestamp for when the user was added to the account.
Returned the user profile.
An alphanumeric value identifying the user profile.
An alphanumeric value identifying the user's IAM ID.
The realm of the user. The value is either
IBMid
orSL
.The user ID used for login.
The first name of the user.
The last name of the user.
The state of the user. Possible values are
PROCESSING
,PENDING
,ACTIVE
,DISABLED_CLASSIC_INFRASTRUCTURE
, andVPN_ONLY
.The email address of the user.
The phone number of the user.
The alternative phone number of the user.
A link to a photo of the user.
An alphanumeric value identifying the account ID.
The timestamp for when the user was added to the account.
Returned the user profile.
An alphanumeric value identifying the user profile.
An alphanumeric value identifying the user's IAM ID.
The realm of the user. The value is either
IBMid
orSL
.The user ID used for login.
The first name of the user.
The last name of the user.
The state of the user. Possible values are
PROCESSING
,PENDING
,ACTIVE
,DISABLED_CLASSIC_INFRASTRUCTURE
, andVPN_ONLY
.The email address of the user.
The phone number of the user.
The alternative phone number of the user.
A link to a photo of the user.
An alphanumeric value identifying the account ID.
The timestamp for when the user was added to the account.
Status Code
The user was returned successfully.
Your access token is not valid, or the authenication of your token failed.
Your access token is valid, but it does not have the necessary permissions to access this resource.
The resource could not be found.
Your request could not be processed. Try again later. If the problem persists, note the
transaction-id
in the response header and contact IBM Cloud support.
{ "id": "83699daa4a0d4647b6bef17f9f73c1234", "iam_id": "IBMid-1000000000", "realm": "IBMid", "user_id": "cloud_api_example@ibm.com", "firstname": "firstname", "lastname": "lastname", "state": "ACTIVE", "email": "cloud_api_example@ibm.com", "phonenumber": "1234567890", "altphonenumber": "1234567891", "photo": "https://32a7b.https.cdn.softlayer.net/8032A7B/dal05.objectstorage.softlayer.net/v1/AUTH_f2968d51-d955-4506-8fc5-7345a06eb123/bluemix-photos/", "account_id": "987d4cfd77b04e9b9e1a6asdcc861234", "added_on": "2019-02-13T00:56:59.266Z" }
{ "id": "83699daa4a0d4647b6bef17f9f73c1234", "iam_id": "IBMid-1000000000", "realm": "IBMid", "user_id": "cloud_api_example@ibm.com", "firstname": "firstname", "lastname": "lastname", "state": "ACTIVE", "email": "cloud_api_example@ibm.com", "phonenumber": "1234567890", "altphonenumber": "1234567891", "photo": "https://32a7b.https.cdn.softlayer.net/8032A7B/dal05.objectstorage.softlayer.net/v1/AUTH_f2968d51-d955-4506-8fc5-7345a06eb123/bluemix-photos/", "account_id": "987d4cfd77b04e9b9e1a6asdcc861234", "added_on": "2019-02-13T00:56:59.266Z" }
Partially update user profile
Partially update a user's profile by user's IAM ID. You can use the IAM service token or a user token for authorization. To use this method, the requesting user or service ID must have at least the editor or administrator role on the User Management service. A user or service ID with these roles can change a user's state between ACTIVE
, VPN_ONLY
, or DISABLED_CLASSIC_INFRASTRUCTURE
, but they can't change the state to PROCESSING
or PENDING
because these are system states. For other request body fields, a user can update their own profile without having User Management service permissions.
Partially update a user's profile by user's IAM ID. You can use the IAM service token or a user token for authorization. To use this method, the requesting user or service ID must have at least the editor or administrator role on the User Management service. A user or service ID with these roles can change a user's state between ACTIVE
, VPN_ONLY
, or DISABLED_CLASSIC_INFRASTRUCTURE
, but they can't change the state to PROCESSING
or PENDING
because these are system states. For other request body fields, a user can update their own profile without having User Management service permissions.
Partially update a user's profile by user's IAM ID. You can use the IAM service token or a user token for authorization. To use this method, the requesting user or service ID must have at least the editor or administrator role on the User Management service. A user or service ID with these roles can change a user's state between ACTIVE
, VPN_ONLY
, or DISABLED_CLASSIC_INFRASTRUCTURE
, but they can't change the state to PROCESSING
or PENDING
because these are system states. For other request body fields, a user can update their own profile without having User Management service permissions.
Partially update a user's profile by user's IAM ID. You can use the IAM service token or a user token for authorization. To use this method, the requesting user or service ID must have at least the editor or administrator role on the User Management service. A user or service ID with these roles can change a user's state between ACTIVE
, VPN_ONLY
, or DISABLED_CLASSIC_INFRASTRUCTURE
, but they can't change the state to PROCESSING
or PENDING
because these are system states. For other request body fields, a user can update their own profile without having User Management service permissions.
Partially update a user's profile by user's IAM ID. You can use the IAM service token or a user token for authorization. To use this method, the requesting user or service ID must have at least the editor or administrator role on the User Management service. A user or service ID with these roles can change a user's state between ACTIVE
, VPN_ONLY
, or DISABLED_CLASSIC_INFRASTRUCTURE
, but they can't change the state to PROCESSING
or PENDING
because these are system states. For other request body fields, a user can update their own profile without having User Management service permissions.
PATCH /v2/accounts/{account_id}/users/{iam_id}
(userManagement *UserManagementV1) UpdateUserProfile(updateUserProfileOptions *UpdateUserProfileOptions) (response *core.DetailedResponse, err error)
(userManagement *UserManagementV1) UpdateUserProfileWithContext(ctx context.Context, updateUserProfileOptions *UpdateUserProfileOptions) (response *core.DetailedResponse, err error)
ServiceCall<Void> updateUserProfile(UpdateUserProfileOptions updateUserProfileOptions)
updateUserProfile(params)
update_user_profile(self,
account_id: str,
iam_id: str,
*,
firstname: str = None,
lastname: str = None,
state: str = None,
email: str = None,
phonenumber: str = None,
altphonenumber: str = None,
photo: str = None,
include_activity: str = None,
**kwargs
) -> DetailedResponse
Request
Instantiate the UpdateUserProfileOptions
struct and set the fields to provide parameter values for the UpdateUserProfile
method.
Use the UpdateUserProfileOptions.Builder
to create a UpdateUserProfileOptions
object that contains the parameter values for the updateUserProfile
method.
Path Parameters
The account ID of the specified user.
The user's IAM ID.
Query Parameters
Include activity information of the user, such as the last authentication timestamp.
Request body to update a user profile.
The first name of the user.
The last name of the user.
The state of the user. Possible values are
PROCESSING
,PENDING
,ACTIVE
,DISABLED_CLASSIC_INFRASTRUCTURE
, andVPN_ONLY
.The email address of the user.
The phone number of the user.
The alternative phone number of the user.
A link to a photo of the user.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The UpdateUserProfile options.
The account ID of the specified user.
The user's IAM ID.
The first name of the user.
The last name of the user.
The state of the user. Possible values are
PROCESSING
,PENDING
,ACTIVE
,DISABLED_CLASSIC_INFRASTRUCTURE
, andVPN_ONLY
.The email address of the user.
The phone number of the user.
The alternative phone number of the user.
A link to a photo of the user.
Include activity information of the user, such as the last authentication timestamp.
The updateUserProfile options.
The account ID of the specified user.
The user's IAM ID.
The first name of the user.
The last name of the user.
The state of the user. Possible values are
PROCESSING
,PENDING
,ACTIVE
,DISABLED_CLASSIC_INFRASTRUCTURE
, andVPN_ONLY
.The email address of the user.
The phone number of the user.
The alternative phone number of the user.
A link to a photo of the user.
Include activity information of the user, such as the last authentication timestamp.
parameters
The account ID of the specified user.
The user's IAM ID.
The first name of the user.
The last name of the user.
The state of the user. Possible values are
PROCESSING
,PENDING
,ACTIVE
,DISABLED_CLASSIC_INFRASTRUCTURE
, andVPN_ONLY
.The email address of the user.
The phone number of the user.
The alternative phone number of the user.
A link to a photo of the user.
Include activity information of the user, such as the last authentication timestamp.
parameters
The account ID of the specified user.
The user's IAM ID.
The first name of the user.
The last name of the user.
The state of the user. Possible values are
PROCESSING
,PENDING
,ACTIVE
,DISABLED_CLASSIC_INFRASTRUCTURE
, andVPN_ONLY
.The email address of the user.
The phone number of the user.
The alternative phone number of the user.
A link to a photo of the user.
Include activity information of the user, such as the last authentication timestamp.
curl -X PATCH https://user-management.cloud.ibm.com/v2/accounts/987d4cfd77b04e9b9e1a6asdcc861234/users/IBMid-1000000000 -H 'Authorization: Bearer <IAM_TOKEN>' -H 'Content-Type: application/json' -d '{ "firstname": "TEST1" }'
updateUserProfileOptions := userManagementService.NewUpdateUserProfileOptions( accountID, userID, ) updateUserProfileOptions.SetPhonenumber("123456789") response, err := userManagementService.UpdateUserProfile(updateUserProfileOptions) if err != nil { panic(err) }
UpdateUserProfileOptions updateUserProfileOptions = new UpdateUserProfileOptions.Builder() .accountId(accountId) .iamId(userId) .phonenumber("123456789") .build(); Response<Void> response = userManagementService.updateUserProfile(updateUserProfileOptions).execute();
const params = { accountId: accountId, iamId: userId, phonenumber: '123456789', }; try { await userManagementService.updateUserProfile(params); } catch (err) { console.warn(err); }
response = user_management_service.update_user_profile( account_id=account_id, iam_id=user_id, phonenumber='123456789', ).get_result() print(json.dumps(response, indent=2))
Response
Status Code
The user profile was updated successfully.
The request has an invalid payload.
Your access token is not valid, or the authenication of your token failed.
Your access token is valid, but it does not have the necessary permissions to access this resource.
Your request could not be processed. Try again later. If the problem persists, note the
transaction-id
in the response header and contact IBM Cloud support.
No Sample Response
Remove user from account
Remove users from an account by user's IAM ID. You must use a user token for authorization. Service IDs can't remove users from an account. To use this method, the requesting user must have the editor or administrator role on the User Management service. For more information, see the Removing users documentation.
Remove users from an account by user's IAM ID. You must use a user token for authorization. Service IDs can't remove users from an account. To use this method, the requesting user must have the editor or administrator role on the User Management service. For more information, see the Removing users documentation.
Remove users from an account by user's IAM ID. You must use a user token for authorization. Service IDs can't remove users from an account. To use this method, the requesting user must have the editor or administrator role on the User Management service. For more information, see the Removing users documentation.
Remove users from an account by user's IAM ID. You must use a user token for authorization. Service IDs can't remove users from an account. To use this method, the requesting user must have the editor or administrator role on the User Management service. For more information, see the Removing users documentation.
Remove users from an account by user's IAM ID. You must use a user token for authorization. Service IDs can't remove users from an account. To use this method, the requesting user must have the editor or administrator role on the User Management service. For more information, see the Removing users documentation.
DELETE /v2/accounts/{account_id}/users/{iam_id}
(userManagement *UserManagementV1) RemoveUser(removeUserOptions *RemoveUserOptions) (response *core.DetailedResponse, err error)
(userManagement *UserManagementV1) RemoveUserWithContext(ctx context.Context, removeUserOptions *RemoveUserOptions) (response *core.DetailedResponse, err error)
ServiceCall<Void> removeUser(RemoveUserOptions removeUserOptions)
removeUser(params)
remove_user(self,
account_id: str,
iam_id: str,
*,
include_activity: str = None,
**kwargs
) -> DetailedResponse
Request
Instantiate the RemoveUserOptions
struct and set the fields to provide parameter values for the RemoveUser
method.
Use the RemoveUserOptions.Builder
to create a RemoveUserOptions
object that contains the parameter values for the removeUser
method.
Path Parameters
The account ID of the specified user.
The user's IAM ID.
Query Parameters
Include activity information of the user, such as the last authentication timestamp.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The RemoveUser options.
The account ID of the specified user.
The user's IAM ID.
Include activity information of the user, such as the last authentication timestamp.
The removeUser options.
The account ID of the specified user.
The user's IAM ID.
Include activity information of the user, such as the last authentication timestamp.
parameters
The account ID of the specified user.
The user's IAM ID.
Include activity information of the user, such as the last authentication timestamp.
parameters
The account ID of the specified user.
The user's IAM ID.
Include activity information of the user, such as the last authentication timestamp.
curl -X DELETE https://user-management.cloud.ibm.com/v2/accounts/987d4cfd77b04e9b9e1a6asdcc861234/users/IBMid-1000000000 -H 'Authorization: Bearer <IAM_TOKEN>' -H 'Content-Type: application/json'
removeUserOptions := userManagementService.NewRemoveUserOptions( accountID, deleteUserID, ) response, err := userManagementAdminService.RemoveUser(removeUserOptions) if err != nil { panic(err) }
RemoveUserOptions removeUserOptions = new RemoveUserOptions.Builder() .accountId(accountId) .iamId(deleteUserId) .build(); Response<Void> response = userManagementService.removeUser(removeUserOptions).execute();
const params = { accountId: accountId, iamId: deleteUserId, }; try { await userManagementAdminService.removeUser(params); } catch (err) { console.warn(err); }
response = user_management_admin_service.remove_user( account_id=account_id, iam_id=delete_user_id, ).get_result() print(json.dumps(response, indent=2))
Response
Status Code
The user was removed successfully.
The request has an invalid payload.
Your access token is not valid, or the authenication of your token failed.
Your access token is valid, but it does not have the necessary permissions to access this resource.
Your request could not be processed. Try again later. If the problem persists, note the
transaction-id
in the response header and contact IBM Cloud support.
No Sample Response
Accept an invitation
Accept a user invitation to an account. You can use the user's token for authorization. To use this method, the requesting user must provide the account ID for the account that they are accepting an invitation for. If the user already accepted the invitation request, it returns 204 with no response body.
Accept a user invitation to an account. You can use the user's token for authorization. To use this method, the requesting user must provide the account ID for the account that they are accepting an invitation for. If the user already accepted the invitation request, it returns 204 with no response body.
Accept a user invitation to an account. You can use the user's token for authorization. To use this method, the requesting user must provide the account ID for the account that they are accepting an invitation for. If the user already accepted the invitation request, it returns 204 with no response body.
Accept a user invitation to an account. You can use the user's token for authorization. To use this method, the requesting user must provide the account ID for the account that they are accepting an invitation for. If the user already accepted the invitation request, it returns 204 with no response body.
Accept a user invitation to an account. You can use the user's token for authorization. To use this method, the requesting user must provide the account ID for the account that they are accepting an invitation for. If the user already accepted the invitation request, it returns 204 with no response body.
POST /v2/users/accept
(userManagement *UserManagementV1) Accept(acceptOptions *AcceptOptions) (response *core.DetailedResponse, err error)
(userManagement *UserManagementV1) AcceptWithContext(ctx context.Context, acceptOptions *AcceptOptions) (response *core.DetailedResponse, err error)
ServiceCall<Void> accept(AcceptOptions acceptOptions)
accept(params)
accept(self,
*,
account_id: str = None,
**kwargs
) -> DetailedResponse
Request
Instantiate the AcceptOptions
struct and set the fields to provide parameter values for the Accept
method.
Use the AcceptOptions.Builder
to create a AcceptOptions
object that contains the parameter values for the accept
method.
Request body to accept an invitation.
The account ID.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The Accept options.
The accept options.
parameters
parameters
curl -X POST https://user-management.cloud.ibm.com/v2/users/accept -H 'Authorization: Bearer <IAM_TOKEN>' -H 'Content-Type: application/json' -d '{ "account_id": "<Account ID>" }'
Response
Status Code
The request was accepted.
The request has an invalid payload.
Your access token is not valid, or the authenication of your token failed.
Your access token is valid, but it does not have the necessary permissions to access this resource.
Your request could not be processed. Try again later. If the problem persists, note the
transaction-id
in the response header and contact IBM Cloud support.
No Sample Response
Remove user from account (Asynchronous)
Remove users from an account by using the user's IAM ID. You must use a user token for authorization. Service IDs can't remove users from an account. If removing the user fails it will set the user's state to ERROR_WHILE_DELETING. To use this method, the requesting user must have the editor or administrator role on the User Management service. For more information, see the Removing users documentation.
Remove users from an account by using the user's IAM ID. You must use a user token for authorization. Service IDs can't remove users from an account. If removing the user fails it will set the user's state to ERROR_WHILE_DELETING. To use this method, the requesting user must have the editor or administrator role on the User Management service. For more information, see the Removing users documentation.
Remove users from an account by using the user's IAM ID. You must use a user token for authorization. Service IDs can't remove users from an account. If removing the user fails it will set the user's state to ERROR_WHILE_DELETING. To use this method, the requesting user must have the editor or administrator role on the User Management service. For more information, see the Removing users documentation.
Remove users from an account by using the user's IAM ID. You must use a user token for authorization. Service IDs can't remove users from an account. If removing the user fails it will set the user's state to ERROR_WHILE_DELETING. To use this method, the requesting user must have the editor or administrator role on the User Management service. For more information, see the Removing users documentation.
Remove users from an account by using the user's IAM ID. You must use a user token for authorization. Service IDs can't remove users from an account. If removing the user fails it will set the user's state to ERROR_WHILE_DELETING. To use this method, the requesting user must have the editor or administrator role on the User Management service. For more information, see the Removing users documentation.
DELETE /v3/accounts/{account_id}/users/{iam_id}
(userManagement *UserManagementV1) V3RemoveUser(v3RemoveUserOptions *V3RemoveUserOptions) (response *core.DetailedResponse, err error)
(userManagement *UserManagementV1) V3RemoveUserWithContext(ctx context.Context, v3RemoveUserOptions *V3RemoveUserOptions) (response *core.DetailedResponse, err error)
ServiceCall<Void> v3RemoveUser(V3RemoveUserOptions v3RemoveUserOptions)
v3RemoveUser(params)
v3_remove_user(self,
account_id: str,
iam_id: str,
**kwargs
) -> DetailedResponse
Request
Instantiate the V3RemoveUserOptions
struct and set the fields to provide parameter values for the V3RemoveUser
method.
Use the V3RemoveUserOptions.Builder
to create a V3RemoveUserOptions
object that contains the parameter values for the v3RemoveUser
method.
Path Parameters
The account ID of the specified user.
The user's IAM ID.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The V3RemoveUser options.
The account ID of the specified user.
The user's IAM ID.
The v3RemoveUser options.
The account ID of the specified user.
The user's IAM ID.
parameters
The account ID of the specified user.
The user's IAM ID.
parameters
The account ID of the specified user.
The user's IAM ID.
curl -X DELETE https://user-management.cloud.ibm.com/v3/accounts/987d4cfd77b04e9b9e1a6asdcc861234/users/IBMid-1000000000 -H 'Authorization: Bearer <IAM_TOKEN>' -H 'Content-Type: application/json'
Response
Status Code
The request was accepted.
The request has an invalid payload.
Your access token is not valid, or the authenication of your token failed.
Your access token is valid, but it does not have the necessary permissions to access this resource.
Your request could not be processed. Try again later. If the problem persists, note the
transaction-id
in the response header and contact IBM Cloud support.
No Sample Response
Bulk remove users from account
Bulk remove users from an account by specifying the users' IAM IDs. The API supports removing up to 50 users at a time. You must use a user token for authorization. Service IDs can't remove users from an account. If a partial failure occurs on deletion, the response is shown in the body. If removing any user fails, it will set the user's state to ERROR_WHILE_DELETING. To use this method, the requesting user must have the editor or administrator role on the User Management service. For more information, see Removing users documentation.
POST /v2/accounts/{account_id}/users_bulk_delete
Request
Path Parameters
The account ID of the specified users.
Request body to bulk remove users.
The list of user IAM IDs
curl -X POST https://user-management.cloud.ibm.com/v2/accounts/987d4cfd77b04e9b9e1a6asdcc861234/users_bulk_delete -H 'Authorization: Bearer <IAM_TOKEN>' -H 'Content-Type: application/json' -d '{ "users": ["IBMid-123456789", "IBMid-123409929"]}'
Response
Response to bulk remove users.
An alphanumeric value identifying the account ID.
The iam_ids removed from the account.
Status Code
There is a multiple status response. Check the response body.
The request has an invalid payload.
Your access token is not valid, or the authenication of your token failed.
Your access token is valid, but it does not have the necessary permissions to access this resource.
Your request could not be processed. Try again later. If the problem persists, note the
transaction-id
in the response header and contact IBM Cloud support.
{ "account_id": "a99628bcfb2e40e7b7d6a70412412f", "users": [ { "iam_id": "IBMid-06000260JS", "status_code": 204 }, { "iam_id": "IBMid-MPR1260JS", "trace": "12345678-abcd-1a2b-a1b2-1234567890ab", "errors": [ { "code": "error_occurred", "message": "Failed to delete the user" } ], "status_code": 503 } ] }
Get user settings
Retrieve a user's settings by the user's IAM ID. You can use the IAM service token or a user token for authorization. To use this method, the requesting user or service ID must have the viewer, editor, or administrator role on the User Management service.
The user settings have several fields. The language
field is the language setting for the user interface display language. The notification_language
field is the language setting for phone and email notifications. The allowed_ip_addresses
field specifies a list of IP addresses that the user can log in and perform operations from as described in Allowing specific IP addresses for a user. For information about the self_manage
field, review information about the user-managed login setting.
Retrieve a user's settings by the user's IAM ID. You can use the IAM service token or a user token for authorization. To use this method, the requesting user or service ID must have the viewer, editor, or administrator role on the User Management service.
The user settings have several fields. The language
field is the language setting for the user interface display language. The notification_language
field is the language setting for phone and email notifications. The allowed_ip_addresses
field specifies a list of IP addresses that the user can log in and perform operations from as described in Allowing specific IP addresses for a user. For information about the self_manage
field, review information about the user-managed login setting.
Retrieve a user's settings by the user's IAM ID. You can use the IAM service token or a user token for authorization. To use this method, the requesting user or service ID must have the viewer, editor, or administrator role on the User Management service.
The user settings have several fields. The language
field is the language setting for the user interface display language. The notification_language
field is the language setting for phone and email notifications. The allowed_ip_addresses
field specifies a list of IP addresses that the user can log in and perform operations from as described in Allowing specific IP addresses for a user. For information about the self_manage
field, review information about the user-managed login setting.
Retrieve a user's settings by the user's IAM ID. You can use the IAM service token or a user token for authorization. To use this method, the requesting user or service ID must have the viewer, editor, or administrator role on the User Management service.
The user settings have several fields. The language
field is the language setting for the user interface display language. The notification_language
field is the language setting for phone and email notifications. The allowed_ip_addresses
field specifies a list of IP addresses that the user can log in and perform operations from as described in Allowing specific IP addresses for a user. For information about the self_manage
field, review information about the user-managed login setting.
Retrieve a user's settings by the user's IAM ID. You can use the IAM service token or a user token for authorization. To use this method, the requesting user or service ID must have the viewer, editor, or administrator role on the User Management service.
The user settings have several fields. The language
field is the language setting for the user interface display language. The notification_language
field is the language setting for phone and email notifications. The allowed_ip_addresses
field specifies a list of IP addresses that the user can log in and perform operations from as described in Allowing specific IP addresses for a user. For information about the self_manage
field, review information about the user-managed login setting.
GET /v2/accounts/{account_id}/users/{iam_id}/settings
(userManagement *UserManagementV1) GetUserSettings(getUserSettingsOptions *GetUserSettingsOptions) (result *UserSettings, response *core.DetailedResponse, err error)
(userManagement *UserManagementV1) GetUserSettingsWithContext(ctx context.Context, getUserSettingsOptions *GetUserSettingsOptions) (result *UserSettings, response *core.DetailedResponse, err error)
ServiceCall<UserSettings> getUserSettings(GetUserSettingsOptions getUserSettingsOptions)
getUserSettings(params)
get_user_settings(self,
account_id: str,
iam_id: str,
**kwargs
) -> DetailedResponse
Request
Instantiate the GetUserSettingsOptions
struct and set the fields to provide parameter values for the GetUserSettings
method.
Use the GetUserSettingsOptions.Builder
to create a GetUserSettingsOptions
object that contains the parameter values for the getUserSettings
method.
Path Parameters
The account ID of the specified user.
The user's IAM ID.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The GetUserSettings options.
The account ID of the specified user.
The user's IAM ID.
The getUserSettings options.
The account ID of the specified user.
The user's IAM ID.
parameters
The account ID of the specified user.
The user's IAM ID.
parameters
The account ID of the specified user.
The user's IAM ID.
curl -X GET https://user-management.cloud.ibm.com/v2/accounts/987d4cfd77b04e9b9e1a6asdcc861234/users/IBMid-1000000000/settings -H 'Authorization: Bearer <IAM_TOKEN>' \
getUserSettingsOptions := userManagementService.NewGetUserSettingsOptions( accountID, userID, ) userSettings, response, err := userManagementService.GetUserSettings(getUserSettingsOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(userSettings, "", " ") fmt.Println(string(b))
GetUserSettingsOptions getUserSettingsOptions = new GetUserSettingsOptions.Builder() .accountId(accountId) .iamId(userId) .build(); Response<UserSettings> response = userManagementService.getUserSettings(getUserSettingsOptions).execute(); UserSettings userSettings = response.getResult(); System.out.println(userSettings);
const params = { accountId: accountId, iamId: userId, }; try { const res = await userManagementService.getUserSettings(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
user_settings = user_management_service.get_user_settings( account_id=account_id, iam_id=user_id, ).get_result() print(json.dumps(user_settings, indent=2))
Response
The user settings returned.
The console UI language. By default, this field is empty.
The language for email and phone notifications. By default, this field is empty.
A comma-separated list of IP addresses.
Example:
32.96.110.50,172.16.254.1
Whether user managed login is enabled. The default value is
false
.
The user settings returned.
The console UI language. By default, this field is empty.
The language for email and phone notifications. By default, this field is empty.
A comma-separated list of IP addresses.
Examples:32.96.110.50,172.16.254.1
Whether user managed login is enabled. The default value is
false
.
The user settings returned.
The console UI language. By default, this field is empty.
The language for email and phone notifications. By default, this field is empty.
A comma-separated list of IP addresses.
Examples:32.96.110.50,172.16.254.1
Whether user managed login is enabled. The default value is
false
.
The user settings returned.
The console UI language. By default, this field is empty.
The language for email and phone notifications. By default, this field is empty.
A comma-separated list of IP addresses.
Examples:32.96.110.50,172.16.254.1
Whether user managed login is enabled. The default value is
false
.
The user settings returned.
The console UI language. By default, this field is empty.
The language for email and phone notifications. By default, this field is empty.
A comma-separated list of IP addresses.
Examples:32.96.110.50,172.16.254.1
Whether user managed login is enabled. The default value is
false
.
Status Code
The user settings were retrieved successfully.
Your access token is not valid, or the authenication of your token failed.
Your access token is valid, but it does not have the necessary permissions to access this resource.
The resource could not be found.
Your request could not be processed. Try again later. If the problem persists, note the
transaction-id
in the response header and contact IBM Cloud support.
{ "language": "", "notification_language": "", "allowed_ip_addresses": "111.111.111.111", "self_manage": true }
{ "language": "", "notification_language": "", "allowed_ip_addresses": "111.111.111.111", "self_manage": true }
Partially update user settings
Update a user's settings by the user's IAM ID. You can use the IAM service token or a user token for authorization. To fully use this method, the user or service ID must have the editor or administrator role on the User Management service. Without these roles, a user can update only their own language
or notification_language
fields. If self_manage
is true
, the user can also update the allowed_ip_addresses
field.
Update a user's settings by the user's IAM ID. You can use the IAM service token or a user token for authorization. To fully use this method, the user or service ID must have the editor or administrator role on the User Management service. Without these roles, a user can update only their own language
or notification_language
fields. If self_manage
is true
, the user can also update the allowed_ip_addresses
field.
Update a user's settings by the user's IAM ID. You can use the IAM service token or a user token for authorization. To fully use this method, the user or service ID must have the editor or administrator role on the User Management service. Without these roles, a user can update only their own language
or notification_language
fields. If self_manage
is true
, the user can also update the allowed_ip_addresses
field.
Update a user's settings by the user's IAM ID. You can use the IAM service token or a user token for authorization. To fully use this method, the user or service ID must have the editor or administrator role on the User Management service. Without these roles, a user can update only their own language
or notification_language
fields. If self_manage
is true
, the user can also update the allowed_ip_addresses
field.
Update a user's settings by the user's IAM ID. You can use the IAM service token or a user token for authorization. To fully use this method, the user or service ID must have the editor or administrator role on the User Management service. Without these roles, a user can update only their own language
or notification_language
fields. If self_manage
is true
, the user can also update the allowed_ip_addresses
field.
PATCH /v2/accounts/{account_id}/users/{iam_id}/settings
(userManagement *UserManagementV1) UpdateUserSettings(updateUserSettingsOptions *UpdateUserSettingsOptions) (response *core.DetailedResponse, err error)
(userManagement *UserManagementV1) UpdateUserSettingsWithContext(ctx context.Context, updateUserSettingsOptions *UpdateUserSettingsOptions) (response *core.DetailedResponse, err error)
ServiceCall<Void> updateUserSettings(UpdateUserSettingsOptions updateUserSettingsOptions)
updateUserSettings(params)
update_user_settings(self,
account_id: str,
iam_id: str,
*,
language: str = None,
notification_language: str = None,
allowed_ip_addresses: str = None,
self_manage: bool = None,
**kwargs
) -> DetailedResponse
Request
Instantiate the UpdateUserSettingsOptions
struct and set the fields to provide parameter values for the UpdateUserSettings
method.
Use the UpdateUserSettingsOptions.Builder
to create a UpdateUserSettingsOptions
object that contains the parameter values for the updateUserSettings
method.
Path Parameters
The account ID of the specified user.
The user's IAM ID.
The user settings returned.
The console UI language. By default, this field is empty.
The language for email and phone notifications. By default, this field is empty.
A comma-separated list of IP addresses.
Example:
32.96.110.50,172.16.254.1
Whether user managed login is enabled. The default value is
false
.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The UpdateUserSettings options.
The account ID of the specified user.
The user's IAM ID.
The console UI language. By default, this field is empty.
The language for email and phone notifications. By default, this field is empty.
A comma-separated list of IP addresses.
Examples:32.96.110.50,172.16.254.1
Whether user managed login is enabled. The default value is
false
.
The updateUserSettings options.
The account ID of the specified user.
The user's IAM ID.
The console UI language. By default, this field is empty.
The language for email and phone notifications. By default, this field is empty.
A comma-separated list of IP addresses.
Examples:32.96.110.50,172.16.254.1
Whether user managed login is enabled. The default value is
false
.
parameters
The account ID of the specified user.
The user's IAM ID.
The console UI language. By default, this field is empty.
The language for email and phone notifications. By default, this field is empty.
A comma-separated list of IP addresses.
Examples:Whether user managed login is enabled. The default value is
false
.
parameters
The account ID of the specified user.
The user's IAM ID.
The console UI language. By default, this field is empty.
The language for email and phone notifications. By default, this field is empty.
A comma-separated list of IP addresses.
Examples:Whether user managed login is enabled. The default value is
false
.
curl -X PATCH https://user-management.cloud.ibm.com/v2/accounts/987d4cfd77b04e9b9e1a6asdcc861234/users/IBMid-1000000000/settings -H 'Authorization: Bearer <IAM_TOKEN>' -H 'Content-Type: application/json' -d '{ "language": "en-us" }'
updateUserSettingsOptions := userManagementService.NewUpdateUserSettingsOptions( accountID, userID, ) updateUserSettingsOptions.SetSelfManage(true) updateUserSettingsOptions.SetAllowedIPAddresses("192.168.0.2,192.168.0.3") response, err := userManagementService.UpdateUserSettings(updateUserSettingsOptions) if err != nil { panic(err) }
UpdateUserSettingsOptions updateUserSettingsOptions = new UpdateUserSettingsOptions.Builder() .accountId(accountId) .iamId(userId) .selfManage(true) .allowedIpAddresses("192.168.0.2,192.168.0.3") .build(); Response<Void> response = userManagementService.updateUserSettings(updateUserSettingsOptions).execute();
const params = { accountId: accountId, iamId: userId, selfManage: true, allowedIpAddresses: '192.168.0.2,192.168.0.3', }; try { await userManagementService.updateUserSettings(params); } catch (err) { console.warn(err); }
response = user_management_service.update_user_settings( account_id=account_id, iam_id=user_id, self_manage=True, allowed_ip_addresses='192.168.0.2,192.168.0.3', ).get_result() print(json.dumps(response, indent=2))
Response
Status Code
The user settings were updated successfully.
Your access token is not valid, or the authenication of your token failed.
Your access token is valid, but it does not have the necessary permissions to access this resource.
The resource could not be found.
Your request could not be processed. Try again later. If the problem persists, note the
transaction-id
in the response header and contact IBM Cloud support.