The import users operation gives privileged applications the ability to create a new user and set the user’s password. The password attribute in this operation uses the same format for specifying passwords as the set password request, allowing both cleartext and pre-encoded password values. This endpoint requires the Identity Data Admin role.

The POST /environments/{environmentId}/users operation imports a new user resource to the specified environment. This operation uses the application/vnd.pingidentity.user.import+json custom content type in the request header.

New users must be assigned to a population resource identified by its ID, and the request must set a value for the username attribute. In addition, this operation supports the password attribute, which can accept a pre-encoded password value and a forceChange value of false.

username must be unique to an environment (spanning populations). Access to populations is determined by roles. It’s possible that username conflicts may arise, if you or your worker application attempt to create a user that exists in a population to which you have no access.

New users who are not authenticating with PingOne must be assigned an identity provider with the attribute. If is not provided, PingOne is set as the default identity provider. The identityProvider.type value is read-only, and its value is dependent on the value of If is not provided, the default value of identityProvider.type is PING_ONE.

If successful, the response returns a 201 Successfully created message and shows the new user resource’s property data.

For more information about pre-encoded passwords, see Set password. For import operations, if a pre-encoded password is not accepted by PingOne, then it does not conform to the supported encoding schemes described in the Set password topic.