The sample shows the PATCH /environments/{environmentId}/users/{userId} operation to update existing attribute properties. For the PATCH operation, the update operation targets only those attribute values specified in the request body.

Attributes omitted from the request body are not updated or removed. If the user does not have update access to an attribute, a 403 Forbidden error is returned if an update is attempted for that attribute.

Users who are not authenticating with PingOne must be assigned an identity provider with the attribute. If is not provided, PingOne is set as the default identity provider. The identityProvider.type value is read-only, and its value is dependent on the value of If is not provided, the default value of identityProvider.type is PING_ONE.

Important: Users who authenticate with an authoritative identity provider cannot self-service modify their account. The scopes p1:update:user and p1:read:user:{suffix} are not granted for these users. For additional information on scopes, see Access services through scopes and roles.