Users


Users

A user resource is a unique identity within PingOne that interacts with the applications and services in the environment to which the user is assigned. The users service implements directory functions to create, read, update, delete, and search for user resources. Users are associated with an environment and a population.

The examples below show common actions to find and manage users, user passwords, and user role assignments. You need the Identity Data Admin role to perform operations on users resources.

Filtering data

You can filter response data by applying a SCIM filtering expression to the GET request URL. For large collections, a filtering expression appended to the query returns a targeted, more useful data set. For example, this URL-encoded SCIM filter returns users with a last name of “Smith” and a first name that starts with the letter “W”:

https://api.pingone.com/v1/environments/b7372995-824b-44ff-99f8-ab151dac3263/users?filter=name.family%20eq%20%22Smith%22%20and%20name.given%20sw%20%22W%22"

These SCIM operators can be applied to the following attributes:

  • eq (equals)

    Supported attributes: accountId, address.streetAddress, address.locality, address.region, address.postalCode, address.countryCode, email, enabled, externalId, locale, mobilePhone, name.formatted, name.given, name.middle, name.family, name.honorificPrefix, name.honorificSuffix, nickname, population.id, photo.href, preferredLanguage, primaryPhone, timezone, title, type, username

  • sw (starts with)

    Supported attributes: accountId, address.streetAddress, address.locality, address.region, address.postalCode, address.countryCode, email, enabled, externalId, locale, mobilePhone, name.formatted, name.given, name.middle, name.family, name.honorificPrefix, name.honorificSuffix, nickname, photo.href, preferredLanguage, primaryPhone, timezone, title, type, username

  • and (logical AND)

    Logical AND for building compound expressions in which both expressions are true.

  • or (logical OR)

    Logical OR for building compound expressions if either expression is true.

You can also use custom user schema string attributes in a filtering expression to fine-tune the user response data. For more information about custom attributes, see Schemas. For more information about SCIM syntax and operators, see Conventions.

Users API operations

The users endpoints support the following operations:

For hands-on experience with the users API endpoints, click the Run in Postman button below to download a Postman collection that you can import and open in your local Postman application.

Users data model

Property Description
accountId A string that specifies the user’s account ID, which is optional. This may be explicitly set to null when updating a user to unset it. This attribute is organization-specific and has no special meaning within the PingOne platform. The string can contain only characters from a standard set of allowed characters. (regex: ^[\\p{L}\\p{M}\\p{N}\\p{Z}\\p{P}\\r\\n]*$). It can have a length of no more than 256 characters (min/max=1/256).
address.countryCode A string that specifies the country name component. When specified, the value must be in ISO 3166-1 “alpha-2” code format [ISO3166]. For example, the country codes for the United States and Sweden are “US” and “SE”, respectively. Valid characters consist of two upper-case letters (regex: [A-Z]{2}).
address.locality A string that specifies the city or locality component of the address. The string can contain only characters from a standard set of allowed characters. (regex: ^[\\p{L}\\p{M}\\p{N}\\p{Z}\\p{P}\\r\\n]*$). It can have a length of no more than 256 characters (min/max=1/256).
address.postalCode A string that specifies the zip code or postal code component of the address. The string can contain only characters from a standard set of allowed characters. (regex: ^[\\p{L}\\p{M}\\p{N}\\p{Z}\\p{P}\\r\\n]*$). It can have a length of no more than 40 characters (min/max=1/40).
address.region A string that specifies the state or region component of the address. The string can contain only characters from a standard set of allowed characters. (regex: ^[\\p{L}\\p{M}\\p{N}\\p{Z}\\p{P}\\r\\n]*$). It can have a length of no more than 256 characters (min/max=1/256).
address.streetAddress A string that specifies the full street address component, which may include house number, street name, P.O. box, and multi-line extended street address information. This attribute may contain newlines (regex: ^[\p{L}\p{M}\p{N}\p{Z}\p{P}\r\n]*$). It can have a length of no more than 256 characters (min/max=1/256).
createdAt The time the resource was created.
email A string that specifies the user’s email address, which must be provided and valid. For more information about email address formatting, see section 3.4 of RFC 2822, Internet Message Format.
enabled A read-only boolean attribute that specifies whether the user is enabled. This attribute is set to ‘true’ by default when the user is created.
environment.id A string that specifies the environment resource’s unique identifier associated with the user.
externalId A string that specifies an identifier for the user resource as defined by the provisioning client. This is optional. This may be explicitly set to null when updating a user to unset it. The externalId attribute simplifies the correlation of the user in PingOne with the user’s account in another system of record. The platform does not use this attribute directly in any way, but it is used by Ping Identity’s Data Sync product. It can have a length of no more than 1024 characters (min/max=1/1024).
id A string that specifies the user resource’s unique identifier.
lifecycle.status A string that specifies information about the account lifecycle. Options for status are ACCOUNT_OK and VERIFICATION_REQUIRED. This property value is only allowed to be set when importing a user to set the initial account status. If the initial status is set to VERIFICATION_REQUIRED and an email address is provided, a verification email is sent.
locale A string that specifies the user’s default location, which is optional. This may be explicitly set to null when updating a user to unset it. This is used for purposes of localizing such items as currency, date time format, or numerical representations. If provided, it must be a valid language tag as defined in RFC 5646. The following are example tags: fr, en-US, es-419, az-Arab, man-Nkoo-GN. The string can contain only characters from a standard set of allowed characters. (regex: ^[\\p{L}\\p{M}\\p{N}\\p{Z}\\p{P}\\r\\n]*$). It can have a length of no more than 256 characters (min/max=1/256).
mfaEnabled A read-only boolean attribute that specifies whether multi-factor authentication is enabled. This attribute is set to ‘false’ by default when the user is created.
mobilePhone A string that specifies the user’s mobile phone number, which is optional. This might also match the primaryPhone attribute. This may be explicitly set to null when updating a user to unset it. Valid phone numbers must have at least one number and a maximum character length of 32.
name.family A string that specifies the family name of the user, or Last in most Western languages (for example, ‘Jensen’ given the full name ‘Ms. Barbara J Jensen, III’). This may be explicitly set to null when updating a name to unset it. Valid characters consist of any Unicode letter, mark (for example, accent, umlaut), space, dot, apostrophe, or hyphen (regex: ^[\p{L}\p{M}\p{N}' .-]*$). It can have a length of no more than 256 characters (min/max=1/256).
name.formatted A string that specifies the fully formatted name of the user (for example ‘Ms. Barbara J Jensen, III’). This can be explicitly set to null when updating a name to unset it. Valid characters consist of any Unicode letter, mark (for example, accent, umlaut), space, dot, apostrophe, or hyphen (regex: ^[\p{L}\p{M}\p{N}' .-]*$). It can have a length of no more than 256 characters (min/max=1/256).
name.given A string that specifies the given name of the user, or First in most Western languages (for example, ‘Barbara’ given the full name ‘Ms. Barbara J Jensen, III’). This may be explicitly set to null when updating a name to unset it. Valid characters consist of any Unicode letter, mark (for example, accent, umlaut), space, dot, apostrophe, or hyphen (regex: ^[\p{L}\p{M}\p{N}' .-]*$). It can have a length of no more than 256 characters (min/max=1/256).
name.honorificPrefix A string that specifies the honorific prefix(es) of the user, or title in most Western languages (for example, ‘Ms.’ given the full name ‘Ms. Barbara Jane Jensen, III’). This can be explicitly set to null when updating a name to unset it.
name.honorificSuffix A string that specifies the honorific suffix(es) of the user, or suffix in most Western languages (for example, ‘III’ given the full name ‘Ms. Barbara Jane Jensen, III’). This can be explicitly set to null when updating a name to unset it.
name.middle A string that specifies the the middle name(s) of the user (for exmple, ‘Jane’ given the full name ‘Ms. Barbara Jane Jensen, III’). This can be explicitly set to null when updating a name to unset it. Valid characters consist of any Unicode letter, mark (for example, accent, umlaut), space, dot, apostrophe, or hyphen (regex: ^[\p{L}\p{M}\p{N}' .-]*$). It can have a length of no more than 256 characters (min/max=1/256).
nickname A string that specifies the user’s nickname, which is optional. This can be explicitly set to null when updating a user to unset it. Valid characters consist of any Unicode letter, mark (for example, accent, umlaut), space, dot, apostrophe, or hyphen (regex: ^[\p{L}\p{M}\p{N}' .-]*$). It can have a length of no more than 256 characters (min/max=1/256).
photo.href A string that specifies the URI that is a uniform resource locator (as defined in Section 1.1.3 of RFC 3986) that points to a resource location representing the user’s image. This can be removed from a user by setting the photo attribute to null. If provided, the resource must be a file (for example, a GIF, JPEG, or PNG image file) rather than a web page containing an image. It must be a valid URL that starts with the HTTP or HTTPS scheme.
population.id A string that specifies the identifier of the population resource associated with the user.
preferredLanguage A string that specifies the user’s preferred written or spoken languages, which are optional. This may be explicitly set to null when updating a user to unset it. If provided, the format of the value must be a valid language range and the same as the HTTP Accept-Language header field (not including Accept-Language:) and is specified in Section 5.3.5 of RFC 7231. For example: en-US, en-gb;q=0.8, en;q=0.7.
primaryPhone A string that specifies the user’s primary phone number, which is optional. This might also match the mobilePhone attribute. This may be explicitly set to null when updating a user to unset it. Valid phone numbers must have at least one number and a maximum character length of 32.
timezone A string that specifies the user’s time zone, which is optional. This can be explicitly set to null when updating a user to unset it. If provided, it must conform with the IANA Time Zone database format [RFC6557], also known as the “Olson” time zone database format [Olson-TZ] for example, “America/Los_Angeles” (regex: ^\w+\/\w+$).
title A string that specifies the user’s title, which is optional, such as “Vice President”. This can be explicitly set to null when updating a user to unset it. The string can contain only characters from a standard set of allowed characters. (regex: ^[\\p{L}\\p{M}\\p{N}\\p{Z}\\p{P}\\r\\n]*$). It can have a length of no more than 256 characters (min/max=1/256).
type A string that specifies the user’s type, which is optional. This can be explicitly set to null when updating a user to unset it. This attribute is organization-specific and has no special meaning within the PingOne platform. It could have values of “Contractor”, “Employee”, “Intern”, “Temp”, “External”, and “Unknown”. The string can contain only characters from a standard set of allowed characters. (regex: ^[\\p{L}\\p{M}\\p{N}\\p{Z}\\p{P}\\r\\n]*$). It can have a length of no more than 256 characters (min/max=1/256).
updatedAt The time the resource was last updated.
username A string that specifies the user name, which must be provided and must be unique within an environment. The username must either be a well-formed email address or a string that can contain only characters from a standard set of allowed characters. (regex: ^[\\p{L}\\p{M}\\p{N}\\p{Z}\\p{P}\\r\\n]*$). It can have a length of no more than 128 characters (min/max=1/128).

Response codes

Code Message
200 Successful operation.
201 Successfully created.
204 Successfully removed. No content.
400 The request could not be completed.
401 You do not have access to this resource.
404 The requested resource was not found.

Endpoint examples

Get users

The following sample shows the GET /environments/{environmentId}/users operation to return a list of all user resources for the specified environment.

curl -X "GET" "https://api.pingone.com/v1/environments/{environmentId}/users" \
-H 'Authorization: Bearer jwtToken'

The response data looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users?limit=100"
        },
        "next": {
            "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users?limit=100&cursor=MIIBCgIEmOkcFQSCAQAwgf0EK19fcHNldWRvLWJhY2tlbmQgZm9yIHN1YnRyZWUgdmlldyBvPXBpbmdvbmUEgc0wgcoECHVzZXJSb290BIG9ZW50cnl1dWlkPTA0MjEyNTI4LWY0MjAtNDkwZi05MmMwLTA4NWMxZmIwZmVlOSxvdT11c2VycyxlbnRyeXV1aWQ9MDE3OTJjNjktZGY0Yy00NGU4LTk0ZTYtNDVjMzliNzYyYWUwLG91PXBvcHVsYXRpb25zLHBvLWVudmlkPTg4YzIzZGVmLTM5YzktNDY0Ni04ZDQxLWFhOTFhMTRhMTAwNixvdT1lbnZpcm9ubWVudHMsbz1waW5nb25l"
        }
    },
    "_embedded": {
        "users": [
            {
                "_links": {
                    "self": {
                        "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users/00151075-f35e-41a5-a450-9d195217fad8"
                    },
                    "password": {
                        "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users/00151075-f35e-41a5-a450-9d195217fad8/password"
                    },
                    "password.set": {
                        "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users/00151075-f35e-41a5-a450-9d195217fad8/password"
                    },
                    "password.reset": {
                        "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users/00151075-f35e-41a5-a450-9d195217fad8/password"
                    },
                    "password.check": {
                        "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users/00151075-f35e-41a5-a450-9d195217fad8/password"
                    },
                    "password.recover": {
                        "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users/00151075-f35e-41a5-a450-9d195217fad8/password"
                    },
                    "account.sendVerificationCode": {
                        "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users/00151075-f35e-41a5-a450-9d195217fad8"
                    }
                },
                "id": "00151075-f35e-41a5-a450-9d195217fad8",
                "environment": {
                    "id": "88c23def-39c9-4646-8d41-aa91a14a1006"
                },
                "population": {
                    "id": "01792c69-df4c-44e8-94e6-45c39b762ae0"
                },
                "_embedded": {
                    "password": {
                        "status": "PASSWORD_EXPIRED"
                    }
                },
                "account": {
                    "warnings": [
                        "PASSWORD_EXPIRED"
                    ]
                },
                "createdAt": "2018-08-30T05:35:15.887Z",
                "email": "do-not-send@pingidentity.com",
                "enabled": true,
                "lifecycle": {
                    "status": "ACCOUNT_OK"
                },
                "mfaEnabled": true,
                "name": {
                    "formatted": "Ihqyvjw Cqljpn",
                    "given": "Ihqyvjw",
                    "family": "Cqljpn"
                },
                "updatedAt": "2018-09-06T17:18:16.147Z",
                "username": "c535d1d2-7a49-4080-9713-0c7d338fb563@pingidentity.com"
            },
            {
                "_links": {
                    "self": {
                        "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users/0019b354-355d-4ce1-9143-16f35017aac9"
                    },
                    "password": {
                        "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users/0019b354-355d-4ce1-9143-16f35017aac9/password"
                    },
                    "password.set": {
                        "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users/0019b354-355d-4ce1-9143-16f35017aac9/password"
                    },
                    "password.reset": {
                        "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users/0019b354-355d-4ce1-9143-16f35017aac9/password"
                    },
                    "password.check": {
                        "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users/0019b354-355d-4ce1-9143-16f35017aac9/password"
                    },
                    "password.recover": {
                        "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users/0019b354-355d-4ce1-9143-16f35017aac9/password"
                    },
                    "account.sendVerificationCode": {
                        "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users/0019b354-355d-4ce1-9143-16f35017aac9"
                    }
                },
                "id": "0019b354-355d-4ce1-9143-16f35017aac9",
                "environment": {
                    "id": "88c23def-39c9-4646-8d41-aa91a14a1006"
                },
                "population": {
                    "id": "01792c69-df4c-44e8-94e6-45c39b762ae0"
                },
                "_embedded": {
                    "password": {
                        "status": "PASSWORD_EXPIRED"
                    }
                },
                "account": {
                    "warnings": [
                        "PASSWORD_EXPIRED"
                    ]
                },
                "createdAt": "2018-08-25T13:52:22.132Z",
                "email": "do-not-send@pingidentity.com",
                "enabled": true,
                "lifecycle": {
                    "status": "ACCOUNT_OK"
                },
                "mfaEnabled": false,
                "name": {
                    "formatted": "Vwxbis Xeqc",
                    "given": "Vwxbis",
                    "family": "Xeqc"
                },
                "updatedAt": "2018-08-25T13:52:53.533Z",
                "username": "9cRo12jj"
            },
  "count" : 2,
  "size" : 2
}

Get one user

To get data for a single user resource, the GET /environments/{environmentId}/users/{userId} operation returns data only for the user resource with the ID specified in the request URL.

curl -X GET "https://api.pingone.com/v1/environments/{environmentId}/users/{userId}" \
-H "Authorization: Bearer jwtToken"

The response data looks like this:

{
    "_links": {
        "self": {
            "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users/8ce55f02-2077-4493-9a6d-0385df1f0772"
        },
        "environment": {
            "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006"
        },
        "population": {
            "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/populations/a6c45799-8cec-4f69-8be9-e38c7bbdd7e4"
        },
        "devices": {
            "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users/8ce55f02-2077-4493-9a6d-0385df1f0772/devices"
        },
        "roleAssignments": {
            "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users/8ce55f02-2077-4493-9a6d-0385df1f0772/roleAssignments"
        },
        "password": {
            "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users/8ce55f02-2077-4493-9a6d-0385df1f0772/password"
        },
        "password.reset": {
            "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users/8ce55f02-2077-4493-9a6d-0385df1f0772/password"
        },
        "password.set": {
            "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users/8ce55f02-2077-4493-9a6d-0385df1f0772/password"
        },
        "password.check": {
            "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users/8ce55f02-2077-4493-9a6d-0385df1f0772/password"
        },
        "password.recover": {
            "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users/8ce55f02-2077-4493-9a6d-0385df1f0772/password"
        },
        "account.sendVerificationCode": {
            "href": "https://api.pingone.com/v1/environments/88c23def-39c9-4646-8d41-aa91a14a1006/users/8ce55f02-2077-4493-9a6d-0385df1f0772"
        }
    },
    "id": "8ce55f02-2077-4493-9a6d-0385df1f0772",
    "environment": {
        "id": "88c23def-39c9-4646-8d41-aa91a14a1006"
    },
    "population": {
        "id": "a6c45799-8cec-4f69-8be9-e38c7bbdd7e4"
    },
    "createdAt": "2019-03-15T17:49:55.567Z",
    "email": "me@example.com",
    "enabled": true,
    "lifecycle": {
        "status": "ACCOUNT_OK"
    },
    "mfaEnabled": false,
    "name": {
        "given": "Lyman",
        "family": "Stone"
    },
    "updatedAt": "2019-03-15T17:49:55.567Z",
    "username": "jlymanstone"
}

Create a user

The following sample shows the POST /environments/{environmentId}/users operation to add a new user resource to the specified environment. This operation creates a new user but does not support an attribute to set the new user’s password. To create a user and set the password, see Import a user.

curl -X "POST" "https://api.pingone.com/v1/environments/{environmentId}/users" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken' \
-d '{
    "email": "lindajones@example.com",
    "name": {
        "given": "Linda",
        "family": "Jones"
    },
    "population": {
        "id": "{popID}"
    },
    "username": "lindajones"
}'

New users must be assigned to a population resource identified by its ID, and the request must set values for the username and email attributes. If successful, the response returns a 201 Successfully created message and shows the new user resource’s property data.

Import a user

The import users operation gives privileged applications the ability to create a new user and set the user’s password. The password attribute in this operation uses the same format for specifying passwords as the set password request, allowing both cleartext and pre-encoded password values. This endpoint requires the Identity Data Admin role.

The following sample shows the POST /environments/{environmentId}/users operation to import a new user resource to the specified environment. This operation uses the application/vnd.pingidentity.user.import+json custom content type in the request header.

curl -X "POST" "https://api.pingone.com/v1/environments/{environmentId}/users" \
-H 'Content-type: application/vnd.pingidentity.user.import+json' \
-H 'Authorization: Bearer jwtToken' \
-d $'{
  "email":"angelamontero@pingidentity.com",
  "name":{  
     "given":"angela",
     "family":"montero"
  },
  "population":{  
     "id":"87972995-664b-11ff-99f8-qw341dac3667"
  },
  "username":"angelamontero",
  "password":{
     "value": "{SSHA512}UkGWfORubNKFpFBWh+Lgy4FrciclzUXneuryV+B+zBDR4Gqd5wvMqAvKRixgQWoZlZUgq8Wh40uMK3s6bWpzWt1/TqQH02hX",
     "forceChange": false
  }
 }'

New users must be assigned to a population resource identified by its ID, and the request must set values for the username and email attributes. In addition, this operation supports the password attribute, which can accept a pre-encoded password value and a forceChange value of false. If successful, the response returns a 201 Successfully created message and shows the new user resource’s property data.

For more information about pre-encoded passwords, see Set password. For import operations, if a pre-encoded password is not accepted by PingOne, then it does not conform to the supported encoding schemes described in the Set password topic.

Update a user

You can use the PUT /environments/{environmentId}/users/{userId} operation to update existing attribute properties. For PUT requests, the update operation removes any existing attribute property values omitted from the request body.

curl -X "PUT" "https://api.pingone.com/v1/environments/{environmentId}/users/{userId}" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken' \
-d $'{
    "username": "joe@example.com",
    "name": {
        "formatted": "Joe Smith",
        "given": "Joe",
        "middle": "H.",
        "family": "Smith",
        "honorificPrefix": "Dr.",
        "honorificSuffix": "IV"
    },
    "nickname": "Putty",
    "title": "Senior Director",
    "preferredLanguage": "en-gb;q=0.8, en;q=0.7",
    "locale": "en-gb",
    "email": "joe@example.com",
    "primaryPhone": "+1.2225554444",
    "mobilePhone": "+1.4445552222",
    "photo": {
        "href": "<url-to-image>"
    },
    "address": {
        "streetAddress": "123 Main Street",
        "locality": "Springfield",
        "region": "WA",
        "postalCode": "98701",
        "countryCode": "US"
    },
    "accountId": "5",
    "type": "tele",
    "timezone": "America/Los_Angeles"
}'

The response data shows the updates for all attribute values specified in the request body.

Partial update

The following sample shows the PATCH /environments/{environmentId}/users/{userId} operation to update existing attribute properties. For the PATCH operation, the update operation targets only those attribute values specified in the request body. Attributes omitted from the request body are not updated or removed.

curl -X "PATCH" "https://api.pingone.com/v1/environments/{environmentId}/users/{userId}" \
-H 'Content-type: application/json' \
-H 'Authorization: Bearer jwtToken' \
-d $'{
    "username": "joesmith@example.com",
    "email": "joesmith@example.com"
}'

Verify a user

The verified property indicates whether the user has been verified through email or sms. When a user resource is created, the lifecycle.status property can be set to VERIFICATION_REQUIRED. If this property is set to VERIFICATION_REQUIRED, a verification code is sent to the email address provided in the user resource’s email property to verify the account.

The following sample shows the POST /environments/{envId}/users/{userId} operation to send a verification email with a verification code to an unverified user. This operation uses the application/vnd.pingidentity.user.verify+json custom content type in the request header.

curl -X "POST" "https://api.pingone.com/v1/environments/{envId}/users/{userId}" \
-H 'Content-type: application/vnd.pingidentity.user.verify+json' \
-H 'Authorization: Bearer jwtToken' \
-d $'{
  "verificationCode": <code>
}'

If the user loses or did not receive the verification code, a new verification code can be sent using the POST /environments/{envId}/users/{userId} operation. For the code resend operation, the application/vnd.pingidentity.user.sendVerificationCode+json custom content type is required in the request header.

curl -X "POST" "https://api.pingone.com/v1/environments/{envId}/users/{userId}" \
-H 'Content-type: application/vnd.pingidentity.user.sendVerificationCode+json' \
-H 'Authorization: Bearer jwtToken' \
-d $'{
  "verificationCode": <code>
}'

Delete a user

To delete a user resource from the directory, you need to specify the environment and user IDs.

The following sample shows the DELETE /environments/{environmentId}/users/{userId} operation to remove the specified user resource from the directory.

curl -X "DELETE" "https://api.pingone.com/v1/environments/{environmentId}/users/{userId}" \
-H 'Authorization: Bearer jwtToken'

For successful delete operations, a 204 NO CONTENT message is returned by the request.