A user resource is a unique identity within PingOne that interacts with the applications and services in the environment to which the user is assigned. The users service implements directory functions to create, read, update, delete, and search for user resources. Users are associated with an environment and a population.

Managing user accounts

The base endpoint, /environment/{envID}/users, enables directory operations to create and manage user accounts, including assigning the user to a population, assigning user roles, and unlocking a user account. It also supports an import capability that gives privileged applications the ability to create a new user and set the user’s password.

For more information, see:

Password management

The password management endpoints provide functions to set, update, unlock, and recover a user’s password.

For more information, see User Passwords.

MFA device management

The MFA device endpoints enable the user’s MFA capability and specify MFA devices associated with the user account.

For more information, see:

User agreement consent management

The /environments/{{envID}}/users/{{userID}}/agreementConsents endpoint provides directory operations to read, accept, and revoke an an agreement associated with a user account.

For more information, see User Agreement Consents.

User ID verification

The /environments/{{envID}}/users/{{userID}}/verifyTransactions endpoint provides directory operations to create, read, update, and delete an ID verification transaction record associated with a user.

For more information, see User ID verification.

You need the Identity Data Admin role to perform operations on users resources.