The sample shows the PATCH /environments/{{envID}}/users/{{userID}} operation to update existing attribute properties. For the PATCH operation, the update operation targets only those attribute values specified in the request body.

Attributes omitted from the request body are not updated or removed. If the user does not have update access to an attribute, a 403 Forbidden error is returned if an update is attempted for that attribute.

All values for attributes with multiValued set to true are replaced with the provided data. For example, if a user has the following data set for the locales attribute:

{
    ...,
    "locales": ["London", "Sydney"],
    ...
}

and the PATCH operation is called with the following body:

{
    "locales": ["Tel Aviv"]
}

then the result would be the user’s locales value set to a one-value array consisting of “Tel Aviv”. Any user-initiated updates to the value will also replace the entire array. No merging is possible.

Users who are not authenticating with PingOne must be assigned an identity provider with the identityProvider.id attribute. If identityProvider.id is not provided, PingOne is set as the default identity provider. The identityProvider.type value is read-only, and its value is dependent on the value of identityProvider.id. If identityProvider.id is not provided, the default value of identityProvider.type is PING_ONE.

Important: Users who authenticate with an authoritative identity provider cannot self-service modify their account. The scopes p1:update:user and p1:read:user:{suffix} are not granted for these users. For additional information on scopes, see Access services through scopes and roles.

Note: For PATCH requests that modify custom JSON user attributes, the update operation replaces only those elements that are specified in the request body. This behavior follows standard JSON merge patch rules as specified by the Internet Engineering Task Force (IETF). For more information, see sections 2 and 3 of RFC 7396: JSON Merge Patch.

Note: You can enable multi-factor authentication by setting mfaEnabled to true with POST Create User, POST Create User (Import), or PUT Update User MFA Enabled. You cannot update mfaEnabled with PUT Update User or PATCH Update User.

Prerequisites

See Users and User Operations for important overview information.

Request model

Property	Type	Required?
`accountId`	String	Optional
`address.streetAddress`	String	Optional
`address.countryCode`	String	Optional
`address.locality`	String	Optional
`address.region`	String	Optional
`address.postalCode`	String	Optional
`address.zipCode`	String	Optional
`email`	String	Optional
`locale`	Array [String]	Optional
`mobilePhone`	String	Optional
`name.given`	String	Optional
`name.family`	String	Optional
`name.middle`	String	Optional
`name.honorificPrefix`	String	Optional
`name.honorificSuffix`	String	Optional
`name.formatted`	String	Optional
`nickname`	String	Optional
`photo.href`	String	Optional
`population.id`	String	Required
`preferredLanguage`	String	Optional
`primaryPhone`	String	Optional
`timeZone`	String	Optional
`title`	String	Optional
`type`	String	Optional
`username`	String	Optional

See the User operations data model for full property descriptions.