POST
/v1/mgmt/user/create

Authorization

Descope Project ID and Management Key
AuthorizationBearer <token>

Project ID:Management Key as bearer token.

In: header

Request Body

application/json

loginId?string
email?string
phone?string
verifiedEmail?boolean
verifiedPhone?boolean
name?string
roleNames?array<string>
string
userTenants?array<managementv1.AssociatedTenant>
invite?boolean
test?boolean
Defaultfalse
customAttributes?object

Custom attributes as key-value pairs. Keys must be strings; values can be strings, numbers, booleans, or arrays.

Example{ "attribute-key": "attribute-value" }
picture?string
sendMail?boolean
sendSMS?boolean
additionalIdentifiers?array<string>
string
inviteUrl?string
password?string
hashedPassword?object
givenName?string
middleName?string
familyName?string
ssoAppIds?array<string>
string
templateOptions?object
status?string
recoveryEmail?string
recoveryPhone?string
verifiedRecoveryEmail?boolean
verifiedRecoveryPhone?boolean
locale?string

Create a new user, using a valid management key.

This API endpoint will create a new user utilizing a valid management key.

This API endpoint allows you to configure all aspects of a user:

  • loginId
  • email
  • phone
  • verified settings (phone, email) - one must be set to true
  • displayName
  • roleNames
  • Tenant configurations - which tenantIds, which roleNames. The userTenants can include multiple items Ex:
"userTenants": [
{
  "tenantId": "T2IMjmRfYTQHlbaastz3im59ERS3",
  "roleNames": [
    "Test"
  ]
},
{
  "tenantId": "T2Igau6dX1R6SkomtFCdBLrc3r67",
  "roleNames": [
    "Test"
  ]
}

Additionally, you can create a user with multiple login IDs by passing an array of loginIds in string format within the additionalIdentifiers key.

Next Steps

Once the user is created, the user can then login utilizing any sign-in api supported. This will then switch the user from invited to active.

See also

curl -X POST "https://api.descope.com/v1/mgmt/user/create" \  -H "Content-Type: application/json" \  -d '{}'
{  "user": {    "loginIds": [      "string"    ],    "userId": "string",    "name": "string",    "email": "string",    "phone": "string",    "verifiedEmail": true,    "verifiedPhone": true,    "roleNames": [      "string"    ],    "userTenants": [      {        "tenantId": "string",        "roleNames": [          "string"        ],        "tenantName": "string",        "permissions": [          "string"        ],        "roleIds": [          "string"        ]      }    ],    "status": "string",    "externalIds": [      "string"    ],    "picture": "string",    "test": false,    "customAttributes": {      "attribute-key": "attribute-value"    },    "createdTime": 0,    "TOTP": false,    "SAML": false,    "OAuth": {      "property1": false,      "property2": false    },    "webauthn": true,    "password": true,    "ssoAppIds": [      "string"    ],    "givenName": "string",    "middleName": "string",    "familyName": "string",    "editable": true,    "SCIM": true,    "push": true,    "permissions": [      "string"    ],    "OIDC": true,    "consentExpiration": 0,    "recoveryEmail": "string",    "verifiedRecoveryEmail": true,    "recoveryPhone": "string",    "verifiedRecoveryPhone": true,    "modifiedTime": 0,    "roleIds": [      "string"    ]  },  "created": true}
export interface Response {user?: {loginIds?: string[]userId?: stringname?: stringemail?: stringphone?: stringverifiedEmail?: booleanverifiedPhone?: booleanroleNames?: string[]userTenants?: UserTenants[]status?: stringexternalIds?: string[]picture?: stringtest?: boolean/** * Custom attributes as key-value pairs. Keys must be strings; values can be strings, numbers, booleans, or arrays. */customAttributes?: {[k: string]: string}createdTime?: numberTOTP?: booleanSAML?: booleanOAuth?: {[k: string]: boolean}webauthn?: booleanpassword?: booleanssoAppIds?: string[]givenName?: stringmiddleName?: stringfamilyName?: stringeditable?: booleanSCIM?: booleanpush?: booleanpermissions?: string[]OIDC?: booleanconsentExpiration?: numberrecoveryEmail?: stringverifiedRecoveryEmail?: booleanrecoveryPhone?: stringverifiedRecoveryPhone?: booleanmodifiedTime?: number/** * roleIds holds the IDs of this entry's roles. Order is NOT guaranteed to match *  roleNames — do not pair them by index. Use roleIds or roleNames independently. */roleIds?: string[]}created?: boolean}export interface UserTenants {tenantId?: stringroleNames?: string[]tenantName?: stringpermissions?: string[]/** * roleIds holds the IDs of this entry's roles. Order is NOT guaranteed to match *  roleNames — do not pair them by index. Use roleIds or roleNames independently. */roleIds?: string[]}
Was this helpful?

Search Users POST

### Search for users, using a valid management key. This API endpoint will search for users utilizing a valid management key. Searches can be defined with any combination of roles or tenants. You can also only send the request with an empty payload to return all users. The response will include the following details on all users within an array of objects: - loginIds - userId - name - email - phone - verified settings (phone, email) - Tenant configurations (tenantIds, roleNames) ### Next Steps You can then parse through the response in order to find any users which you may need to delete, update, etc. ### See also - See [Manage Users](/manage/users) for further details on managing users. - See [The User Object](/api/overview#the-user-object) for further details on the user object.

Batch Create Users POST

### Batch Create Users, using a valid management key. This API endpoint will batch create new users utilizing a valid management key. This API endpoint allows you to configure all aspects of a user: - loginId - email - phone - verified settings (phone, email) - one must be set to true - displayName - roleNames - Tenant configurations - which tenantIds, which roleNames. The userTenants can include multiple items Ex: ``` "userTenants": [ { "tenantId": "T2IMjmRfYTQHlbaastz3im59ERS3", "roleNames": [ "Test" ] }, { "tenantId": "T2Igau6dX1R6SkomtFCdBLrc3r67", "roleNames": [ "Test" ] } ``` Additionally, you can create a user with multiple login IDs by passing an array of loginIds in string format within the `additionalIdentifiers` key. You can also decide whether to invite the users, configure the inviteUrl, and whether to send invites via email or SMS. When importing with hashed passwords, see [this guide](/migrate/custom#importing-passwords) for further detailed configuration of password hash formats. ### Next Steps Once the user is created, the user can then login utilizing any sign-in api supported. This will then switch the user from invited to active. ### See also - See [Manage User](/manage/users) for further details on managing users. - See [The User Object](/api/overview#the-user-object) for further details on the user object.