API Reference/Management/Users
POST
/v2/mgmt/user/search

Authorization

AuthorizationRequiredBearer <token>

< Project ID >:< Management Key > as bearer

In: header

Request Body

application/jsonRequired
loginIdstring
tenantIdsarray<string>
roleNamesarray<string>
limitinteger
Format: "int32"
textstring
pageinteger
Format: "int32"
ssoOnlyboolean
Default: false
withTestUserboolean
testUsersOnlyboolean
Default: false
customAttributesobject
statusesarray<string>
emailsarray<string>
phonesarray<string>
ssoAppIdsarray<string>
sortarray<object>
loginIdsarray<string>
fromCreatedTimestring
toCreatedTimestring
fromModifiedTimestring
toModifiedTimestring
userIdsarray<string>
scimOnlyboolean
tenantRoleIdsobject
tenantRoleNamesobject
includeSubTenantsboolean
curl -X POST "https://api.descope.com/v2/mgmt/user/search" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "loginId": "string",
    "tenantIds": [
      "string"
    ],
    "roleNames": [
      "string"
    ],
    "limit": 0,
    "text": "string",
    "page": 0,
    "ssoOnly": false,
    "withTestUser": true,
    "testUsersOnly": false,
    "customAttributes": {},
    "statuses": [
      "string"
    ],
    "emails": [
      "string"
    ],
    "phones": [
      "string"
    ],
    "ssoAppIds": [
      "string"
    ],
    "sort": [
      {
        "field": "string",
        "desc": true
      }
    ],
    "loginIds": [
      "string"
    ],
    "fromCreatedTime": "string",
    "toCreatedTime": "string",
    "fromModifiedTime": "string",
    "toModifiedTime": "string",
    "userIds": [
      "string"
    ],
    "scimOnly": true,
    "tenantRoleIds": {
      "property1": {
        "values": [
          "string"
        ],
        "and": true
      },
      "property2": {
        "values": [
          "string"
        ],
        "and": true
      }
    },
    "tenantRoleNames": {
      "property1": {
        "values": [
          "string"
        ],
        "and": true
      },
      "property2": {
        "values": [
          "string"
        ],
        "and": true
      }
    },
    "includeSubTenants": true
  }'

OK

{
  "users": [
    {
      "loginIds": [
        "string"
      ],
      "userId": "string",
      "name": "string",
      "email": "string",
      "phone": "string",
      "verifiedEmail": true,
      "verifiedPhone": true,
      "roleNames": [
        "string"
      ],
      "userTenants": [
        {
          "tenantId": "string",
          "roleNames": [
            "string"
          ],
          "tenantName": "string"
        }
      ],
      "status": "string",
      "externalIds": [
        "string"
      ],
      "picture": "string",
      "test": false,
      "customAttributes": {},
      "createdTime": 0,
      "TOTP": false,
      "SAML": false,
      "OAuth": {
        "property1": false,
        "property2": false
      },
      "webauthn": true,
      "password": true,
      "ssoAppIds": [
        "string"
      ],
      "givenName": "string",
      "middleName": "string",
      "familyName": "string",
      "editable": true,
      "SCIM": true,
      "push": true
    }
  ],
  "total": 0
}

Was this helpful?

Get User Provider Token GET

### Get an existing user's provider token, using a valid management key. This API endpoint will loads the user's access token generated by the OAuth/OIDC provider, using a valid management key. When querying for OAuth providers, this only applies when utilizing your own account with the provider and have selected `Manage tokens from provider` selected under the [social auth methods](https://app.descope.com/settings/authentication/social). ### Query Params - `loginId` - The loginId of the user you want to get the provider token for. - `provider` - The provider you want to get the token for. - `withRefreshToken (optional)` - set to true to also return the refresh token. - `forceRefresh (optional)` - set to true to force a refresh of the token. ### See also - See [Manage Users](/manage/users) for further details on managing users. - See [The User Object](/api/overview#the-user-object) for further details on the user object. - See [Provider Options](/auth-methods/oauth#social-login-oauth-providers) for a the out of the box list of providers. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <ProjectId:ManagementKey>`

Get User's Login History POST

### Get an user's login history, using a valid management key. This API endpoint will loads the user's login history based on the user's userId. ### See also - See [Manage Users](/manage/users) for further details on managing users. - See [The User Object](/api/overview#the-user-object) for further details on the user object. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <ProjectId:ManagementKey>`