API Reference/Management/Users
POST
/v2/mgmt/user/search

Authorization

AuthorizationRequiredBearer <token>

< Project ID >:< Management Key > as bearer

In: header

Request Body

application/jsonRequired
loginIdstring

Search for specific login ID

tenantIdsarray<string>

If not empty then users must be members of at least one of these tenants

roleNamesarray<string>

If not empty then users must have one of the specified roles

limitinteger

Default is 100 if not specified

Format: "int32"
textstring

Full text search across relevant columns

pageinteger

Page number starting with 0 for the first page

Format: "int32"
ssoOnlyboolean

Bring only users that have SSO external IDs

Default: false
withTestUserboolean

Return also users which are test users

testUsersOnlyboolean

Return only test users

Default: false
customAttributesobject

Search for users with these custom attributes. Custom attributes filter should have string keys (attribute names that were configured for the user). Values should be either strings, ints or bools or lists (arrays) of strings, ints or bools for multiple matches.

statusesarray<string>

If not empty then users must be in one of those statuses

emailsarray<string>
phonesarray<string>
ssoAppIdsarray<string>
sortarray<object>
loginIdsarray<string>
fromCreatedTimestring
toCreatedTimestring
fromModifiedTimestring
toModifiedTimestring
userIdsarray<string>
scimOnlyboolean

Bring only users that provisioned or updated by SCIM

curl -X POST "https://api.descope.com/v2/mgmt/user/search" \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "loginId": "string",
    "tenantIds": [
      "string"
    ],
    "roleNames": [
      "string"
    ],
    "limit": 0,
    "text": "string",
    "page": 0,
    "ssoOnly": false,
    "withTestUser": true,
    "testUsersOnly": false,
    "customAttributes": {},
    "statuses": [
      "string"
    ],
    "emails": [
      "string"
    ],
    "phones": [
      "string"
    ],
    "ssoAppIds": [
      "string"
    ],
    "sort": [
      {
        "field": "string",
        "desc": true
      }
    ],
    "loginIds": [
      "string"
    ],
    "fromCreatedTime": "string",
    "toCreatedTime": "string",
    "fromModifiedTime": "string",
    "toModifiedTime": "string",
    "userIds": [
      "string"
    ],
    "scimOnly": true
  }'

OK

{
  "users": [
    {
      "loginIds": [
        "string"
      ],
      "userId": "string",
      "name": "string",
      "email": "string",
      "phone": "string",
      "verifiedEmail": true,
      "verifiedPhone": true,
      "roleNames": [
        "string"
      ],
      "userTenants": [
        {
          "tenantId": "string",
          "roleNames": [
            "string"
          ],
          "tenantName": "string"
        }
      ],
      "status": "string",
      "externalIds": [
        "string"
      ],
      "picture": "string",
      "test": false,
      "customAttributes": {},
      "createdTime": 0,
      "TOTP": false,
      "SAML": false,
      "OAuth": {
        "property1": false,
        "property2": false
      },
      "webauthn": true,
      "password": true,
      "ssoAppIds": [
        "string"
      ],
      "givenName": "string",
      "middleName": "string",
      "familyName": "string",
      "editable": true,
      "SCIM": true
    }
  ],
  "total": 0
}

Was this helpful?

Get User Provider Token GET

### Get an existing user's provider token, using a valid management key. This API endpoint will loads the user's access token generated by the OAuth/OIDC provider, using a valid management key. When querying for OAuth providers, this only applies when utilizing your own account with the provider and have selected `Manage tokens from provider` selected under the [social auth methods](https://app.descope.com/settings/authentication/social). ### Query Params - `loginId` - The loginId of the user you want to get the provider token for. - `provider` - The provider you want to get the token for. - `withRefreshToken (optional)` - set to true to also return the refresh token. - `forceRefresh (optional)` - set to true to force a refresh of the token. ### See also - See [Manage Users](/manage/users) for further details on managing users. - See [The User Object](/api/overview#the-user-object) for further details on the user object. - See [Provider Options](/auth-methods/oauth#social-login-oauth-providers) for a the out of the box list of providers. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <ProjectId:ManagementKey>`

Get User's Login History POST

### Get an user's login history, using a valid management key. This API endpoint will loads the user's login history based on the user's userId. ### See also - See [Manage Users](/manage/users) for further details on managing users. - See [The User Object](/api/overview#the-user-object) for further details on the user object. ### Endpoint Authentication Use authorization bearer header with the following format: `Authorization: Bearer <ProjectId:ManagementKey>`