Management/Users

Users with SDKs

You can use Descope management SDK for common user management operations like create user, update user, delete user, etc... The management SDK requires a management key, which can be generated here.

Install SDK

Terminal
npm i --save @descope/node-sdk

Import and initialize Management SDK

import DescopeClient from '@descope/node-sdk';
 
const managementKey = "xxxx"
 
try{
    //  baseUrl="<URL>" // When initializing the Descope clientyou can also configure the baseUrl ex: https://auth.company.com  - this is useful when you utilize CNAME within your Descope project.
    const descopeClient = DescopeClient({ projectId: '__ProjectID__', managementKey: managementKey });
} catch (error) {
    // handle the error
    console.log("failed to initialize: " + error)
}
 
// Note that you can handle async operation failures and capture specific errors to customize errors.
//     An example can be found here: https://github.com/descope/node-sdk?tab=readme-ov-file#error-handling

Create User

This operation creates a new user within the project with the details provided. Create will not send an invite. If you want to send an invite on creation, use Invite User.

// Args:
//    loginId (str): user login_id.
//    email (str): Optional user email address.
//    phone (str): Optional user phone number.
//    displayName (str): Optional user display name.
const user = {"loginId": "email@company.com", "displayName": "Joe Person", "phone": "+15555555555", "email": "email@company.com"}
//    userTenants (List[UserTenants]): An optional list of the user's tenants, and optionally, their roles per tenant. These roles are mutually exclusive with the general `role_names`, and take precedence over them.
const userTenants = [{ tenantId: 'TestTenant', roleNames: ['TestRole'] }]
//    roleNames (List[str]): An optional list of the user's roles without tenant association. These roles are mutually exclusive with the `user_tenant` roles, which take precedence over them.
const roleNames = ["TestRole1"]
//   customAttributes (dict): Optional, set the different custom attributes values of the keys that were previously configured in Descope console app
const customAttributes = {"attribute1": "Value 1", "attribute2": "Value 2"}
//   picture (str): Optional url for user picture
const picture = "xxxx"
//   verifiedEmail (bool): Set to true for the user to be able to login with the email address.
const verifiedEmail = true // or false
//   verifiedPhone (bool): Set to true for the user to be able to login with the phone number.
const verifiedPhone = true // or false
//   additionalLoginIds (optional List[str]): An optional list of additional login IDs to associate with the user
const additionalLoginIds = ["MyUserName", "+12223334455"]
 
// A user must have a login ID, other fields are optional. Roles should be set directly if no tenants exist, otherwise set on a per-tenant basis.
const resp = await descopeClient.management.user.create(
  user["loginId"],
  user["email"],
  user["phone"],
  user["displayName"],
  roles,
  null, // userTenants if applicable
  customAttributes,
  null // picture if applicable,
  verifiedEmail,
  verifiedPhone,
  additionalLoginIds
);
if (!resp.ok) {
  console.log("Failed to create user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully created user.")
  console.log(resp.data)
}

Batch Create Users

This operation batch creates (optionally invites) new users within the project with the details provided. Create will not send an invite. If you want to send an invite on creation, use Invite User.

// Args:
//    users (array of Descope Users)
//      loginId (str): user login_id.
//      email (str): Optional user email address.
//      phone (str): Optional user phone number.
//      displayName (str): Optional user display name.
//      roles (List[str]): An optional list of the user's roles without tenant association. These roles are mutually exclusive with the `user_tenant` roles, which take precedence over them.
//      userTenants (List[UserTenants]): An optional list of the user's tenants, and optionally, their roles per tenant. These roles are mutually exclusive with the general `role_names`, and take precedence over them.
//      customAttributes (dict): Optional, set the different custom attributes values of the keys that were previously configured in Descope console app
//      picture (str): Optional url for user picture
//      verifiedEmail (bool): Set to true for the user to be able to login with the email address.
//      verifiedPhone (bool): Set to true for the user to be able to login with the phone number.
//      test (bool): Set to true if creating a test user, otherwise false
//      additionalLoginIds (optional List[str]): An optional list of additional login IDs to associate with the user
const users = [
  {
    loginId: 'email2@company.com',
    email: 'email2@company.com',
    phone: '+15555555555',
    displayName: 'Joe Person',
    userTenants: [{ tenantId: 'TestTenant', roleNames: ['TestRole'] }],
    customAttributes: {"attribute1": "Value 1", "attribute2": "Value 2"},
    picture: "https://xxxx.co/img",
    verifiedEmail: true,
    verifiedPhone: true,
    test: false,
    additionalLoginIds = ["MyUserName", "+12223334455"]
  },
  {
    loginId: 'email@company.com',
    email: 'email@company.com',
    phone: '+15556667777',
    displayName: 'Desmond Copeland',
    userTenants: [{ tenantId: 'TestTenant', roleNames: ['TestRole'] }],
    customAttributes: {"attribute1": "Value 1", "attribute2": "Value 2"},
    picture: "https://xxxx.co/img",
    verifiedEmail: true,
    verifiedPhone: true,
    test: false,
    additionalLoginIds = ["MyUserName", "+12223334455"]
  }
]
//    sendMail (bool): true or false for sending invite via email
const sendMail = true
//    sendSMS (bool): true or false for sending invite via SMS
const sendSMS = false
//    inviteUrl // URL to include in user invitation for the user to sign in with
const inviteUrl = "https://company.com/sign-in"
 
const resp = await descopeClient.management.user.inviteBatch(
  users,
  inviteUrl,
  sendMail,
  sendSMS
);
if (!resp.ok) {
  console.log("Failed to batch create invite users.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully batch created users.")
  console.log(resp.data)
}

Invite User

This operation creates a new user within the project with the details provided. This method also sends the invite to the user.

Note

When inviting users from the SDK, the default connector and template configured within Project Settings will be used, unless a different template Id is specified. Currently, when using the Java SDK, only the default connector and template can be used.

// Args:
//    loginId (str): user login_id.
//    email (str): Optional user email address.
//    phone (str): Optional user phone number.
//    displayName (str): Optional user display name.
const user = {"loginId": "email@company.com", "displayName": "Joe Person", "phone": "+", "email": "email@company.com"}
//    userTenants (List[UserTenants]): An optional list of the user's tenants, and optionally, their roles per tenant. These roles are mutually exclusive with the general `role_names`, and take precedence over them.
const userTenants = [{ tenantId: 'TestTenant', roleNames: ['TestRole'] }]
//    roleNames (List[str]): An optional list of the user's roles without tenant association. These roles are mutually exclusive with the `user_tenant` roles, which take precedence over them.
const roleNames = ["TestRole1"]
//   customAttributes (dict): Optional, set the different custom attributes values of the keys that were previously configured in Descope console app
const customAttributes = {"attribute1": "Value 1", "attribute2": "Value 2"}
//   templateOptions (dict): Optional, set different template options values of the keys
const templateOptions = {"option1": "Value 1", "option2": "Value 2"}
//   picture (str): Optional url for user picture
const picture = "xxxx"
//   verifiedEmail (bool): Set to true for the user to be able to login with the email address.
const verifiedEmail = true // or false
//   verifiedPhone (bool): Set to true for the user to be able to login with the phone number.
const verifiedPhone = true // or false
//   inviteUrl // URL to include in user invitation for the user to sign in with
const inviteUrl = "https://company.com/sign-in"
//    sendMail (bool): true or false for sending invite via email
const sendMail = true
//    sendSMS (bool): true or false for sending invite via SMS
const sendSMS = false
//   additionalLoginIds (optional List[str]): An optional list of additional login IDs to associate with the user
const additionalLoginIds = ["MyUserName", "+12223334455"]
// templateId (str): Optional template Id for the invitation message
const templateId = "my-template-id"
 
// A user must have a login ID, other fields are optional. Roles should be set directly if no tenants exist, otherwise set on a per-tenant basis.
const resp = await descopeClient.management.user.invite(
  user["loginId"],
  user["email"],
  user["phone"],
  user["displayName"],
  roles,
  null, // userTenants if applicable
  customAttributes,
  templateOptions,
  null // picture if applicable,
  verifiedEmail,
  verifiedPhone,
  inviteUrl,
  sendMail,
  sendSMS,
  additionalLoginIds,
  templateId
);
if (!resp.ok) {
  console.log("Failed to invite user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully invited user.")
  console.log(resp.data)
}

Update User

This operation updates an existing user with the details provided. It is important to note that all parameters are used as overrides to the existing user; empty fields will override populated fields.

// Args:
//     loginId (str): The login_id of the user to update.
//     email (str): Optional user email address.
//     phoneNumber (str): Optional user phone number.
//     displayName (str): Optional user display name.
const user = {"loginId": "email@company.com", "displayName": "Joe Person", "phone": "+15555555555", "email": "email@company.com"}
//     userTenants (List[UserTenants]): An optional list of the user's tenants, and optionally, their roles per tenant. These roles are mutually exclusive with the general `role_names`, and take precedence over them.
const userTenants = [{ tenantId: 'TestTenant2', roleNames: ['TestRole1'] }]
//     roleNames (List[str]): An optional list of the user's roles without tenant association. These roles are mutually exclusive with the `user_tenant` roles, which take precedence over the general roles.
const roleNames = ["TestRole1", "TestRole2", "TestRole3"]
//    customAttributes: Record<string, AttributesTypes>: Update users with certain custom attributes
const customAttributes = {"mycustomattribute": "Test"}
//   picture (str): Optional url to user avatar. Leave empty to remove.
const picture = "https://example.com/picture.png"
//   verifiedEmail (bool): Set to true for the user to be able to login with the email address.
const verifiedEmail = true // or false
//   verifiedPhone (bool): Set to true for the user to be able to login with the phone number.
const verifiedPhone = true // or false
const newPhone = "+12222222222"
const newEmail = "updateEmail@email.com"
//   additionalLoginIds (optional List[str]): An optional list of additional login IDs to associate with the user
const additionalLoginIds = ["MyUserName", "+12223334455"]
 
const resp = await descopeClient.management.user.update(
  user["loginId"],
  newEmail,
  newPhone,
  user["displayName"],
  // You can update with userTenants or roles, not both in the same action
  roles,
  null, // userTenants,
  customAttributes,
  picture,
  verifiedEmail,
  verifiedPhone,
  additionalLoginIds
);
if (!resp.ok) {
  console.log("Failed to update user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully updated user.")
  console.log(resp.data)
}

Load Existing User Details

This operation loads the details of an existing user.

Note

Suppose you frequently load a user for a specific user detail, such as their email address or a particular custom attribute. In that case, you can save execution time and additional API/SDK calls to load the user by adding the items to the custom claim. For details on adding items to the custom claims, see this documentation.

// Args:
//    loginId (str): The login_id of the user to be loaded.
const loginId = "xxxx"
 
let resp = await descopeClient.management.user.load(loginId)
if (!resp.ok) {
  console.log("Failed to load user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully loaded user.")
  console.log(resp.data)
}
 
// If needed, users can be loaded using the user_id as well. The response is the same as above.
const userId = "xxxx"
 
resp = await descopeClient.management.user.loadByUserId(userId)
if (!resp.ok) {
  console.log("Failed to load user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully loaded user.")
  console.log(resp.data)
}

Get User's Login History

Retrieve users' authentication history, by the given user's ids.

// Args:
//    userIds (list[str]): user IDs to load history for.
const userIds = ["xxxx", "yyyy"]
 
 
const resp = await descopeClient.management.user.history(userIds);
if (!resp.ok) {
  console.log("Failed to load users history.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully loaded users history.")
  console.log(resp.data)
}

Load Existing User's Provider Token

This operation loads the user's access token generated by the OAuth/OIDC provider, using a valid management key. When querying for OAuth providers, this only applies when utilizing your own account with the provider and have selected Manage tokens from provider selected under the social auth methods.

// Args:
//    loginId (str): The login_id of the user to be loaded.
const loginId = "xxxx"
//    provider (str): The provider name (google, facebook, etc')
const provider = "google"
 
const resp = await descopeClient.management.user.getProviderToken(loginId, provider)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to load user's provider token.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully loaded user's provider token.")
  console.log(resp.data)
}

Search Users

This operation returns user details based on the applicable search.

// Args:
//  tenantIds (List[str]): Optional list of tenant IDs to filter by
const tenantIds = ["Test1", "Test2", "Test3"]
//  roleNames (List[str]): Optional list of role names to filter by
const roleNames = ["TestRole1", "TestRole2", "TestRole3"]
//  limit (int): Optional limit of the number of users returned. Leave empty for default.
const limit = 1
//   page (int): Optional pagination control. Pages start at 0 and must be non-negative.
const page = 0
//    testUsersOnly: boolean: Given true, it will only return test users.
const testUsersOnly = false
//    withTestUser: boolean: Given true, it will also return test users. False will omit test users.
const withTestUser = true
//    customAttributes: Record<string, AttributesTypes>: Searches users with certain custom attributes
const customAttributes = {"mycustomattribute": "Test"}
//    statuses (List[str]): a list of statuses to search users for, the options are: "invited", "enabled", "disabled"
const statuses = ["invited", "enabled", "disabled"]
//    emails (List[str]): Optional list of emails to search for
const emails = ["email@company.com"]
//    phones (List[str]): Optional list of phones to search for
const phones = ["+12223334444"]
 
// Search all users with no filter: let resp = await descopeClient.management.user.searchAll()
// Search all users with limit filter:   let resp = await descopeClient.management.user.searchAll(null, null, limit, null, null, null, null)
// Search all users with tenant filter:   let resp = await descopeClient.management.user.searchAll(tenantIds, null, null, null, null, null, null)
// Search all users with role filter:   let resp = await descopeClient.management.user.searchAll(null, roleNames, null, null, null, null, null)
// Search all users with a combination of filters:
let resp = await descopeClient.management.user.searchAll(tenantIds, roleNames, limit, page, testUsersOnly, withTestUser, customAttributes, statuses, emails, phones)
if (!resp.ok) {
  console.log("Failed to search users.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully searched users.")
  console.log(resp.data)
}

Update a User's Email Address

This operation allows administrators to update a user's email address.

// Args:
//   loginId (str): The login ID of the user to update the email for.
const loginId = "xxxx"
//   email (str): The new email address for the user. Leave empty to remove.
const email = "xxxx@xxxxxx.xxx"
//   verified (bool): Set to true for the user to be able to login with the email address.
const verified = true // or false
 
let resp = await descopeClient.management.user.updateEmail(loginId, email, verified)
if (!resp.ok) {
  console.log(resp)
  console.log("Failed to update user's email address.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully updated user's email address.")
  console.log(resp.data)
}

Update a User's Login ID

This operation allows administrators to update a user's Login ID. If you'd like to remove a login ID, provide an empty string for the new login ID.

// Args:
//   login_id (str): The login ID of the user to update the Login ID for.
const loginId = "xxxx"
//   new_login_id (str): New login ID to set for the user.
const newLoginId = "xxxx"
 
const resp = await descopeClient.management.user.updateLoginId(loginId, newLoginId)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to update user's Login ID.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully updated user's Login ID.")
  console.log(resp.data)
}

Update a User's Phone Number

This operation allows administrators to update a user's phone number.

// Args:
//   loginId (str): The login ID of the user to update the phone number for.
const loginId = "xxxx"
//   phone (str): The new user phone number. Leave empty to remove.
const phone = "+17777777777"
//   verified (bool): Set to true for the user to be able to login with the phone number.
const verified = true // or false
 
let resp = await descopeClient.management.user.updatePhone(loginId, phone, verified)
if (!resp.ok) {
  console.log(resp)
  console.log("Failed to update user's phone number.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully updated user's phone number.")
  console.log(resp.data)
}

Update a User's Display Name

This operation allows administrators to update a user's display name.

// Args:
//   loginId (str): The login ID of the user to update.
const loginId = "xxxx"
//   displayName (str): Optional user display name. Leave empty to remove.
const displayName = "Updated Display Name"
 
let resp = await descopeClient.management.user.updateDisplayName(loginId, displayName)
if (!resp.ok) {
  console.log(resp)
  console.log("Failed to update user's display name.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully updated user's display name.")
  console.log(resp.data)
}

Update a User's Picture

This operation allows administrators to update a user's profile picture granularly without updating all user details.

// Args:
//   loginId (str): The login ID of the user to update.
const loginId = "xxxx"
//   picture (str): Optional url to user avatar. Leave empty to remove.
const picture = "https://example.com/picture.png"
 
const resp = await descopeClient.management.user.updatePicture(loginId, picture)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to update user's picture.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully updated user's picture.")
  console.log(resp.data)
}

Update a User's Custom Attributes

This operation allows administrators to update a user's custom attributes granularly without updating all user details.

// Args:
//   loginID (str): The login ID of the user to update.
const loginId = "xxxx"
//   attributeKey: The custom attribute that needs to be updated, this attribute needs to exists in Descope console app
const attributeKey = "mycustomattribute"
//	 attributeValue (str): The value to be update
const attributeValue = "Test Value"
 
const resp = await descopeClient.management.user.updateCustomAttribute(loginId, attributeKey, attributeValue)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to update user's custom attribute.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully updated user's custom attribute.")
  console.log(resp.data)
}

Expire a User's Password

This operation allows administrators to expire an existing user's password. Upon next login, the user will need to follow the reset password flow.

// Args:
//   loginId (str): The login ID of the user to expire password for.
const loginId = "xxxx"
 
const resp = await descopeClient.management.user.expirePassword(loginId)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to expire user's password.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully expired user's password.")
}

Set a Temporary User's Password

This operation allows administrators to set a temporary password for an existing user. This will require the user to change their password on next authentication.

// Args:
//   loginId (str): The login ID of the user set password for.
const loginId = "xxxx"
//   password (str): The password to be set for the user.
const password = "xxxxx"
 
const resp = await descopeClient.management.user.setTemporaryPassword(loginId, password)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to set user's password.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully set user's password.")
}

Set an Active Password for User

This endpoint allows you to set an active password for an existing user. This will allow the user to authenticate with this password without changing it.

// Args:
//   loginId (str): The login ID of the user set password for.
const loginId = "xxxx"
//   password (str): The password to be set for the user.
const password = "xxxxx"
 
const resp = await descopeClient.management.user.setActivePassword(loginId, password)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to set user's password.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully set user's password.")
}

Add a Role to a User

This operation allows administrators to add roles to an existing user.

// Args:
//   loginId (str): The login ID of the user to update.
const loginId = "xxxx"
//   roleNames (List[str]): A list of roles to add to a user without tenant association.
const roleNames = ["TestRole1","TestRole2"]
 
let resp = await descopeClient.management.user.addRoles(loginId, roleNames)
if (!resp.ok) {
  console.log(resp)
  console.log("Failed to add roles to user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully added roles to user.")
  console.log(resp.data)
}

Set Roles for a User

This endpoint allows you to set a user's roles. This will override the current roles associated to the user and will set all passed roles.

// Args:
//   loginId (str): The login ID of the user to update.
const loginId = "xxxx"
//   roles (List[str]): A list of roles to set for a user without tenant association.
const roles = ["TestRole1","TestRole2"]
 
let resp = await descopeClient.management.user.setRoles(loginId, roles)
if (!resp.ok) {
  console.log(resp)
  console.log("Failed to set roles to user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully set roles to user.")
  console.log(resp.data)
}

Remove a Role from a User

This operation allows administrators to remove roles from an existing user.

// Args:
//   loginId (str): The login ID of the user to update.
const loginId = "xxxx"
//   roleNames (List[str]): A list of roles to remove from a user without tenant association.
const roleNames = ["TestRole1","TestRole2"]
 
let resp = await descopeClient.management.user.removeRoles(loginId, roleNames)
if (!resp.ok) {
  console.log(resp)
  console.log("Failed to remove roles from user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully removed roles from user.")
  console.log(resp.data)
}

Add a Tenant to a User

This operation allows administrators to add tenants to an existing user.

// Args:
//   loginId (str): The login ID of the user to update.
const loginId = "xxxx"
//   tenantId (str): The ID of the tenant to add to the user.
const tenantId = "TestTenant"
 
let resp = await descopeClient.management.user.addTenant(loginId, tenantId)
if (!resp.ok) {
  console.log(resp)
  console.log("Failed to add tenant to user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully added tenant to user.")
  console.log(resp.data)
}

Remove a Tenant from a User

This operation allows administrators to remove tenants from an existing user.

// Args:
//   loginId (str): The login ID of the user to update.
const loginId = "xxxx"
//   tenantId (str): The ID of the tenant to remove from the user.
const tenantId = "TestTenant"
 
let resp = await descopeClient.management.user.removeTenant(loginId, tenantId)
if (!resp.ok) {
  console.log(resp)
  console.log("Failed to remove tenant from user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully removed tenant from user.")
  console.log(resp.data)
}

Add Roles to a User in a Specific Tenant

This operation allows administrators to add roles to a user within a specific tenant.

// Args:
//   loginId (str): The login ID of the user to update.
const loginId = "xxxx"
//   tenantId (str): The ID of the user's tenant.
const tenantId = "TestTenant"
//   roleNames (List[str]): A list of roles to add to the user.
const roleNames = ["TestRole1","TestRole2"]
 
let resp = await descopeClient.management.user.addTenantRoles(loginId, tenantId, roleNames)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to add roles to the user in the specified tenant.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully added roles to the user in the specified tenant.")
  console.log(resp.data)
}

Set Roles for a User in a Specific Tenant

This operation allows administrators to set roles to a user within a specific tenant. This will override the current roles associated to the user for the tenant and will set all passed roles.

// Args:
//   loginId (str): The login ID of the user to update.
const loginId = "xxxx"
//   tenantId (str): The ID of the user's tenant.
const tenantId = "TestTenant"
//   roles (List[str]): A list of roles to set for the user.
const roles = ["TestRole1","TestRole2"]
 
let resp = await descopeClient.management.user.setTenantRoles(loginId, tenantId, roles)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to set roles to the user in the specified tenant.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully set roles to the user in the specified tenant.")
  console.log(resp.data)
}

Remove Roles from a User in a Specific Tenant

This operation allows administrators to remove roles from a user within a specific tenant.

// Args:
//   loginId (str): The login ID of the user to update.
const loginId = "xxxx"
//   tenantId (str): The ID of the user's tenant.
const tenantId = "TestTenant"
//   roleNames (List[str]): A list of roles to remove from the user.
const roleNames = ["TestRole1","TestRole2"]
 
let resp = await descopeClient.management.user.removeTenantRoles(loginId, tenantId, roleNames)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to remove roles from the user in the specified tenant.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully removed roles from the user in the specified tenant.")
  console.log(resp.data)
}

Associate an Application to a User

This operation allows administrators to associate an Application with a user.

//   loginID (str): The login ID of the user to update.
loginID := "xxxx"
//   ssoAppIds (array(str)): The IDs of the sso apps to add to the user.
ssoAppIds = ["app1", "app2"]
 
let resp = await descopeClient.management.user.addSSOapps(loginId, ssoAppIds)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to add sso apps to user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully added sso apps to user.")
  console.log(resp.data)
}

Set Applications for user

This operation allows administrators to set Applications associated to a user. This will override the current Application associated to the user for the user and set all passed Applications.

//   loginID (str): The login ID of the user to update.
loginID := "xxxx"
//   ssoAppIds (array(str)): The IDs of the sso apps to add to the user.
ssoAppIds = ["app1", "app2"]
 
let resp = await descopeClient.management.user.setSSOapps(loginId, ssoAppIds)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to set sso apps to user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully set sso apps to user.")
  console.log(resp.data)
}

Remove an Application from a User

This operation allows administrators to remove an Application from being associated with a user.

//   loginID (str): The login ID of the user to update.
loginID := "xxxx"
//   ssoAppIds (array(str)): The IDs of the sso apps to add to the user.
ssoAppIds = ["app1", "app2"]
 
let resp = await descopeClient.management.user.removeSSOapps(loginId, ssoAppIds)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to remove sso apps to user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully removed sso apps to user.")
  console.log(resp.data)
}

Activate User

This operation allows administrators to activate an existing user.

// Args:
//  loginId (str): The login ID of the user to be activated.
const loginId = "xxxx"
 
let resp = await descopeClient.management.user.activate(loginId)
if (!resp.ok) {
  console.log(resp)
  console.log("Failed to activate user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully activated user.")
  console.log(resp.data)
}

Deactivate User

This operation allows administrators to deactivate an existing user.

// Args:
//  loginId (str): The login ID of the user to be deactivated.
const loginId = "xxxx"
 
let resp = await descopeClient.management.user.deactivate(loginId)
if (!resp.ok) {
  console.log(resp)
  console.log("Failed to deactivate user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully deactivated user.")
  console.log(resp.data)
}

Logout All User Sessions

This operation allows administrators to log an existing user out of all sessions. This operation can be done via loginId or userId.

// Args:
//    loginId (str): The loginId of the user to be logged out.
const loginId = "email@company.com"
 
const resp = await descopeClient.management.user.logoutUser(loginId);
if (!resp.ok) {
  console.log("Failed to logout user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully logged user out.")
}
 
// Args:
//    userId (str): The userId of the user to be logged out.
const userId = "email@company.com"
 
const resp = await descopeClient.management.user.logoutUserByUserId(userId);
if (!resp.ok) {
  console.log("Failed to logout user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully logged user out.")
}

Delete User's Passkeys

This operation will delete all existing passkeys for a user.

// Args:
//    loginId (str): The loginId of the user to be remove passkeys for.
const loginId = "email@company.com"
 
const resp = await descopeClient.management.user.removeAllPasskeys(loginId);
if (!resp.ok) {
  console.log("Failed to remove user's passkeys.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully removed user's passkeys.")
}

Delete User

This operation allows administrators to delete an existing user. It is important to note that this operation is irreversible and the user will be removed and will not be able to be added back without recreation.

// Args:
//    loginId (str): The loginId of the user to be deleted.
const loginId = "email@company.com"
 
const resp = await descopeClient.management.user.delete(loginId);
if (!resp.ok) {
  console.log("Failed to delete user.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully deleted user.")
  console.log(resp.data)
}

Impersonate User

This operation allows administrators to impersonate an existing user. The impersonator user must have the impersonation permission in order for this request to work. The response would be a refresh JWT of the impersonated user.

// Args:
// loginId (str): The loginId of the user to be deleted.
// impersonatorId (str): The login_id of the user that's to be impersonated.
// validateConsent (boolean): Whether to check if the user to be impersonated has given consent
// Optional: custom_claims ({"key1":"value1"}): Custom claims to be added to the impersonated user's JWT
// Optional: tenant_id (str): One of the tenants the impersonated user belongs to
const updatedJWTRes = await descopeClient.management.jwt.impersonate(
  'impersonator-id',
  'login-id',
  true,
  {"key1":"value1"},
  "your-tenant-id"
);
Was this helpful?

Previous

User Management

Next

Inviting Users

On this page

Users with SDKsInstall SDKImport and initialize Management SDKCreate UserBatch Create UsersInvite UserUpdate UserLoad Existing User DetailsGet User's Login HistoryLoad Existing User's Provider TokenSearch UsersUpdate a User's Email AddressUpdate a User's Login IDUpdate a User's Phone NumberUpdate a User's Display NameUpdate a User's PictureUpdate a User's Custom AttributesExpire a User's PasswordSet a Temporary User's PasswordSet an Active Password for UserAdd a Role to a UserSet Roles for a UserRemove a Role from a UserAdd a Tenant to a UserRemove a Tenant from a UserAdd Roles to a User in a Specific TenantSet Roles for a User in a Specific TenantRemove Roles from a User in a Specific TenantAssociate an Application to a UserSet Applications for userRemove an Application from a UserActivate UserDeactivate UserLogout All User SessionsDelete User's PasskeysDelete UserImpersonate User