Skip to main content
Version: v41

users

countinteger
items object[]
  • Array [
  • idstring<uuid>

    The UUID of the returned object

    Example: eef4aefc-d64e-4c2c-aba4-4914c86ce059
    source_user_idstring

    The originating unique identifer for the user (UUID from local user store, principal from LDAP, ..) - only returned by the Role Store API

    createdstring<date-time>

    When the object was created

    Example: 2017-01-01T15:05:05Z
    updatedstring<date-time>

    When the object was created

    Example: 2017-01-01T15:05:05Z
    updated_bystring<uuid>

    ID of the user who updated the object

    Example: eef4aefc-d64e-4c2c-aba4-4914c86ce059
    authorstring<uuid>

    ID of the user who originally authored the object

    Example: eef4aefc-d64e-4c2c-aba4-4914c86ce059
    commentstring

    A comment describing the object

    Example: A comment
    tagsstring[]

    Array of tag strings

    principalstring

    The principal name of the user. For IAM Local User Store users, the username.

    distinguished_namestring

    The distinguished name of the user

    given_namestring

    First name

    full_namestring

    Full name

    job_titlestring

    Job title

    companystring

    Company

    departmentstring

    Department

    emailstring

    Email address

    telephonestring

    Phone number

    localestring

    User's locale. Language code ISO 639-1 & country code ISO 3166-1 separated by a "_"

    Example: fi_FI
    roles object[]

    The array of role IDs the user has. Boolean "explicit" denotes whether the role is granted explicitly or implicitly via a mapping.

  • Array [
  • idstring<uuid>
    namestring
    commentstring

    A comment describing the object

    Example: A comment
    principal_public_key_stringsstring[]

    Principal public keys, returned only from /users/resolve

    permit_agentboolean

    Permit agent, returned only from /users/resolve

    access_group_idstring<uuid>

    Scopes host and connection permissions to an access group

    permissionspermission (string)[]

    Array of permissions

    Possible values: [licenses-manage, api-clients-manage, idp-clients-view, idp-clients-manage, connections-view, connections-manage, connections-playback, connections-terminate, connections-manual, connections-trail, connections-authorize, ueba-view, ueba-manage, hosts-view, hosts-manage, privx-host-provisioning, network-targets-view, network-targets-manage, role-target-resources-view, role-target-resources-manage, roles-view, roles-manage, sources-view, sources-manage, sources-data-push, users-view, users-manage, logs-view, logs-manage, workflows-manage, workflows-view, vault-manage, vault-add, access-groups-manage, workflows-requests-on-behalf, workflows-requests, authorized-keys-manage, settings-manage, settings-view, requests-view, certificates-view, webauthn-credentials-manage, mobilegw-view, mobilegw-manage, target-domains-view, target-domains-manage]

    context object

    Contextual limitation

    enabledboolean

    Are contextual limitations enabled

    block_roleboolean

    If set to true and contextual limitations do not allow role/object, then the role/object is blocked. Otherwise the role/object is granted and an audit event is triggered.

    validitystring[]

    Possible values: [MON, TUE, WED, THU, FRI, SAT, SUN]

    start_timestring

    Start time of day as HH:MM when contextual limit allows access

    end_timestring

    End time of day as HH:MM when contextual limit allows access

    timezonestring

    Time zone of start_time and end_time

    ip_masksstring[]
    explicitboolean

    Is the role explicitly granted to the user

    Default value: false
    implicitboolean

    Has the user implicitly gained the role or not.

    Default value: false
    systemboolean
    Default value: false
    grant_typestring

    Is the role granted permanently, or is the grant time restricted, or a floating window. The floating window starts upon initial connection at which time the Role Store converts the floating window to explicit time-restricted window.

    Possible values: [PERMANENT, TIME_RESTRICTED, FLOATING]

    grant_validity_periods object[]

    Array of validity periods for this role. This array replaces grant_start and grant_end attributes in role object.

  • Array [
  • grant_startstring<date-time>

    Date & time after which the role is granted to the user in ISO8601

    Example: 2017-01-01T15:05:05Z
    grant_endstring<date-time>

    Date & time after which the role is removed from the user in ISO8601

    Example: 2017-01-02T15:05:05Z
  • ]
  • floating_lengthinteger

    Duration for which the grant should last after initial connection, specified in hours

    Example: 24
  • ]
  • attributes object[]

    Custom user attributes array.

  • Array [
  • keystringrequired
    Example: aws_account
    valuestringrequired
    Example: admin-bob
  • ]
  • permissionspermission (string)[]

    Array of permissions

    Possible values: [licenses-manage, api-clients-manage, idp-clients-view, idp-clients-manage, connections-view, connections-manage, connections-playback, connections-terminate, connections-manual, connections-trail, connections-authorize, ueba-view, ueba-manage, hosts-view, hosts-manage, privx-host-provisioning, network-targets-view, network-targets-manage, role-target-resources-view, role-target-resources-manage, roles-view, roles-manage, sources-view, sources-manage, sources-data-push, users-view, users-manage, logs-view, logs-manage, workflows-manage, workflows-view, vault-manage, vault-add, access-groups-manage, workflows-requests-on-behalf, workflows-requests, authorized-keys-manage, settings-manage, settings-view, requests-view, certificates-view, webauthn-credentials-manage, mobilegw-view, mobilegw-manage, target-domains-view, target-domains-manage]

    sourcestring

    Source ID

    mfa object
    statusstring

    Possible values: [ENABLED, DISABLED, UNINITIALIZED]

    seed object
    seed_stringstring

    The MFA seed in textual format

    seed_qr_codestring

    The MFA-seed QR code in base64 encoded format (PNG file)

    stale_access_tokenboolean

    The access token used for fetching the user object has permissions that are out of sync. The requester should refresh the access token before the next REST API call. This field is set only by /users/current endpoint.

    authorized_keys object[]
  • Array [
  • idstring<uuid>

    Unique identifier for authorized key

    Example: 2765b005-4ce1-4b2b-a9ca-ee6c4d6f2792
    usernamestring

    Username of the authorized key owner

    Example: joe@privx.com
    user_idstring<uuid>

    User id of the authorized key owner

    Example: f2f448d8-0397-4894-982f-9a58a43921db
    sourcestring<uuid>

    User source ID

    namestringrequired

    Name for authorized key

    Example: work
    commentstring

    Comment for authorized key

    Example: Joe's work laptop key
    public_keystringrequired

    Public key data in ssh authorized key format

    Example: AAAAB3NzaC1yc2EAAAADAQABAAABAQDqoMogqErOw7lL3GD6Ez7Hv1FZBk0Iyk2pBFUhqb9sjY9IEw8P9OWFwLMhWQ4LNvekPAnmr03pMHSSP7Pw98+Izy0HxcHZGKcrDOIjnHF5Fog3w4rBYa6OxdcJRxctifx5szqmM4JkUNS1RJY5E4ns4xCgFV46Satph02M+eP9PXGh+ZecSNtdLoOovVuolEUdb8dINgto8zsjEuAQ+76qOEgAIuSsYlzGGZPyPnATtkUi/rK9fcAfbhSqSXNxFqf7wejEKwA1kFt8hSW2bUWJH268fqnejFwHjBTzjBw89dji6141ajAP8/Q2gZug0bb1U70PE4afE3fFh2VCfhwT
    not_beforestring<date-time>

    Start of key validity period

    Example: 2020-07-31T17:32:28Z
    not_afterstring<date-time>

    End of key validity period

    Example: 2022-07-31T17:32:28Z
    expires_ininteger

    Time in seconds to key expiry. Value is not set if key is not yet valid.

    source_addressstring[]
    fingerprintsstring[]
  • ]
  • webauthn_credentials object[]
  • Array [
  • idstring<uuid>required

    Credential UUID

    credential_idstring

    Webauthn credential ID

    namestring

    Credential name

    commentstring

    Optional comment

    last_usedstring<date-time>

    Timestamp of last login event using this credential

    Example: 2017-01-01T15:05:05Z
    createdstring<date-time>

    Creation timestamp

    Example: 2017-01-01T15:05:05Z
    authorstring<uuid>

    ID of the user who originally authored the object

    updatedstring<date-time>

    Update timestamp

    Example: 2017-01-01T15:05:05Z
    updated_bystring<uuid>

    ID of the user who updated the object

    Example: eef4aefc-d64e-4c2c-aba4-4914c86ce059
  • ]
  • ]
  • users
    {
    "count": 0,
    "items": [
    {
    "id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
    "created": "2017-01-01T15:05:05Z",
    "updated": "2017-01-01T15:05:05Z",
    "updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
    "author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
    "comment": "A comment",
    "tags": [
    "string"
    ],
    "principal": "string",
    "distinguished_name": "string",
    "given_name": "string",
    "full_name": "string",
    "job_title": "string",
    "company": "string",
    "department": "string",
    "email": "string",
    "telephone": "string",
    "locale": "fi_FI",
    "roles": [
    {
    "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "name": "string",
    "comment": "A comment",
    "principal_public_key_strings": [
    "string"
    ],
    "permit_agent": true,
    "access_group_id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "permissions": [
    "licenses-manage"
    ],
    "context": {
    "enabled": true,
    "block_role": true,
    "validity": [
    "MON"
    ],
    "start_time": "string",
    "end_time": "string",
    "timezone": "string",
    "ip_masks": [
    "string"
    ]
    },
    "explicit": false,
    "implicit": false,
    "system": false,
    "grant_type": "PERMANENT",
    "grant_validity_periods": [
    {
    "grant_start": "2017-01-01T15:05:05Z",
    "grant_end": "2017-01-02T15:05:05Z"
    }
    ],
    "floating_length": 24
    }
    ],
    "attributes": [
    {
    "key": "aws_account",
    "value": "admin-bob"
    }
    ],
    "permissions": [
    "licenses-manage"
    ],
    "source": "string",
    "mfa": {
    "status": "ENABLED",
    "seed": {
    "seed_string": "string",
    "seed_qr_code": "string"
    }
    },
    "stale_access_token": true,
    "authorized_keys": [
    {
    "id": "2765b005-4ce1-4b2b-a9ca-ee6c4d6f2792",
    "username": "joe@privx.com",
    "user_id": "f2f448d8-0397-4894-982f-9a58a43921db",
    "source": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "name": "work",
    "comment": "Joe's work laptop key",
    "public_key": "AAAAB3NzaC1yc2EAAAADAQABAAABAQDqoMogqErOw7lL3GD6Ez7Hv1FZBk0Iyk2pBFUhqb9sjY9IEw8P9OWFwLMhWQ4LNvekPAnmr03pMHSSP7Pw98+Izy0HxcHZGKcrDOIjnHF5Fog3w4rBYa6OxdcJRxctifx5szqmM4JkUNS1RJY5E4ns4xCgFV46Satph02M+eP9PXGh+ZecSNtdLoOovVuolEUdb8dINgto8zsjEuAQ+76qOEgAIuSsYlzGGZPyPnATtkUi/rK9fcAfbhSqSXNxFqf7wejEKwA1kFt8hSW2bUWJH268fqnejFwHjBTzjBw89dji6141ajAP8/Q2gZug0bb1U70PE4afE3fFh2VCfhwT",
    "not_before": "2020-07-31T17:32:28Z",
    "not_after": "2022-07-31T17:32:28Z",
    "expires_in": 0,
    "source_address": [
    "192.168.100.0/24"
    ],
    "fingerprints": [
    "SHA256:bdeYZ2qiEwCOCuf0oTvya/aH4Vo+nJLIauDKm/D8btM"
    ]
    }
    ],
    "webauthn_credentials": [
    {
    "id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "credential_id": "string",
    "name": "string",
    "comment": "string",
    "last_used": "2017-01-01T15:05:05Z",
    "created": "2017-01-01T15:05:05Z",
    "author": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
    "updated": "2017-01-01T15:05:05Z",
    "updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059"
    }
    ]
    }
    ]
    }