Cloud Administration Create Local User API

Use the Cloud Administration Create Local User API to add a new user account to a local identity source. With this API, you can create a user and set their username and password.

For more information about managing access to this API, see Accessing the Cloud Administration APIs.

Authentication

This API is accessible only via OAuth and does not support the legacy JSON Web Token (JWT) authentication flow. For more information, see Manage OAuth API Clients.

You need the "rsa.group.users.manage" OAuth permission to use this endpoint.

Software Developer Kit

You can download the API Software Developer Kit (SDK) from Cloud Administration REST API Download.

Request Requirements

Use the following information to create a local user.

Method	Request URL	Response Codes
POST	/AdminInterface/restapi/v1/users/create	200, 400, 403

Request Parameter

The following table describes the request body parameter.

Request Parameter	Description	Data Type
customerId	Unique customer identifier	Long

Example Request Body

The following is an example request body.

{
    "id": "",
    "firstName": "Joe",
    "lastName": "Schmoe",
    "userName": "jschmoe",
    "email": "jschmoe@rsavia.com",
    "defaultSmsPhone": "1234567890",
    "defaultVoicePhone": "1234567890",
    "managerEmail": "testManager@rsavia.com",
    "identitySource": "Local Identity Source",
    "password": null,
    "passwordCreationOption": "NONE",
    "passwordSendMethod": "NONE",
    "initialPasswordEmail": "",
    "alternateUsernames": ["group1", "group2"],
    "groupMemberships": ["group1", "group2"],
    "smsPhoneNumbers": ["1234567891", "1234567892"],
    "voicePhoneNumbers": ["1234567891", "1234567892"]
}

Request Properties Descriptions

The following table explains the request properties.

Field	Description	Required
First name	User's first name.	Yes
User name	Unique username.	Yes
Email	User's email address.	Yes
IdentitySource	Source of user identity (for example, local or LDAP).	Yes
PasswordCreationOption	Specifies how the user's password is set. Options are "NONE", "GENERATE_AND_SEND", and "ENTERED_BY_ADMIN".	Yes
passwordSendMethod	Specifies how the system delivers the generated password to the user. Options are "NONE" and "EMAIL".	Required only if passwordCreationOption is set to "GENERATE_AND_SEND"

Example Response

The following is an example response.

{
    "cloud_directory_enabled": true,
    "user_id": "80800c5b-707b-3cd4-de78-48e67e4a923d",
    "email": "jschmoe@rsavia.com",
    "first_name_valid": true,
    "last_name_valid": true
    "username_valid": true,
    "email_valid": true,
    "email_failure_reason": null,
    "sms_phone_valid": true,
    "voice_phone_valid": true,
    "manager_email_valid": true,
    "manager_email_failure_reason": null,
    "identity_source_valid": true,
    "password_valid": true,
    "initial_password_email_valid": false,
    "password_send_method_valid": true,
    "alternate_username_valid": [true, true],
    "virtualgroups_valid": [true, true],
    "sms_phone_list_valid": [true, true],
    "voice_phone_list_valid": [true, true],
    "save_succeeded": true,
    "save_failure_reason": null,
    "duplicate_username": false,
    "validation_errors": [],
}

Response Codes

The following table lists the response codes and their descriptions for this API.

Code	Description
200	A request to create a user has been submitted successfully. The saveSucceeded variable in the UserUpdateStatusPublicDTO will indicate whether the user was created successfully.
400	The operation could not be completed. One of the following error messages may be returned: Password creation option is required to create a user. Generate and Display password creation option is not supported by this API. Password usage is not allowed for this identity source. Password is required for users in this identity source. Email notification must be configured before generating and sending the initial password. An identity source is required to create users. A local-type identity source is required to create users. User creation requests are not allowed for identity source type {IS_Type}.
403	Not authorized to perform the request. The request includes incorrect OAuth permissions.

Code

Description

200

A request to create a user has been submitted successfully. The saveSucceeded variable in the UserUpdateStatusPublicDTO will indicate whether the user was created successfully.

400

The operation could not be completed. One of the following error messages may be returned:

Password creation option is required to create a user.
Generate and Display password creation option is not supported by this API.
Password usage is not allowed for this identity source.
Password is required for users in this identity source.
Email notification must be configured before generating and sending the initial password.
An identity source is required to create users.
A local-type identity source is required to create users.
User creation requests are not allowed for identity source type {IS_Type}.

403

Not authorized to perform the request. The request includes incorrect OAuth permissions.

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change