"workFactor": 10, The request may specify up to 20 group ids. This action cannot be recovered! "lastName": "Brock", When fetching a user by login shortname, URL encode (opens new window) the request parameter to ensure special characters are escaped properly. Users with a FEDERATION or SOCIAL authentication provider do not support a password or recovery_question credential and must authenticate via a trusted Identity Provider. Okta could not communicate correctly with an inline hook. Creates a user with a specified User Type (see User Types). Unspecified properties are set to null with PUT. Please wait for a new code and try again. You are responsible for mitigation of all security risks such as phishing and replay attacks. Bad request. Creating users with a FEDERATION or SOCIAL provider sets the user status to either ACTIVE or STAGED based on the activate query parameter since these two providers don't support a password or recovery_question credential. characters. "login": "isaac.brock@example.com", This certificate has already been uploaded with kid={0}. API validation failed for the current request. Note: Listing users with search should not be used as a part of any critical flows, such as authentication, to prevent potential data loss. We have a single user that is having issues with okta. Activation of a user is an asynchronous operation. GET /api/v1/users Lists users in your organization with pagination in most cases A subset of users can be returned that match a supported filter expression or search criteria. A password hash is a write-only property. Use the q parameter for a simple lookup of users by name, for example when creating a people picker. }, Fetch a user by id, login, or login shortname if the short name is unambiguous. "mobilePhone": "555-415-1337" "password" : { This flow is common when developing a custom user-registration experience. This flow supports migrating users from another data store in cases where we wish to allow the users to retain their current passwords. Users can login with their non-qualified short name (e.g. The specified user is already assigned to the application. This operation can only be performed on users with an ACTIVE status and a valid recovery question credential. Deactivate application for user forbidden. We have AD delegation enabled and I can login to the domain with the credentials but when trying to login to okta it says invalid username/credentials. Note: Because the plain text password isn't specified when a hashed password is provided, password policy isn't applied. For example, en_US specifies the language English and country US. Currently it contains a single element, id, as shown in the Example. /api/v1/users/${userId}/grants/${grantId}, DELETE Additional context provided in the log will allow for pivoting this information based on things like Target User, Client IP address, Geography, User POST You don't need to specify. Sets a new password for a user by validating the user's answer to their current recovery question. "profile": { Any access tokens issued with these refresh tokens will also be revoked, but access tokens issued without a refresh token will not be affected. "mobilePhone": "555-415-1337" Array specified in enum field must match const values specified in oneOf field. The provided role type was not the same as required role type. ", '{ Lists users in your organization with pagination in most cases. Careful consideration of naming conventions for your login identifier will make it easier to onboard new applications in the future. Bad request. The user has a status of SUSPENDED when the process is complete. "profile": { This action cannot be recovered! Your organization has reached the limit of call requests that can be sent within a 24 hour period. If an access token was issued with this refresh token, it will also be revoked. API token is not allowed for this operation. {0}, YubiKey cannot be deleted while assigned to an user. } This operation is not allowed in the user's current status. Logins with a / or ? Please wait 5 seconds before trying again. This is an administrative operation. Consent grants remain valid until the user manually revokes them, or until the user, application, authorization server or scope is deactivated or deleted. The type property is a map that identifies the User Type of the user (see User Types). Specifies a secret question and answer that is validated (case insensitive) when a user forgets their password or unlocks their account. Your organization has reached the limit of sms requests that can be sent within a 24 hour period. The Links object is used for dynamic discovery of related resources, lifecycle operations, and credential operations. Your organization is the top-level namespace to mix and match logins from all your connected applications or directories. Passing an id that is not in the SUSPENDED state returns a 400 Bad Request status code with error code E0000001. Conflicts with authenticator with key: {0}. If tempPassword is included in the request, the user's password is reset to a temporary password that is returned, and then the temporary password is expired. Invalid phone extension. } "firstName": "Isaac", "recovery_question": { "answer": "Annie Oakley" } Set (This limit applies only when creating a user. "lastName": "Brock", "question": "How many roads must a man walk down? POST "mobilePhone": "555-415-1337" User Login with Local Credentials Help This example leverages the Simple Search assistant. Forgot password not allowed on specified user. Please enter a valid phone extension. If the password is valid, Okta stores the hash of the password that was provided and can authenticate the user independently from then on. ACTIVE_DIRECTORY or LDAP providers specify the directory instance name as the name property. For example: https://${yourOktaDomain}/api/v1/users/me/grants returns all the grants for the active session user. Lists all users that match the filter criteria. Returns the complete user object by default. For example, if the redirect_uri is https://example.com, then the ACCESS_DENIED error is passed as follows: Need support? /api/v1/users/${userId}/grants, DELETE "salt": "rwh3vH166HCH/NT9XV5FYu", Unlike in user logins, diacritical marks are significant in search string values: a search for isaac.brock will find Isaac.Brock but will not find a property whose value is isc.brck. }', "https://${yourOktaDomain}/api/v1/meta/schemas/user/oscfnjfba4ye7pgjB0g4", "https://${yourOktaDomain}/api/v1/meta/types/user/otyfnjfba4ye7pgjB0g4", "Not found: Resource not found: missing@example.com (User)", "https://${yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/reset_password", "https://${yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/reset_factors", "https://${yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/expire_password", "https://${yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/credentials/forgot_password", "https://${yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/credentials/change_recovery_question", "https://${yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/lifecycle/deactivate", "https://${yourOktaDomain}/api/v1/users/00ub0oNGTSWTBKOLGLNR/credentials/change_password", "https://${yourOktaDomain}/api/v1/users/00u19uiKQa0xXkbdGLNR", '{