CreateUser
POST {{baseUrl}}/users/
Creates a new user in your tenancy. For conceptual information about users, your tenancy, and other IAM Service components, see Overview of the IAM Service.
You must specify your tenancy's OCID as the compartment ID in the request object (remember that the tenancy is simply the root compartment). Notice that IAM resources (users, groups, compartments, and some policies) reside within the tenancy itself, unlike cloud resources such as compute instances, which typically reside within compartments inside the tenancy. For information about OCIDs, see Resource Identifiers.
You must also specify a name for the user, which must be unique across all users in your tenancy and cannot be changed. Allowed characters: No spaces. Only letters, numerals, hyphens, periods, underscores, +, and @. If you specify a name that's already in use, you'll get a 409 error. This name will be the user's login to the Console. You might want to pick a name that your company's own identity system (e.g., Active Directory, LDAP, etc.) already uses. If you delete a user and then create a new user with the same name, they'll be considered different users because they have different OCIDs.
You must also specify a description for the user (although it can be an empty string). It does not have to be unique, and you can change it anytime with UpdateUser. You can use the field to provide the user's full name, a description, a nickname, or other information to generally identify the user.
After you send your request, the new object's lifecycleState
will temporarily be CREATING. Before
using the object, first make sure its lifecycleState
has changed to ACTIVE.
A new user has no permissions until you place the user in one or more groups (see AddUserToGroup). If the user needs to access the Console, you need to provide the user a password (see CreateOrResetUIPassword). If the user needs to access the Oracle Cloud Infrastructure REST API, you need to upload a public API signing key for that user (see Required Keys and OCIDs and also UploadApiKey).
Important: Make sure to inform the new user which compartment(s) they have access to.
Request Body
{"name"=>"non ex elit laborum", "compartmentId"=>"{{tenancy_ocid}}", "description"=>"ullamco fu", "email"=>"pariatur ad"}
HEADERS
Key | Datatype | Required | Description |
---|---|---|---|
opc-retry-token | string | A token that uniquely identifies a request so it can be retried in case of a timeout or | |
server error without risk of executing that same action again. Retry tokens expire after 24 | |||
hours, but can be invalidated before then due to conflicting operations (e.g., if a resource | |||
has been deleted and purged from the system, then a retry of the original creation request | |||
may be rejected). | |||
Content-Type | string | ||
Date | string | (Required) Current Date | |
Authorization | string | (Required) Signature Authentication on Authorization header | |
x-content-sha256 | string | (Required) Content sha256 for POST, PUT and PATCH operations |
RESPONSES
status: OK
{"id":"minim","compartmentId":"do tempor","name":"ut laboris occaecat officia aliqua","description":"ad deserunt nostrud","timeCreated":"1946-10-25T09:38:18.008Z","lifecycleState":"CREATING","isMfaActivated":true,"capabilities":{"canUseApiKeys":true,"canUseAuthTokens":false,"canUseConsolePassword":false,"canUseCustomerSecretKeys":false,"canUseOAuth2ClientCredentials":true,"canUseSmtpCredentials":true},"definedTags":{},"email":"in labore consectetur sint ut","emailVerified":true,"externalIdentifier":"aute in culpa","freeformTags":{},"identityProviderId":"incididunt ","inactiveStatus":-55865980,"lastSuccessfulLoginTime":"1953-12-19T19:05:46.188Z","previousSuccessfulLoginTime":"1957-05-21T17:44:43.909Z"}