Cloud Administration User Details API
The Cloud Administration User Details API enables Help Desk administrators to look up a single user without logging into the Cloud Administration Console. This API can look up only one user at a time.
Note: Confirm that RSA has enabled SMS Tokencode and Voice Tokencode authentication for your company. Otherwise, the User Details API does not include the smsNumber and voiceNumber in the response.
For information about managing access to this API, see Accessing the Cloud Administration APIs.
Authentication
Clients calling this API must authenticate themselves by including a JSON Web Token in a request. For information on using this token, see Authentication for the Cloud Administration REST APIs.
Software Developer Kit
You can download the API Software Developer Kit (SDK) from Cloud Administration REST API Download.
Request Requirements
Use the following information to retrieve information about a particular user.
| Method | Request URL | Response Content Type | Response Body | Response Codes |
|---|---|---|---|---|
| POST |
/AdminInterface/restapi/v1/users/lookup | application/json | User details with property | 200, 400, 403, 404, 415, 429, 500 |
Example Request Data
The following example displays a request.
POST /AdminInterface/restapi/v1/users/lookup
Accept: application/json
Authorization: Bearer <JWT token>
Request Body Parameters
The following table describes the request parameters.
| Request Parameter | Required? | Description | Type |
|---|---|---|---|
| No | User's email address. Either email or username must be provided. | String | |
| username | No | The user's username. Either email or username must be provided. | String |
| searchUnsynched | No | When set to True, Cloud Access Service (CAS) searches for the user with the specified email address. If the user is not yet synchronized to the cloud, synchronization occurs before results are returned. This process significantly increases the search time. The default value is False. | Boolean |
Example Request Body
{
"searchUnsynched" : "true",
"username" : "jschmoe",
“email” : “jschmoe@rsavia.com"
}
Example Response
The following example response shows the status of a single user on 31 May 2018:
{
"id": "f85b6e95-f41f-45b4-bc84-559fead6460c",
"emailAddress": "user.one@mycompany.com",
"firstName": "User",
"lastName": "One",
"creationDate": "2018-08-31T19:10:30.045Z",
"identitySource": "My Company AD",
"userStatus": "Enabled",
"markDeleted": false,
"highRiskUser": false,
"markDeletedAt": null,
"markDeletedBy": null,
"smsNumber": "+11235556799",
"voiceNumber": "+1 774 291 4444",
"isTokenLocked": false,
"isSmsLocked": false,
"isVoiceLocked": false,
"lastSyncTime": "2018-08-31T19:20:30.045Z",
"emergencyAccessStatus": "Disabled",
"emergencyTokencodeId": null,
"emergencyTokencodeExpiration": null,
"emergencyTokencodeLastUse": null,
"offlineEmergencyAccessStatus": "Disabled",
"offlineEmergencyTokencodeExpiration": null,
"monthLastAuthenticated": "Nov 2020",
"identitySourceSpecificGroups": [
"Group 1",
"Group 2"
],
"globalGroups": [
"Group 3"
]
}Response Property Descriptions
The following table shows property descriptions and data types.
| Property | Description | Data Type |
|---|---|---|
| id | Identifies the user. | String |
| emailAddress | User's email address. | String |
| firstName | User's first name. | String |
| lastName | User's last name. | String |
| creationDate | Date when the user account was added to CAS. | String |
| identitySource | Name of identity source. | String |
| userStatus | Enabled. Users can access protected resources. Disabled. Users cannot access protected resources or register devices. Pending Deletion. The user and all associated data and devices are automatically deleted from CAS seven days after being marked for deletion in the Cloud Administration Console. | String |
| markDeleted | Indicates whether the user is marked deleted. | Boolean |
| markDeletedAt | Date when a user is marked deleted. See https://www.w3.org/TR/NOTE-datetime . | String |
| markDeletedBy | Administrator who initiated mark for delete. | String |
| lastSuccessfulAuthenticationMethod | Specifies the authentication method(s) the user last used successfully. | String |
| lastSuccessfulAuthenticationDate | Shows the date and time when the user was last successfully authenticated. | String |
| smsNumber | Displays user phone numbers after you click Show synchronized phone numbers. Phone numbers appear only if corresponding attributes were configured and synchronized. | String |
| voiceNumber | Displays user voice phone numbers after you click Show synchronized phone numbers. Phone numbers appear only if corresponding attributes were configured and synchronized. | String |
| isTokenLocked | Token locked status is either true (locked) or false (unlocked). | Boolean |
| isSmsLocked | SMS phone locked status is either true (locked) or false (unlocked). | Boolean |
| isVoiceLocked | Voice phone locked status is either true (locked) or false (unlocked). | Boolean |
| lastSyncTime | Most recent time when user details were synchronized with an identity source. See https://www.w3.org/TR/NOTE-datetime for information on formatting timestamps in ISO 8601 format. | String |
| highRiskUser | True indicates the user is marked as high risk by an external third-party application. False indicates the user is not marked as high risk by an external third-party application. | Boolean |
| emergencyAccessStatus | Enabled - An Emergency Tokencode has been generated for this user. Disabled - An Emergency Tokencode has not been generated for this user. Locked - Emergency Tokencode is locked for this user. | String |
| emergencyTokencodeId | Identifies the Emergency Tokencode, if one has been generated for this user. | String |
| emergencyTokencodeExpiration | Emergency Tokencode expiration date. | String |
| emergencyTokencodeLastUse | Emergency Tokencode last used date. | String |
| emergencyTokencodeOneTimeUse | True indicates that an Emergency Tokencode can be used only once. False indicates that an Emergency Tokencode can be used multiple times. | Boolean |
| offlineEmergencyTokencodeExpiration | Offline Emergency Tokencode expiration date. | String |
| offlineEmergencyAccessStatus | Enabled - An offline Emergency Tokencode has been generated for this user. Disabled - An offline Emergency Tokencode has not been generated for this user. | String |
| monthLastAuthenticated | Month the user last authenticated. Returns null if not applicable, or a date in MMM/YYYY format. | String |
| identitySourceSpecificGroups | Names of identity source groups that the user belongs to. | Array of strings |
| globalGroups | Names of CAS groups (local groups) that the user belongs to. | Array of strings |
Response Codes
The following table shows the response codes and their descriptions for the User Details API.
| Code | Description |
|---|---|
| 200 | User is successfully found. |
| 400 | User ID not provided as parameter. |
| 403 | Not authorized to perform the request. |
| 404 | User is not found. |
| 415 | Unsupported media type (must be JSON). |
| 429 | Too many requests. |
| 500 | Internal error occurred when processing the request. |
Related Articles
RSA Authenticator 4.3 for iOS and Android Administrator Guide Number of Views Coming Soon: RSA Authenticator 4.7 for iOS and Android Number of Views RSA Authenticator 4.5.3 for iOS and Android Administrator Guide Number of Views Does the RSA Authenticator App for iOS and Android Work in China? Number of Views Cloud Administration Synchronize User API Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
