Cloud Administration User Details API

The Cloud Administration User Details API enables Help Desk administrators to look up a single user without logging into the Cloud Administration Console. This API can look up only one user at a time.

Note: Confirm that SecurID has enabled SMS Tokencode and Voice Tokencode authentication for your company. Otherwise, the User Details API does not include the smsNumber and voiceNumber in the response.

Authentication

Clients calling this API must authenticate themselves by including a JSON Web Token in a request. For instructions on using this token, see Authentication for the Cloud Administration APIs .

Administrative Roles

This API can use an API Key that is associated with either the Super Administrator or Help Desk Administrator role. For more information, see Manage the Cloud Administration API Keys.

Software Developer Kit

You can download the API Software Developer Kit (SDK) from Cloud Administration REST API Download.

Request Requirements

Use the following information to retrieve information about a particular user.

Method Request URL Response Content Type Response Body Response Codes
POST /AdminInterface/restapi/v1/users/lookup
application/json User details with property 200, 400, 403, 404, 415, 500

Example Request Data

The following example displays a request.

POST /AdminInterface/restapi/v1/users/lookup

Accept: application/json

Authorization: Bearer <JWT token>

Request Body Parameters

The following table describes the request parameters.

Request Parameter Required? Description Type
email Yes
User's email address. String
searchUnsynched No When set to True, the Cloud Authentication Service searches for the user with the specified email address. If the user is not yet synchronized to the cloud, synchronization occurs before results are returned. This process significantly increases the search time. The default value is False. Boolean

Example Request Body

{

"email": "user.one@mycompany.com"

"searchUnsynched":"false"

}

Example Response

The following example response shows the status of a single user on 31 May 2018:

{

"id": "f85b6e95-f41f-45b4-bc84-559fead6460c",

"emailAddress": "user.one@mycompany.com",

"firstName": "User",

"lastName": "One",

"creationDate": "2018-08-31T19:10:30.045Z",

"identitySource": "My Company AD",

"userStatus": "Enabled",

"markDeleted": false,

"highRiskUser": false,

"markDeletedAt": null,

"markDeletedBy": null,

"smsNumber": "+11235556799",

"voiceNumber": "+1 774 291 4444",

"isTokenLocked": false,

"isSmsLocked": false,

"isVoiceLocked": false,

"lastSyncTime": "2018-08-31T19:20:30.045Z",

"emergencyAccessStatus": "Disabled",

"emergencyTokencodeId": null,

"emergencyTokencodeExpiration": null,

"emergencyTokencodeLastUse": null

"offlineEmergencyAccessStatus": "Disabled",

"offlineEmergencyTokencodeExpiration": null,

}

Property Response Descriptions

The following table shows property descriptions and data types.

Property Description Data Type
id Identifies the user. String
emailAddress User's email address. String
firstName User's first name. String
lastName User's last name. String
creationDate

Date when the user account was added to the Cloud Authentication Service.
See https://www.w3.org/TR/NOTE-datetime

for information on formatting timestamps in ISO 8601 format.
String
identitySource Name of identity source. String
userStatus

Enabled. Users can access protected resources.

Disabled. Users cannot access protected resources or register devices.

Pending Deletion. The user and all associated data and devices are automatically deleted from the Cloud Authentication Service seven days after being marked for deletion in the Cloud Administration Console.

String
markDeleted Indicates whether the user is marked deleted. Boolean
markDeletedAt Date when a user is marked deleted.
See https://www.w3.org/TR/NOTE-datetime .
String
markDeletedBy Administrator who initiated mark for delete. String
smsNumber Displays user phone numbers after you click Show synchronized phone numbers. Phone numbers appear only if corresponding attributes were configured and synchronized. String
voiceNumber Displays user voice phone numbers after you click Show synchronized phone numbers. Phone numbers appear only if corresponding attributes were configured and synchronized. String
isTokenLocked Token locked status is either true (locked) or false (unlocked). Boolean
isSmsLocked SMS phone locked status is either true (locked) or false (unlocked). Boolean
isVoiceLocked

Voice phone locked status is either true (locked) or false (unlocked).

Boolean
lastSyncTime Most recent time when user details were synchronized with an identity source.
See https://www.w3.org/TR/NOTE-datetime for information on formatting timestamps in ISO 8601 format.
String
highRiskUser

True indicates the user is marked as high risk by an external third-party application. False indicates the user is not marked as high risk by an external third-party application.

Boolean
emergencyAccessStatus

Enabled - An Emergency Tokencode has been generated for this user.

Disabled - An Emergency Tokencode has not been generated for this user.

Locked - Emergency Tokencode is locked for this user.

String
emergencyTokencodeId Identifies the Emergency Tokencode, if one has been generated for this user. String
emergencyTokencodeExpiration Emergency Tokencode expiration date. String
emergencyTokencodeLastUse Emergency Tokencode last used date. String
offlineEmergencyTokencodeExpiration Offline Emergency Tokencode expiration date. String
offlineEmergencyAccessStatus

Enabled - An offline Emergency Tokencode has been generated for this user.

Disabled - An offline Emergency Tokencode has not been generated for this user.

String

Response Codes

The following table shows response codes and descriptions for the User Details API.

Code Description
200 User is successfully found.
400 User ID not provided as parameter.
403 Not authorized to perform the request.
404 User is not found.
415 Unsupported media type (must be JSON).
500 Internal error occurred when processing the request.