Managing users via REST APIs

You can programmatically manage users via REST APIs.

For all API calls related to user management, use type=user.

Creating a user

Use action=createupdate to create user accounts with a User Source=Local.

User authentication will depend on the email domain configuration (for example, local auth, SAML, auth AD auth) and password parameter will be discarded if user auth is not set to local.

POST https://portal.bitglass.com/api/bitglassapi/config/v1.1/?type=user&action=createupdate

Parameter Value Description Notes
username string The unique identifier for a user and primary email address. required
password string Should be the password used by the user to access the account optional
firstname string The first name for the user required
lastname string The last name for the user optional
primaryemail string Primary Email that the user may use within the company for work. This field might be the same as the username field but does not have to be. optional
secondaryemail string Secondary Email is used to send you password reset instructions. optional
netbiosdomain string The netbiosdomain of your organization that the user belongs to. optional
samaccountname string The logon name used to support clients and servers from previous versions of Windows. optional
userprincipalname string Also used commonly as the users login name especially if company email is not used. optional
objectguid string ImmutableID used to uniquely identify a user when SSO is initiated to O365. optional
countrycode string Should be the shortname of the coutnry. Can have values as specified in the attached list

optional

required if mobilenumber is not blank

mobilenumber string Mobile number is used to send tokens during two factor authentication. Should be entered with the country code.

optional

required if countrycode is not blank

adminrole string

Admin role that could be assigned to the user. Default "none".

To remove an admin role from a user, specify a parameter of "null" (for example, "adminrole":null)

optional
groupmembership array Includes an array of groupname strings the user should be added to optional
customattribute1 string A custom attribute that admins can create and send during the SAML request for authentication or used to inherit permissions inside the application. optional
customattribute2 string Another field to set another additional custom attribute. optional
{
    "companyemail": "akohli@acme-gadget.com",
    "password": "new password",
    "firstname": "Amish",
    "lastname": "Kohli",
    "netbiosdomain": "ACME-GADGET",
    "samaccountname": "akohli",
    "userprincipalname": "akohli@acme-gadget.com",
    "objectguid":"c82fea8c-ab5c-4a34-a533-a98cb68da858", 
    "countrycode":"US",
    "mobilenumber": "+11234567890"
    "adminrole": "None",
    "groupmembership": [
        "sales",
        "product"],
    "filepassword": "file password",
    "customattribute1": "",
    "customerattribute2": ""
    }

Deactivating user

Use action=deactivate to deactivate user account.

POST https://portal.bitglass.com/api/bitglassapi/config/v1.1/?type=user&action=deactivate

Parameter Value Description Notes
companyemail string The unique identifier for a user, the primary email address required

Reactivating user

Use action=reactivate to reactivate user account.

POST https://portal.bitglass.com/api/bitglassapi/config/v1.1/?type=user&action=reactivate

Parameter Value Description Notes
companyemail string The unique identifier for a user, the primary email address required

Deleting user

Use action=delete to delete the deactivated user account.

POST https://portal.bitglass.com/api/bitglassapi/config/v1.1/?type=user&action=delete

Parameter Value Description Notes
companyemail string The unique identifier for a user, the primary email address required

Viewing details of a single user

Use one of the following API to view extensive details of a user:
  • GET https://portal.bitglass.com/api/bitglassapi/config/v2/user/<user_name>/
  • GET https://portal.bitglass.com/api/bitglassapi/config/v2.1/user/<user_name>/
    Note: When you use API v2.1, you will get a response with an additional field, Status of the user, along with the other fields.
Parameter Value Description Notes
username string The unique identifier for a user, the primary email address required
{
   "response":{
      "username":"adas-demo@acme-gadget.com",
      "firstname":"Amiya",
      "lastname":"Demo",
      "manager":"",
      "primaryemail":"demo@acme-gadget.com",
      "secondaryemail":"",
      "netbiosdomain":"ACME_GADGET",
      "samaccountName":"adas-demo",
      "ms-ds-consistencyguid":"mS-DS-ConsistencyGuid",
      "userprincipalname":"adas-demo@acme-gadget.com",
      "objectguid":"0f32d700-a387-450e-b1f4-6-99595",
      "objectsid":"object_sid",
      "customattribute1":"custom-xyz",
      "customattribute2":"custom-abc",
      "countrycode":"+1",
      "mobilenumber":"3737373222",
      "source":"active directory",
      "adminrole":"<manual admin role>",
      "groupmembership":[
         "group1",
         "group2"
      ],
      "date_joined":"19 Mar 2021 08:46:17",
      "last_login":"19 Mar 2021 08:46:17",
      "risk_score":"3",
      "dataformat":"json",
      "dataencoding":"utf-8",
      "uuid": "9fc8b4cd-e9bf-4c4c-8c4b-64b71ad89673",
      "status":"Active"
   }
}