Package com.okta.sdk.resource.api

Class UserApi

java.lang.Object
com.okta.sdk.resource.api.UserApi
@Generated(value="org.openapitools.codegen.languages.JavaClientCodegen", date="2024-09-23T08:35:59.300824-05:00[America/Chicago]", comments="Generator version: 7.8.0") public class UserApi extends Object

  • Constructor Details

    • UserApi

      public UserApi()

    • UserApi

      public UserApi(ApiClient apiClient)

  • Method Details

    • getApiClient

      public ApiClient getApiClient()

    • setApiClient

      public void setApiClient(ApiClient apiClient)

    • createUser

      public User createUser(CreateUserRequest body, Boolean activate, Boolean provider, UserNextLogin nextLogin) throws ApiException
      Create a User Creates a new User in your Okta org with or without credentials.<br> > **Legal Disclaimer** > > After a User is added to the Okta directory, they receive an activation email. As part of signing up for this service, > you agreed not to use Okta's service/product to spam and/or send unsolicited messages. > Please refrain from adding unrelated accounts to the directory as Okta is not responsible for, and disclaims any and all > liability associated with, the activation email's content. You, and you alone, bear responsibility for the emails sent to any recipients. All responses return the created User. Activation of a User is an asynchronous operation. The system performs group reconciliation during activation and assigns the User to all apps via direct or indirect relationships (group memberships). * The user's `transitioningToStatus` property is `ACTIVE` during activation to indicate that the User hasn't completed the asynchronous operation. * The user's `status` is `ACTIVE` when the activation process is complete. The User is emailed a one-time activation token if activated without a password. > **Note:** If the User is assigned to an app that is configured for provisioning, the activation process triggers downstream provisioning to the app. It is possible for a User to sign in before these apps have been successfully provisioned for the User. > **Important:** Do not generate or send a one-time activation token when activating Users with an assigned password. Users should sign in with their assigned password. For more information about the various scenarios of creating a user listed in the examples, see User Scenario Creations section in the [Users API](/openapi/okta-management/management/tag/User) description.
      Parameters:
      body - (required)
      activate - Executes an [activation lifecycle](/openapi/okta-management/management/tag/UserLifecycle/#tag/UserLifecycle/operation/activateUser) operation when creating the User (optional, default to true)
      provider - Indicates whether to create a User with a specified authentication provider (optional, default to false)
      nextLogin - With `activate=true`, if `nextLogin=changePassword`, a User is created, activated, and the password is set to `EXPIRED`. The User must change it the next time they sign in. (optional)
      Returns:
      User
      Throws:
      ApiException - if fails to make API call

    • createUser

      public User createUser(CreateUserRequest body, Boolean activate, Boolean provider, UserNextLogin nextLogin, Map<String,String> additionalHeaders) throws ApiException
      Create a User Creates a new User in your Okta org with or without credentials.<br> > **Legal Disclaimer** > > After a User is added to the Okta directory, they receive an activation email. As part of signing up for this service, > you agreed not to use Okta's service/product to spam and/or send unsolicited messages. > Please refrain from adding unrelated accounts to the directory as Okta is not responsible for, and disclaims any and all > liability associated with, the activation email's content. You, and you alone, bear responsibility for the emails sent to any recipients. All responses return the created User. Activation of a User is an asynchronous operation. The system performs group reconciliation during activation and assigns the User to all apps via direct or indirect relationships (group memberships). * The user's `transitioningToStatus` property is `ACTIVE` during activation to indicate that the User hasn't completed the asynchronous operation. * The user's `status` is `ACTIVE` when the activation process is complete. The User is emailed a one-time activation token if activated without a password. > **Note:** If the User is assigned to an app that is configured for provisioning, the activation process triggers downstream provisioning to the app. It is possible for a User to sign in before these apps have been successfully provisioned for the User. > **Important:** Do not generate or send a one-time activation token when activating Users with an assigned password. Users should sign in with their assigned password. For more information about the various scenarios of creating a user listed in the examples, see User Scenario Creations section in the [Users API](/openapi/okta-management/management/tag/User) description.
      Parameters:
      body - (required)
      activate - Executes an [activation lifecycle](/openapi/okta-management/management/tag/UserLifecycle/#tag/UserLifecycle/operation/activateUser) operation when creating the User (optional, default to true)
      provider - Indicates whether to create a User with a specified authentication provider (optional, default to false)
      nextLogin - With `activate=true`, if `nextLogin=changePassword`, a User is created, activated, and the password is set to `EXPIRED`. The User must change it the next time they sign in. (optional)
      additionalHeaders - additionalHeaders for this call
      Returns:
      User
      Throws:
      ApiException - if fails to make API call

    • deleteUser

      public void deleteUser(String id, Boolean sendEmail, String prefer) throws ApiException
      Delete a User Deletes a User permanently. This operation can only be performed on Users that have a `DEPROVISIONED` status. **This action can't be recovered!** This operation on a User that hasn't been deactivated causes that User to be deactivated. A second delete operation is required to delete the User. > **Note:** You can also perform user deletion asynchronously. To invoke asynchronous user deletion, pass an HTTP header `Prefer: respond-async` with the request. This header is also supported by user deactivation, which is performed if the delete endpoint is invoked on a User that hasn't been deactivated.
      Parameters:
      id - `id`, `login`, or `login shortname` (as long as it is unambiguous) of user (required)
      sendEmail - Sends a deactivation email to the admin if `true` (optional, default to false)
      prefer - (optional)
      Throws:
      ApiException - if fails to make API call

    • deleteUser

      public void deleteUser(String id, Boolean sendEmail, String prefer, Map<String,String> additionalHeaders) throws ApiException
      Delete a User Deletes a User permanently. This operation can only be performed on Users that have a `DEPROVISIONED` status. **This action can't be recovered!** This operation on a User that hasn't been deactivated causes that User to be deactivated. A second delete operation is required to delete the User. > **Note:** You can also perform user deletion asynchronously. To invoke asynchronous user deletion, pass an HTTP header `Prefer: respond-async` with the request. This header is also supported by user deactivation, which is performed if the delete endpoint is invoked on a User that hasn't been deactivated.
      Parameters:
      id - `id`, `login`, or `login shortname` (as long as it is unambiguous) of user (required)
      sendEmail - Sends a deactivation email to the admin if `true` (optional, default to false)
      prefer - (optional)
      additionalHeaders - additionalHeaders for this call
      Throws:
      ApiException - if fails to make API call

    • getUser

      public UserGetSingleton getUser(String id, String contentType, String expand) throws ApiException
      Retrieve a User Retrieves a User from your Okta org. > **Note:** You can substitute `me` for the `id` to fetch the current User linked to an API token or session cookie. > * The request returns the User linked to the API token that is specified in the Authorization header, not the User linked to the active session. Details of the Admin User who granted the API token is returned. > * When the end User has an active Okta session, it is typically a CORS request from the browser. Therefore, it's possible to retrieve the current User without the Authorization header. > **Note:** Some browsers block third-party cookies by default, which disrupts Okta functionality in certain flows. See [Mitigate the impact of third-party cookie deprecation](https://help.okta.com/okta_help.htm?type=oie&id=ext-third-party-cookies). > **Note:** When fetching a User by `login` or `login shortname`, [URL encode](https://developer.mozilla.org/en-US/docs/Glossary/Percent-encoding) the request parameter to ensure that special characters are escaped properly. Logins with a `/` character can only be fetched by `id` due to URL issues with escaping the `/` character.
      Parameters:
      id - `id`, `login`, or `login shortname` (as long as it is unambiguous) of user (required)
      contentType - Specifies the media type of the resource. Optional `okta-response` value can be included for performance optimization. Complex DelAuth configurations may degrade performance when fetching specific parts of the response, and passing this parameter can omit these parts, bypassing the bottleneck. Enum values for `okta-response`: * `omitCredentials`: Omits the credentials subobject from the response. * `omitCredentialsLinks`: Omits the following HAL links from the response: Change Password, Change Recovery Question, Forgot Password, Reset Password, Reset Factors, Unlock. * `omitTransitioningToStatus`: Omits the `transitioningToStatus` field from the response. (optional)
      expand - An optional parameter to include metadata in the `_embedded` attribute. Valid value: `blocks` (optional)
      Returns:
      UserGetSingleton
      Throws:
      ApiException - if fails to make API call

    • getUser

      public UserGetSingleton getUser(String id, String contentType, String expand, Map<String,String> additionalHeaders) throws ApiException
      Retrieve a User Retrieves a User from your Okta org. > **Note:** You can substitute `me` for the `id` to fetch the current User linked to an API token or session cookie. > * The request returns the User linked to the API token that is specified in the Authorization header, not the User linked to the active session. Details of the Admin User who granted the API token is returned. > * When the end User has an active Okta session, it is typically a CORS request from the browser. Therefore, it's possible to retrieve the current User without the Authorization header. > **Note:** Some browsers block third-party cookies by default, which disrupts Okta functionality in certain flows. See [Mitigate the impact of third-party cookie deprecation](https://help.okta.com/okta_help.htm?type=oie&id=ext-third-party-cookies). > **Note:** When fetching a User by `login` or `login shortname`, [URL encode](https://developer.mozilla.org/en-US/docs/Glossary/Percent-encoding) the request parameter to ensure that special characters are escaped properly. Logins with a `/` character can only be fetched by `id` due to URL issues with escaping the `/` character.
      Parameters:
      id - `id`, `login`, or `login shortname` (as long as it is unambiguous) of user (required)
      contentType - Specifies the media type of the resource. Optional `okta-response` value can be included for performance optimization. Complex DelAuth configurations may degrade performance when fetching specific parts of the response, and passing this parameter can omit these parts, bypassing the bottleneck. Enum values for `okta-response`: * `omitCredentials`: Omits the credentials subobject from the response. * `omitCredentialsLinks`: Omits the following HAL links from the response: Change Password, Change Recovery Question, Forgot Password, Reset Password, Reset Factors, Unlock. * `omitTransitioningToStatus`: Omits the `transitioningToStatus` field from the response. (optional)
      expand - An optional parameter to include metadata in the `_embedded` attribute. Valid value: `blocks` (optional)
      additionalHeaders - additionalHeaders for this call
      Returns:
      UserGetSingleton
      Throws:
      ApiException - if fails to make API call

    • listUserBlocks

      public List<UserBlock> listUserBlocks(String userId) throws ApiException
      List all User Blocks Lists information about how the User is blocked from accessing their account
      Parameters:
      userId - ID of an existing Okta user (required)
      Returns:
      List<UserBlock>
      Throws:
      ApiException - if fails to make API call

    • listUserBlocks

      public List<UserBlock> listUserBlocks(String userId, Map<String,String> additionalHeaders) throws ApiException
      List all User Blocks Lists information about how the User is blocked from accessing their account
      Parameters:
      userId - ID of an existing Okta user (required)
      additionalHeaders - additionalHeaders for this call
      Returns:
      List<UserBlock>
      Throws:
      ApiException - if fails to make API call

    • listUsers

      public List<User> listUsers(String contentType, String q, String after, Integer limit, String filter, String search, String sortBy, String sortOrder) throws ApiException
      List all Users Lists Users in your org, with pagination in most cases. A subset of Users can be returned that match a supported filter expression or search criteria.
      Parameters:
      contentType - Specifies the media type of the resource. Optional `okta-response` value can be included for performance optimization. Complex DelAuth configurations may degrade performance when fetching specific parts of the response, and passing this parameter can omit these parts, bypassing the bottleneck. Enum values for `okta-response`: * `omitCredentials`: Omits the credentials subobject from the response. * `omitCredentialsLinks`: Omits the following HAL links from the response: Change Password, Change Recovery Question, Forgot Password, Reset Password, Reset Factors, Unlock. * `omitTransitioningToStatus`: Omits the `transitioningToStatus` field from the response. (optional)
      q - Finds users who match the specified query. This doesn't support pagination. This might not deliver optimal performance for large orgs, and is deprecated for such use cases. To ensure optimal performance, use a [`search` parameter](/openapi/okta-management/management/tag/User/#tag/User/operation/listUsers!in=query&path=search&t=request) instead. Use the `q` parameter for a simple lookup of users by name, for example when creating a people picker. The value of `q` is matched against `firstName`, `lastName`, or `email`. This performs a `startsWith` match, but this is an implementation detail and can change without notice. You don't need to specify `firstName`, `lastName`, or `email`. (optional)
      after - The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](https://developer.okta.com/docs/api/#pagination). (optional)
      limit - Specifies the number of results returned. Defaults to 10 if `q` is provided. (optional, default to 200)
      filter - Filters users with a supported expression for a subset of properties. This requires [URL encoding](https://developer.mozilla.org/en-US/docs/Glossary/Percent-encoding). For example, `filter=lastUpdated gt \"2013-06-01T00:00:00.000Z\"` is encoded as `filter=lastUpdated%20gt%20%222013-06-01T00:00:00.000Z%22`. Filtering is case-sensitive for attribute names and query values, while attribute operators are case-insensitive. Filtering supports the following limited number of properties: `status`, `lastUpdated`, `id`, `profile.login`, `profile.email`, `profile.firstName`, and `profile.lastName`. Additionally, filtering supports only the equal `eq` operator from the standard Okta API filtering semantics, except in the case of the `lastUpdated` property. This property can also use the inequality operators (`gt`, `ge`, `lt`, and `le`). For logical operators, only the logical operators `and` and `or` are supported. The `not` operator isn't supported. (optional)
      search - Searches for users with a supported filtering expression for most properties. Okta recommends using this parameter for search for best performance. This operation supports [pagination](https://developer.okta.com/docs/api/#pagination). Use an ID lookup for records that you update to ensure your results contain the latest data. Property names in the search parameter are case sensitive, whereas operators (`eq`, `sw`, and so on) and string values are case insensitive. Unlike with user logins, diacritical marks are significant in search string values: a search for `isaac.brock` finds `Isaac.Brock`, but doesn't find a property whose value is `isáàc.bröck`. This operation requires [URL encoding](https://developer.mozilla.org/en-US/docs/Glossary/Percent-encoding). For example, `search=profile.department eq \"Engineering\"` is encoded as `search=profile.department%20eq%20%22Engineering%22`. > **Note:** If you use the special character `\"` within a quoted string, it must also be escaped `\\` and encoded. For example, `search=profile.lastName eq \"bob\"smith\"` is encoded as `search=profile.lastName%20eq%20%22bob%5C%22smith%22`. This operation searches many properties: * Any user profile property, including custom-defined properties * The top-level properties `id`, `status`, `created`, `activated`, `statusChanged`, and `lastUpdated` * The [User Type](https://developer.okta.com/docs/reference/api/user-types/) accessed as `type.id` You can also use `sortBy` and `sortOrder` parameters. The `ne` (not equal) operator isn't supported, but you can obtain the same result by using `lt ... or ... gt`. For example, to see all users except those that have a status of `STAGED`, use `(status lt \"STAGED\" or status gt \"STAGED\")`. You can search properties that are arrays. If any element matches the search term, the entire array (object) is returned. Okta follows the [SCIM Protocol Specification](https://tools.ietf.org/html/rfc7644#section-3.4.2.2) for searching arrays. You can search multiple arrays, multiple values in an array, as well as using the standard logical and filtering operators. See [Filter](https://developer.okta.com/docs/reference/core-okta-api/#filter). (optional)
      sortBy - Specifies field to sort by (for search queries only). This can be any single property, for example `sortBy=profile.lastName`. Users with the same value for the `sortBy` property will be ordered by `id`. (optional)
      sortOrder - Specifies sort order asc or desc (for search queries only). Sorting is done in ASCII sort order (that is, by ASCII character value), but isn't case sensitive. `sortOrder` is ignored if `sortBy` is not present. (optional)
      Returns:
      List<User>
      Throws:
      ApiException - if fails to make API call

    • listUsers

      public List<User> listUsers(String contentType, String q, String after, Integer limit, String filter, String search, String sortBy, String sortOrder, Map<String,String> additionalHeaders) throws ApiException
      List all Users Lists Users in your org, with pagination in most cases. A subset of Users can be returned that match a supported filter expression or search criteria.
      Parameters:
      contentType - Specifies the media type of the resource. Optional `okta-response` value can be included for performance optimization. Complex DelAuth configurations may degrade performance when fetching specific parts of the response, and passing this parameter can omit these parts, bypassing the bottleneck. Enum values for `okta-response`: * `omitCredentials`: Omits the credentials subobject from the response. * `omitCredentialsLinks`: Omits the following HAL links from the response: Change Password, Change Recovery Question, Forgot Password, Reset Password, Reset Factors, Unlock. * `omitTransitioningToStatus`: Omits the `transitioningToStatus` field from the response. (optional)
      q - Finds users who match the specified query. This doesn't support pagination. This might not deliver optimal performance for large orgs, and is deprecated for such use cases. To ensure optimal performance, use a [`search` parameter](/openapi/okta-management/management/tag/User/#tag/User/operation/listUsers!in=query&path=search&t=request) instead. Use the `q` parameter for a simple lookup of users by name, for example when creating a people picker. The value of `q` is matched against `firstName`, `lastName`, or `email`. This performs a `startsWith` match, but this is an implementation detail and can change without notice. You don't need to specify `firstName`, `lastName`, or `email`. (optional)
      after - The cursor to use for pagination. It is an opaque string that specifies your current location in the list and is obtained from the `Link` response header. See [Pagination](https://developer.okta.com/docs/api/#pagination). (optional)
      limit - Specifies the number of results returned. Defaults to 10 if `q` is provided. (optional, default to 200)
      filter - Filters users with a supported expression for a subset of properties. This requires [URL encoding](https://developer.mozilla.org/en-US/docs/Glossary/Percent-encoding). For example, `filter=lastUpdated gt \"2013-06-01T00:00:00.000Z\"` is encoded as `filter=lastUpdated%20gt%20%222013-06-01T00:00:00.000Z%22`. Filtering is case-sensitive for attribute names and query values, while attribute operators are case-insensitive. Filtering supports the following limited number of properties: `status`, `lastUpdated`, `id`, `profile.login`, `profile.email`, `profile.firstName`, and `profile.lastName`. Additionally, filtering supports only the equal `eq` operator from the standard Okta API filtering semantics, except in the case of the `lastUpdated` property. This property can also use the inequality operators (`gt`, `ge`, `lt`, and `le`). For logical operators, only the logical operators `and` and `or` are supported. The `not` operator isn't supported. (optional)
      search - Searches for users with a supported filtering expression for most properties. Okta recommends using this parameter for search for best performance. This operation supports [pagination](https://developer.okta.com/docs/api/#pagination). Use an ID lookup for records that you update to ensure your results contain the latest data. Property names in the search parameter are case sensitive, whereas operators (`eq`, `sw`, and so on) and string values are case insensitive. Unlike with user logins, diacritical marks are significant in search string values: a search for `isaac.brock` finds `Isaac.Brock`, but doesn't find a property whose value is `isáàc.bröck`. This operation requires [URL encoding](https://developer.mozilla.org/en-US/docs/Glossary/Percent-encoding). For example, `search=profile.department eq \"Engineering\"` is encoded as `search=profile.department%20eq%20%22Engineering%22`. > **Note:** If you use the special character `\"` within a quoted string, it must also be escaped `\\` and encoded. For example, `search=profile.lastName eq \"bob\"smith\"` is encoded as `search=profile.lastName%20eq%20%22bob%5C%22smith%22`. This operation searches many properties: * Any user profile property, including custom-defined properties * The top-level properties `id`, `status`, `created`, `activated`, `statusChanged`, and `lastUpdated` * The [User Type](https://developer.okta.com/docs/reference/api/user-types/) accessed as `type.id` You can also use `sortBy` and `sortOrder` parameters. The `ne` (not equal) operator isn't supported, but you can obtain the same result by using `lt ... or ... gt`. For example, to see all users except those that have a status of `STAGED`, use `(status lt \"STAGED\" or status gt \"STAGED\")`. You can search properties that are arrays. If any element matches the search term, the entire array (object) is returned. Okta follows the [SCIM Protocol Specification](https://tools.ietf.org/html/rfc7644#section-3.4.2.2) for searching arrays. You can search multiple arrays, multiple values in an array, as well as using the standard logical and filtering operators. See [Filter](https://developer.okta.com/docs/reference/core-okta-api/#filter). (optional)
      sortBy - Specifies field to sort by (for search queries only). This can be any single property, for example `sortBy=profile.lastName`. Users with the same value for the `sortBy` property will be ordered by `id`. (optional)
      sortOrder - Specifies sort order asc or desc (for search queries only). Sorting is done in ASCII sort order (that is, by ASCII character value), but isn't case sensitive. `sortOrder` is ignored if `sortBy` is not present. (optional)
      additionalHeaders - additionalHeaders for this call
      Returns:
      List<User>
      Throws:
      ApiException - if fails to make API call

    • replaceUser

      public User replaceUser(String id, UpdateUserRequest user, Boolean strict) throws ApiException
      Replace a User Replaces a User's profile, credentials, or both using strict-update semantics. All profile properties must be specified when updating a User's profile with a `PUT` method. Any property not specified in the request is deleted. > **Important:** Don't use a `PUT` method for partial updates.
      Parameters:
      id - `id`, `login`, or `login shortname` (as long as it is unambiguous) of user (required)
      user - (required)
      strict - If `true`, validates against minimum age and history password policy (optional)
      Returns:
      User
      Throws:
      ApiException - if fails to make API call

    • replaceUser

      public User replaceUser(String id, UpdateUserRequest user, Boolean strict, Map<String,String> additionalHeaders) throws ApiException
      Replace a User Replaces a User's profile, credentials, or both using strict-update semantics. All profile properties must be specified when updating a User's profile with a `PUT` method. Any property not specified in the request is deleted. > **Important:** Don't use a `PUT` method for partial updates.
      Parameters:
      id - `id`, `login`, or `login shortname` (as long as it is unambiguous) of user (required)
      user - (required)
      strict - If `true`, validates against minimum age and history password policy (optional)
      additionalHeaders - additionalHeaders for this call
      Returns:
      User
      Throws:
      ApiException - if fails to make API call

    • updateUser

      public User updateUser(String id, UpdateUserRequest user, Boolean strict) throws ApiException
      Update a User Updates a user's profile or credentials with partial update semantics. > **Important:** Use the `POST` method for partial updates. Unspecified properties are set to null with `PUT`. `profile` and `credentials` can be updated independently or together with a single request. > **Note**: Currently, the User Type of a User can only be changed via a full replacement PUT operation. If the request parameters of a partial update include the type element from the User object, the value must match the existing type of the User. Only admins are permitted to change the User type of a User; end users are not allowed to change their own User type. > **Note**: To update a current user's profile with partial semantics, the `/api/v1/users/me` endpoint can be invoked. > > A User can only update profile properties for which the User has write access. Within the profile, if the User tries to update the primary or the secondary email IDs, verification emails are sent to those email IDs, and the fields are updated only upon verification. If you are using this endpoint to set a password, it sets a password without validating existing user credentials. This is an administrative operation. For operations that validate credentials, refer to the `Reset Password`, `Forgot Password`, and `Change Password` endpoints.
      Parameters:
      id - `id`, `login`, or `login shortname` (as long as it is unambiguous) of user (required)
      user - (required)
      strict - If true, validates against minimum age and history password policy (optional)
      Returns:
      User
      Throws:
      ApiException - if fails to make API call

    • updateUser

      public User updateUser(String id, UpdateUserRequest user, Boolean strict, Map<String,String> additionalHeaders) throws ApiException
      Update a User Updates a user's profile or credentials with partial update semantics. > **Important:** Use the `POST` method for partial updates. Unspecified properties are set to null with `PUT`. `profile` and `credentials` can be updated independently or together with a single request. > **Note**: Currently, the User Type of a User can only be changed via a full replacement PUT operation. If the request parameters of a partial update include the type element from the User object, the value must match the existing type of the User. Only admins are permitted to change the User type of a User; end users are not allowed to change their own User type. > **Note**: To update a current user's profile with partial semantics, the `/api/v1/users/me` endpoint can be invoked. > > A User can only update profile properties for which the User has write access. Within the profile, if the User tries to update the primary or the secondary email IDs, verification emails are sent to those email IDs, and the fields are updated only upon verification. If you are using this endpoint to set a password, it sets a password without validating existing user credentials. This is an administrative operation. For operations that validate credentials, refer to the `Reset Password`, `Forgot Password`, and `Change Password` endpoints.
      Parameters:
      id - `id`, `login`, or `login shortname` (as long as it is unambiguous) of user (required)
      user - (required)
      strict - If true, validates against minimum age and history password policy (optional)
      additionalHeaders - additionalHeaders for this call
      Returns:
      User
      Throws:
      ApiException - if fails to make API call

    • getObjectMapper

      protected static com.fasterxml.jackson.databind.ObjectMapper getObjectMapper()