Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

As of Versionproduct version 2020 Winter | component version 1.0
Request MethodPOST
Response FormatJSON
Required Permission

Available if listed in authorization.accesses in authentication-prod.yml and the specified access condition is matched. In the default configuration, access is granted via the YUUVIS_TENANT_ADMIN and YUUVIS_MANAGE_SETTINGS (as of 2022 Autumn) roles.

>> AUTHENTICATION Service
Description


Excerpt
Creates a new user in the tenant with the given properties.


The properties for the new user are passed in JSON format. In the response, the user ID is returned again in JSON format.

The only required parameter is username, but specifying the email parameter  is recommended. The specified e-mail address is used to invite users after they have been created and in case they have forgotten their password. If no SMTP parameters are set for a new user, no invitation e-mail can be sent. The currently logged-in user will be informed.

It is not allowed to assign the YUUVIS_SYSTEM_INTEGRATOR default role to new users.

As of 2022 Autumn, in the default configuration, users with the YUUVIS_MANAGE_SETTINGS role are allowed to use the endpoint as well. However, they are not allowed to assign the roles YUUVIS_TENANT_ADMIN or YUUVIS_SYSTEM_INTEGRATOR.

It is recommended to deactivate users instead of deleting them. Their user names might be required for compliance reasons.

New users are created with the Keycloak settings shown in the screenshot below (click to enlarge). The first actions newly created users have to carry out are specified under Required User Actions. In this configuration, these are Update Password and Update Profile. Hence, new users have to register by setting a password and other user data. The URL to the registration page is specified in the e-mail invitation.

yuuvis® Momentum client as reference implementation displays the user's name in the following format: lastName, firstName (username).

Meaning of the response status codes:


HTTP Status CodeMeaning
201 CREATEDSuccessful, the user has been created with the specified properties.
401 UNAUTHORIZEDThe call was unauthorized.
409 CONFLICT

At least one of the following situations occurred:

  • The username is not unique.
  • The email address is not unique.
  • The email address or password must be set.
  • The role {ROLE_NAME} was not found.
  • The group {GROUP_NAME} was not found.


Request Example

Will be introduced with the Release Candidate with the tag 1.1.0-rc2: If the password is not set, but e-mail and the withInvitation call parameter are defined as true, an e-mail invitation is sent to the given address by Keycloak.

POST /tenant-management/api/admin/users?withInvitation=true HTTP/1.1

If the parameter withInvitation is not given the default is "false".

Beginning with 2021 Autumn Alpha 4: 
POST /tenant-management/api/admin/users?withInvitation=true&temporaryPassword=false HTTP/1.1

If the temporaryPassword parameter is not specified, the default is "true".

Code Block
languageyml
{
  "email": "example@exampleprovider.de",
  "username": "mrexample",
  "firstName": "Examplename",
  "lastName": "Examplesurname",
  "roles": ["role1","role2"],
  "groups": ["group4","mygroup","group2"],
  "enabled": true,
  "password": "asecurepassword"
}


Response Example


Code Block
languageyml
{
  "id": "a00a0bb1-1234-5c66-7890-00fbb1c1a222"
}


...