Creates a new user, either End-User or Service User.
End-User Accounts are assigned to employees. To create an end user account, the accountType field must be NORMAL.
Service User Accounts are a type of account used for bots or applications, rather than end-users. To create a service user account, the accountType field must be SYSTEM.
Since 20.14, userSystemInfo from the payload includes suspension info:
if user is active, then the suspended attribute is set to false,
if user is suspended, then the suspended attribute is set to true and both suspendedUntil and suspensionReason are as well included in the payload.
🚧 Required Permissions
The Password Object
The password object is optional for end-user accounts (NORMAL). For example, if your organization utilizes SSO, you may not want to specify the password.
Please note the password object is not used for service accounts (SYSTEM) and therefore cannot be entered in the request payload.
The following code snippets can be used to generate hashed passwords. Two implementations are provided, one using built-in Java classes and the other with Postman.
@Test
public void test() throws NoSuchAlgorithmException, InvalidKeySpecException {
String password = "ARandomPassword";
SecureRandom sr = new SecureRandom();
byte[] salt = new byte[16];
sr.nextBytes(salt);
assertTrue(Arrays.equals(generateStrongPasswordHash(password, salt), getSaltedPassword(password, salt)));
}
private static byte[] generateStrongPasswordHash(String password, byte[] salt)
throws NoSuchAlgorithmException, InvalidKeySpecException {
int iterations = 10000;
char[] pb = password.toCharArray();
PBEKeySpec spec = new PBEKeySpec(pb, salt, iterations, 256);
SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
byte[] hash = skf.generateSecret(spec).getEncoded();
return hash;
}
public static byte[] getSaltedPassword(String password, byte[] salt) {
PKCS5S2ParametersGenerator gen = new PKCS5S2ParametersGenerator(new SHA256Digest());
byte[] bytes = password.getBytes(StandardCharsets.UTF_8);
gen.init(bytes, salt, 10000);
byte[] newPasswordGen = ((KeyParameter) gen.generateDerivedParameters(256)).getKey();
return newPasswordGen;
}
// Example with Postman, as a Pre-Request script.
const password = 'SymphonyRocks123456789!'; // Replace with your password
// Generate a random salt of specified length
function generateSalt(length) {
return CryptoJS.lib.WordArray.random(128 / 8);
}
// PBKDF2 function using CryptoJS
function derivePBKDF2(password, salt, iterations, keyLength) {
return CryptoJS.PBKDF2(password, salt, {
keySize: keyLength / 32, // Key size in words (32-bit units)
iterations: iterations,
hasher: CryptoJS.algo.SHA256
});
}
// Parameters
const iterations = 10000; // Number of iterations
const keyLength = 256; // Key length in bits (256 = 32 bytes)
const saltLength = 16; // Salt length in characters
// Generate random salts
const hSalt = generateSalt(saltLength);
const khSalt = generateSalt(saltLength);
// Derive PBKDF2 hashes
const hPassword = derivePBKDF2(password, hSalt, iterations, keyLength);
const khPassword = derivePBKDF2(password, khSalt, iterations, keyLength);
// Convert salts and hashes to B64 strings
const hSaltB64 = CryptoJS.enc.Base64.stringify(hSalt);
const khSaltB64 = CryptoJS.enc.Base64.stringify(khSalt);
const hPasswordB64 = CryptoJS.enc.Base64.stringify(hPassword);
const khPasswordB64 = CryptoJS.enc.Base64.stringify(khPassword);
// Set Postman environment variables for use in the request
pm.environment.set('hSalt', hSaltB64);
pm.environment.set('hPassword', hPasswordB64);
pm.environment.set('khSalt', khSaltB64);
pm.environment.set('khPassword', khPasswordB64);
Please note that even if the suspendedUntil date is in the past, the user will remain suspended=true until he first logs on the client after the suspension ended. The suspended info are then automatically updated.
See the endpoint for more information.
Calling this endpoint requires the ACCESS_USER_PROVISIONING_API and ACCESS_ADMIN_API privileges.
See for a list of roles and associated privileges.
