Instead, the user status is set to ACTIVE and the user may immediately sign in using their Email authenticator. If the enrollment policy that applies to the groups specified for the newly created user indicates that password is optional or disabled, then the Administrator can't specify a password for the user. If the user is created with a password, then their state is set to ACTIVE, and they can immediately sign in using their Password authenticator. If the enrollment policy that applies to the user (as determined by the groups assigned to the user) specifies that the Password authenticator is required, then in the case where the user is created without a password, the user is in the PROVISIONED state andĪ One-Time Token is sent to the user through email. See Create an authenticator enrollment policy (opens new window).īased on the group memberships that are specified when the user is created, a password may or may not be required to make the user's status ACTIVE. When Optional Password is enabled, the user status following user creation can be affected by the enrollment policy. Create User with Optional Password enabled Security Q & AĬreating users with a FEDERATION or SOCIAL provider sets the user status to either ACTIVE or STAGED based on the activate query parameter since these two providers don't support a password or recovery_question credential. It is possible for a user to login before these applications have been successfully provisioned for the user. Note: If the user is assigned to an application that is configured for provisioning, the activation process triggers downstream provisioning to the application. The user is emailed a one-time activation token if activated without a password. The user's status is ACTIVE when the activation process is complete.The user's transitioningToStatus property is ACTIVE during activation to indicate that the user hasn't completed the asynchronous operation.The system performs group reconciliation during activation and assigns the user to all applications via direct or indirect relationships (group memberships). Activation of a user is an asynchronous operation. With activate=true, if nextLogin=changePassword, a user is created, activated, and the password is set to EXPIRED, so user must change it the next time they log in.Īll responses return the created User. Ids of groups that user will be added to at time of creation
Indicates whether to create a user with a specified authentication provider Request parameters ParameterĮxecutes activation lifecycle operation when creating the user You, and you alone, bear responsibility for the emails sent to any recipients. Please refrain from adding unrelated accounts to the directory as Okta is not responsible for, and disclaims any and all liability associated with, the activation email's content. As part of signing up for this service, you agreed not to use Okta's service/product to spam and/or send unsolicited messages. Create User with Authentication ProviderĪfter a user is added to the Okta directory, they receive an activation email.Create User with Password & Recovery Question.Create User with Password Import Inline Hook.Create User with Imported Hashed Password.Getting startedĮxplore the Users API: (opens new window) User operations Create UserĬreates a new user in your Okta organization with or without credentials The Okta User API provides operations to manage users in your organization.
0 kommentar(er)
