g290p (g290p) asked a question.
Hi,
I need to get information about all users which are provisioned but not active yet (i.e. have not changed the password). I need this information for a specific application only, so I tried with API which lists all users associated with a application. However, it always shows user status as Active. I want to know why is there difference between user status for both calls as both are are returning information for same users.
Here is the result of call to /api/v1/users/{user_id}
{
"id": "xxxxxxxxxxxxxwRL2p7",
"status": "PROVISIONED",
"created": "2020-07-27T18:03:29.000Z",
"activated": "2020-07-27T18:03:30.000Z",
"statusChanged": "2020-07-27T18:03:30.000Z",
"lastLogin": null,
"lastUpdated": "2020-07-27T18:03:30.000Z",
"passwordChanged": null,
"type": {
"id": "xxxxxxxxxxxxxx0hS2p6"
},
"profile": {
"firstName": "Akash",
"lastName": "xxxxxxya",
"mobilePhone": null,
"secondEmail": null,
"login": "akash_xxxxxxya+sals82@xxx-xxx.com",
"email": "akash_xxxxxxya+sals82@xxx-xxx.com"
},
"credentials": {
"provider": {
"type": "OKTA",
"name": "OKTA"
}
},
"_links": {
"suspend": {
"href": "https://biorad-ext.okta.com/api/v1/users/xxxxxxxxxxxxxwRL2p7/lifecycle/suspend",
"method": "POST"
},
"schema": {
"href": "https://biorad-ext.okta.com/api/v1/meta/schemas/user/xxxxxxxxxxxxxxxxS2p6"
},
"resetPassword": {
"href": "https://biorad-ext.okta.com/api/v1/users/xxxxxxxxxxxxxwRL2p7/lifecycle/reset_password",
"method": "POST"
},
"reactivate": {
"href": "https://biorad-ext.okta.com/api/v1/users/xxxxxxxxxxxxxwRL2p7/lifecycle/reactivate",
"method": "POST"
},
"self": {
"href": "https://biorad-ext.okta.com/api/v1/users/xxxxxxxxxxxxxwRL2p7"
},
"type": {
"href": "https://biorad-ext.okta.com/api/v1/meta/types/user/xxxxxxxxxxxxxx0hS2p6"
},
"deactivate": {
"href": "https://biorad-ext.okta.com/api/v1/users/xxxxxxxxxxxxxwRL2p7/lifecycle/deactivate",
"method": "POST"
}
}
}
Here is result of calling /api/v1/apps/{application}/users/{user_id} for the same user
{
"id": "xxxxxxxxxxxxxwRL2p7",
"externalId": null,
"created": "2020-07-27T18:03:30.000Z",
"lastUpdated": "2020-07-27T18:03:30.000Z",
"scope": "USER",
"status": "ACTIVE",
"statusChanged": "2020-07-27T18:03:30.000Z",
"passwordChanged": null,
"syncState": "DISABLED",
"credentials": {
"userName": "akash_xxxxxxya+sals82@xxx-xxx.com"
},
"profile": {
"street_address": null,
"country": null,
"website": null,
"zoneinfo": "America/Los_Angeles",
"birthdate": null,
"gender": null,
"formatted": null,
"profile": null,
"locality": null,
"Roles": null,
"given_name": "Akash",
"middle_name": null,
"locale": "en-US",
"picture": null,
"name": "Akash xxxxxxya",
"nickname": null,
"phone_number": null,
"assignedlabs": null,
"region": null,
"postal_code": null,
"family_name": "xxxxxxya",
"email": "akash_xxxxxxya+sals82@xxx-xxx.com"
},
"_links": {
"app": {
"href": "https://biorad-ext.okta.com/api/v1/apps/xxxxxxxxxxxxxxxig2p7"
},
"user": {
"href": "https://biorad-ext.okta.com/api/v1/users/xxxxxxxxxxxxxwRL2p7"
}
}
}
Dorin here, from Okta Support.
The API call: /api/v1/users/{user_id} is the “Get User” call from the "Users" collection.
The API call: /api/v1/apps/{application}/users/{user_id} is a “Get Assigned User for App” call from the "Apps" collection.
Here you can find more documentation: https://developer.okta.com/docs/reference/api/apps/#getting-started
They show different values for the “status” line since the calls are from different collections; it’s hardcoded to show those values.
If you need further assistance with setting up the API calls, you can open a ticket with Okta to further investigate.
Kind regards,