Recover User
Authorizations:
Request Body schema: application/json
| external_id required | string This is the identifier which corresponds to the user in your database. |
| binding_token_delivery_method required | string Delivery method of the binding token. Can only be 'email' |
Responses
Request samples
- Payload
{- "external_id": "string",
- "binding_token_delivery_method": "string"
}Response samples
- 200
{- "internal_id": "string",
- "external_id": "string",
- "email": "string",
- "user_name": "string",
- "display_name": "string",
- "date_created": "2019-08-24T14:15:22Z",
- "date_modified": "2019-08-24T14:15:22Z",
- "status": "USER_STATUS_UNSET"
}Create User
Authorizations:
Request Body schema: application/json
| external_id required | string This is the identifier which corresponds to the user in your database. |
| email required | string This is the email address for the user. An email will be sent to the user to enable them to enrol in Beyond Identity. |
| user_name required | string Internal field to identify the user. When signing in, this will be returned as the subject field of the ID token. |
| display_name required | string Internal field to identify the user's name. |
| binding_token_delivery_method required | string Delivery method of the binding token. Can only be 'email' |
Responses
Request samples
- Payload
{- "external_id": "string",
- "email": "string",
- "user_name": "string",
- "display_name": "string",
- "binding_token_delivery_method": "string"
}Response samples
- 200
{- "internal_id": "string",
- "external_id": "string",
- "email": "string",
- "user_name": "string",
- "display_name": "string",
- "date_created": "2019-08-24T14:15:22Z",
- "date_modified": "2019-08-24T14:15:22Z",
- "status": "USER_STATUS_UNSET"
}Get events by tenant, with optional case-insensitive filters.
Authorizations:
query Parameters
| start_time | integer <int64> Unix epoch in milliseconds to begin events recorded time. Defaults to 0. |
| end_time | integer <int64> Unix epoch in milliseconds to end events recorded time. No default. |
| page_size | integer <int64> The number of events to return in a single page. The default is 100 and the maximum page_size is 1000. |
| ordering required | string Enum: "asc" "desc" The ordering of the events (by time injected by the dataexport system, not when they occurred). No default. |
| cursor | string A page contains 100 events by default, or 'page_size' events if that's set in the request. Set this to the value of 'cursor' from the last response to retrieve the next page of results. |
| event_type | Array of strings Example: event_type=OIDC_INBOUND If passed, returns only events of the given event types. Case insensitive. |
| actor | Array of strings Example: actor=John Smith If passed, returns onnly events involving principal agents with these full human names. |
| outcome | Array of strings Example: outcome=SUCCESS If passed, returns only events with the given outcomes. |
| emitting_service | Array of strings If passed, returns only events produced by the given services. |
| correlation_id | Array of strings If passed, returns only events with the given correlation IDs. |
| query_text | string Example: query_text=add_device OR device_credential_change -windows If passed, returns events with data matching a free-form text query of the given input. |
| include_not_attested | boolean Example: include_not_attested=true If set to true events whose data cannot be fully attested to by Beyond Identity will be included in the repsonse. |
Responses
Response samples
- 200
- 400
- 401
- 403
{- "message": "OK",
- "body": {
- "events": [
- {
- "id": "988080ca-a798-11eb-bcbc-0242ac130002",
- "correlation_id": "s8wmsdcsnvnurrnv848rnvsaj8s",
- "actor_tenant_id": "beyond-identity",
- "service": "directory",
- "event_occurred_millis": 19359827389228,
- "event_recorded_millis": 19347878234867,
- "outcome": "SUCCESS",
- "attested": true,
- "actor": {
- "type": "User",
- "display_name": "Alan Turing",
- "id": "c6a8669e-ee95-4c42-9ef6-4a9b61380164",
- "display_id": "alan@turing.io",
- "tenant_id": "Beyond Identity"
}, - "event_type": "OIDC_INBOUND",
- "data": {
- "type_name": "UserAuthentication",
- "certificate": {
- "type_name": "Certificate",
- "id": 390625,
- "uuid": "988080ca-a798-11eb-bcbc-0242ac130002",
- "fingerprint": "e2ab4a55503857487a95f59a4d1a4d4jd8sox92dbfc7f374c12f0807a0e86bf2",
- "status": "DELETED"
}, - "user": {
- "type_name": "User",
- "external_id": "asdfwe8nwckwjencw827n293jn",
- "email": "chad@bro.co",
- "status": "SUSPENDED",
- "user_display": "Tyler Chad Braddington IV",
- "user_name": "chad@bro.co"
}, - "device_info": {
- "type_name": "DeviceInfo",
- "authenticator": {
- "type_name": "Authenticator",
- "app_instance_id": "win-c757faeb-3wdj-sk342-cwis-18djvv9eddkq",
- "app_version": "2.31.1"
}, - "platform_device_info": {
- "type_name": "MacOsDeviceInfo",
- "crowdstrike_agent_id": "eb2990101dc745e891278d4707be060c",
- "hardware": {
- "uuid": "13439BEV8-1944-555V-DEB5-D3W9V9DJ8ECV",
- "manufacturer": "Apple",
- "model": "MacBookPro16,1",
- "serial_number": "C04E8VWD9KM1"
}, - "os": {
- "hostname": "V02Q33SWOD6C",
- "version": {
- "major": 11,
- "minor": 1,
- "build": "20C63",
- "patch": 7
}
}, - "disks": [
- {
- "type_name": "MacOsDisk",
- "name": "Macintosh HD",
- "is_removable": false
}
], - "installed_applications": [
- {
- "architecture": "32_BITS",
- "identifier": "com.jamf.management.daemon",
- "name": "Jamf Pro Daemon",
- "version": "1.88",
- "publisher": "Jamf, Inc.",
- "install_location": "/Library/Application Support/JAMF"
}
], - "security": {
- "password_set": true,
- "biometrics_set": true,
- "watch_authentication_set": true,
- "secure_enclave_available": true,
- "file_vault_status": "true",
- "security_software": [
- {
- "type_name": null,
- "name": null,
- "status": null
}
]
}
}
}
}
}
], - "cursor": "eyJuZXh0X2N1cnNvciI6IHsiaWQiOiAiOTg4MDgyZGMtYTc5OC0xMWViLWJjYmMtMDI0MmFjMTMwMDAyIiwgInRpbWUiOiAxOTMzODQ5MDR9Cg=="
}
}