Add Users to Identity Domains

Adds users to identity domains by creating new user accounts from either a CSV file upload (v1) or request payload (v2). These APIs create accounts only for users who do not already exist in the identity domain. Existing users are not modified. Newly created users are available across all service environments that share the identity domain. You can use the Upload REST API to upload the file.

The APIs can optionally send account credential emails to newly created users when resetpassword is set to true. If resetpassword is set to false, emails are not sent, and you should specify userpassword; otherwise, users may not know their temporary passwords and will be unable to log in.

Both APIs provide details about successful and failed user creation records, including failure reasons. These APIs should be run only by an Identity Domain Administrator. Additionally, the user running the API must have the required administrative or application role privileges in the target environment.

The v1 API creates users using an ANSI or UTF-8 encoded CSV file that must be uploaded before execution. It is asynchronous and returns a Job ID that can be used to track processing status. The CSV file should be deleted after the API executes. See Importing a Batch of User Accounts in Getting Started with Oracle Cloud for a detailed description of the CSV file format

The v2 API creates users directly from parameters provided in the request payload. It is synchronous, returns the operation outcome directly in the response, and simplifies API usage by eliminating the need for URL encoding.

Note:

The v1 API assigns one password (userpassword) to all users specified in the CSV file. This may be useful for testing purposes. For production scenarios requiring unique passwords, Oracle recommends creating one user at a time with a dedicated password for each request.

When adding users through these APIs, credential emails are not automatically sent in the same way as when users are added through Oracle Cloud Console. You should manually communicate credentials to users when required and consider forcing password changes at first login by setting resetpassword to true.

Required Roles

Identity Domain Administrator and any application role (Service Administrator, Power User, User, or Viewer)