Add Users to an Identity Domain

Creates a batch of users in an identity domain using an ANSI or UTF-8 encoded Comma Separated Value (CSV) file that was previously uploaded to the environment. The CSV file should not include the account of the user who executes this command. You can use the Upload REST API to upload the file. The file should be deleted after the API executes. With this API, you can see which records failed and the reason why they failed in addition to how many records passed and failed. The file format is as follows:

First Name,Last Name,Email,User Login
Jane,Doe,jane.doe@example.com,jdoe
John,Doe,john.doe@example.com,john.doe@example.com

This API sends each new user an email with details about their accounts (user name and password) if resetpassword is set to true. If resetpassword is set to false, the email is not sent. If you set resetpassword to false, you should specify userpassword. Otherwise, a unique temporary password will be assigned to each user, but, because no email is sent, the passwords will not be known to the users so they will not be able to log in.

See Importing a Batch of User Accounts in Getting Started with Oracle Cloud for a detailed description of the CSV file format.

If a user definition in the CSV file matches a user account that exists in the identity domain, no changes will be made to the existing user account. This API creates accounts only for new users whose account information is included in the file. Because user accounts are common to all service environments that an identity domain supports, new users are available to all the environments that share the identity domain.

This API should be run only by an Identity Domain Administrator in the identity domain where users are to be created. In addition, the user running the API must also be the Service Administrator of the environment where the API is targeted to.

The API is asynchronous and returns the Job ID. The presence of status -1 in the response indicates that the creation of users is in progress. Use the job status URI to determine whether the creation of users is complete. Any non-zero status except -1 indicates failure of adding users.

This REST API is version v1.

Required Roles

Service Administrator and Identity Domain Administrator

Table 10-2 Tasks for Add Users

Task Request REST Resource
Add users POST /interop/rest/security/<api_version>/users
Add users status GET /interop/rest/security/<api_version>/jobs/<jobid>

REST Resource

Note:

POST /interop/rest/security/<api_version>/users

Supported Media Types: application/x-www-form-urlencoded

Before using the REST resources, you must understand how to access the REST resources and other important concepts. See Implementation Best Practices for EPM Cloud REST APIs. Using this REST API requires prerequisites. See Prerequisites.

The following table summarizes the POST request parameters.

Table 10-3 Parameters

Name Description Type Required Default
filename

The name of the uploaded ANSI or UTF-8 encoded CSV file containing the users to add, such as addUsers.csv.

Form Yes None
userpassword Optionally, indicates the default password that you want to assign to all the new users who are created in the identify domain. If specified, this password must meet the minimum identity domain password requirements.

If specified, the value of the user password parameter is used as the password for all users specified in the CSV file. Assigning the same password to all users may be desirable if you are creating users purely for testing purposes. If you are creating real EPM Cloud users and want to assign a specific password to each user, use this command without specifying a valid for the userpassword optional parameter.

Form No None
resetpassword Optionally, indicates whether new users must change password at the first login. Unless this parameter is set to false, new users will be forced to change the password at the first login.

This parameter sends each new user an email with details about their accounts (user name and password) if resetPassword is set to true.

If resetPassword is set to false, the email is not sent.

Note: If you set resetPassword to false, you should specify userPassword. Otherwise, a unique temporary password will be assigned to each user, but, because no email is sent, the passwords will not be known to the users, so they will not be able to log in.

Form No true

Response

Supported Media Types: application/json

Table 10-4 Parameters

Name Description
details In the case of errors, details are published with the error string
status See Migration Status Codes
links Detailed information about the link
href Links to API call or status API
action The HTTP call type
rel Possible values: self or Job Status. If the value is set to Job Status, you can use the href to get the status
data Parameters as key value pairs passed in the request
items Details about the resource
links Details of the first URL to be requested to get the job details; rel is "Job Details"

Note: This API assigns one password (value of userpassword) to all the users specified in the CSV file. Assigning the same password to all users may be desirable if you are creating users purely for testing purposes.

If you are creating real EPM Cloud users and want to assign a specific password to each user, use this API for a single user at a time. That is, specify a single user in the CSV file and provide a password for this user in the API. Then, specify the other user in the CSV file and provide a different password for this user in the API.

When you add users using this API, unlike when you add users from My Services, Oracle Cloud does not send automatic emails to each newly added user. You should manually email credentials (login name and password) to each new user. Additionally, you should force new users to change password at first login by specifying resetpassword as true.

Examples of Response Body in JSON format.

Example 1, when job is in progress

{
  "links": [
    {
      "rel": "self",
      "href": "https://<SERVICE_NAME>-<TENANT_NAME>.<SERVICE_TYPE>.<dcX>.oraclecloud.com/interop/rest/security/<api_version>/users",
      "data": {
        "jobType": "ADD_USERS",
        "filename": "<filename>",
        "resetpassword": "<true|false>"      },
      "action": "POST"
    },
    {
      "rel": "Job Status",
      "href": "https://<SERVICE_NAME>-<TENANT_NAME>.<SERVICE_TYPE>.<dcX>.oraclecloud.com/interop/rest/security/<api_version>/users",
      "data": null,
      "action": "GET"
    }
  ],
  "details": null,
  "status": -1,
  "items": null
}

Example 2, when job completes with errors:

{
  "links": [
    {
      "rel": "self",
      "href": "https://<SERVICE_NAME>-<TENANT_NAME>.<SERVICE_TYPE>.<dcX>.oraclecloud.com/interop/rest/security/<api_version>/jobs/",
      "data": null,
      "action": "GET"
    }
  ],
  "details": "Failed to add users. Input file <fileName> is not found. Specify a valid file name.",
  "status": 1,
  "items": null
}

Example 3, when job completes without errors:

{
  "links": [
    {
      "rel": "self",
      "href": "https://<SERVICE_NAME>-<TENANT_NAME>.<SERVICE_TYPE>.<dcX>.oraclecloud.com/interop/rest/security/<api_version>/jobs/",
      "data": null,
      "action": "GET"
    }
  ],
  "details": "Processed - 3, Succeeded - 2, Failed - 1.",
  "status": 0,
  "items": [
    {
				"UserName":"<USERNAME>","Error_Details": "User <USERNAME> already exists. Please provide a different user name."
    }
   ]
 ) 

Java Sample Code

Prerequisites: json.jar

Common Functions: See CSS Common Helper Functions for Java

public void addUsers(String fileName, String userPassword, boolean resetPassword) {
		try {
			String url = this.serverUrl + "/interop/rest/security/<api_version>/users";
			Map<String, String> reqHeaders = new HashMap<String, String>();
			reqHeaders.put("Authorization", "Basic " + DatatypeConverter
					.printBase64Binary((this.userName + ":" + this.password).getBytes(Charset.defaultCharset())));

			Map<String, String> reqParams = new HashMap<String, String>();
			reqParams.put("filename", fileName);
			reqParams.put("userpassword", userPassword);
			reqParams.put("resetpassword", resetPassword + "");

			Map<String, String> resetResult = CSSRESTHelper.callRestApi(new HashMap(), url, reqHeaders, reqParams,
					"POST");
			String jobStatus = CSSRESTHelper.getCSSRESTJobCompletionStatus(restResult, reqHeaders);
			System.out.println(jobStatus);
		} catch (Exception e) {
			e.printStackTrace();
		}
	}

Shell Script Sample Code

Prerequisites: jq (http://stedolan.github.io/jq/download/linux64/jq)

Common Functions: See CSS Common Helper Functions for cURL

funcAddUsers() {
	url="$SERVER_URL/interop/rest/security/$API_VERSION/users"
	params="filename=$1&userpassword=$2&resetpassword=$3"
	header="Content-Type: application/x-www-form-urlencoded;charset=UTF-8"
	cssRESTAPI="AddUsers"
	statusMessage=$(funcCSSRESTHelper "POST" "$url" "$header" "$USERNAME" "$PASSWORD" "$params" "$cssRESTAPI")
	echo $statusMessage
}

Groovy Sample Code

Common Functions: See CSS Common Helper Functions for Groovy

def addUsers(fileName, resetPassword, userPassword) {

	String scenario = "Creating users in " + fileName;
	String params = "jobtype=ADD_USERS&filename="+ fileName +"&resetpassword="+ resetPassword +"&userpassword="+ userPassword;
	def url = null;
	def response = null;
	try {
		url = new URL(serverUrl + "/interop/rest/security/" + apiVersion + "/users");
	} catch (MalformedURLException e) {
		println "Please enter a valid URL"
		System.exit(0);
	}
	response = executeRequest(url, "POST", params, "application/x-www-form-urlencoded");
	if (response != null) {
		getJobStatus(getUrlFromResponse(scenario, response, "Job Status"), "GET");
	}
}