Users
The users in the environment.
Table-Specific Information
We recommend using the built-in Identity Data Admin role to read and write data for this table.
SELECT
Reading data from this table requires Read User/dir:read:user permission.The server uses the PingOne Platform API to process WHERE clause conditions built with the following columns and operators.
- Id supports the following operators: =, IN.
All other filters are processed client-side within the server.
For example, the following queries are processed server-side:
SELECT * FROM Administrators.Users WHERE Id = 'f45bb04b-d7ee-4f84-ab83-7fe3919405ae';
SELECT * FROM Administrators.Users WHERE Id IN ('f45bb04b-d7ee-4f84-ab83-7fe3919405ae', '4cbf5435-6c39-49f9-8c8f-cee7c1cd8a6b');
INSERT
Creating data in this table requires Create User/dir:create:user permission.Refer to the query example below:
INSERT INTO Administrators.Users (Username, PopulationId) VALUES ('myUser', '8bfe1f41-8dd3-4847-94ab-14f9344d8a81')
UPDATE
Updating data in this table requires Update User/dir:update:user permission.Refer to the query example below:
UPDATE Administrators.Users SET FullName = 'My User' WHERE Id = 'f45bb04b-d7ee-4f84-ab83-7fe3919405ae'
DELETE
Deleting data from this table requires Delete User/dir:delete:user permission.Refer to the query example below:
DELETE FROM Administrators.Users WHERE Id = 'f45bb04b-d7ee-4f84-ab83-7fe3919405ae'
Columns
| Name | Type | ReadOnly | References | Description |
| Id [KEY] | String | True |
The user identifier (UUID). | |
| Username | String | False |
The user name, which must be unique within an environment. | |
| NamePrefix | String | False |
The honorific prefix of the user's name (for example, Mr./Ms.). | |
| FirstName | String | False |
The user's first name. | |
| MiddleName | String | False |
The user's middle name. | |
| LastName | String | False |
The user's last name. | |
| NameSuffix | String | False |
The honorific suffix of the user's name (for example, II/IV). | |
| FullName | String | False |
The user's full name. | |
| Nickname | String | False |
The user's nickname | |
| String | False |
The user's email address, which must be provided and valid. | ||
| IsEnabled | Boolean | True |
Boolean value indicating whether the user is enabled. | |
| PopulationId | String | False | Populations.Id |
The identifier (UUID) of the population in with the user belongs. |
| IdentityProviderId | String | False | IdentityProviders.Id |
The identifier (UUID) of the identity provider used to authenticate the user. If 'null' or empty, PingOne is the identity provider. |
| MobilePhone | String | False |
The user's native phone number. | |
| PrimaryPhone | String | False |
The user's primary phone number. | |
| ExternalId | String | False |
An identifier for the user as defined by the provisioning client. | |
| AccountId | String | True |
Identifier (UUID) of the user's account. Is organization-specific and has no special meaning within PingOne. | |
| PhotoURL | String | False |
The URL that points to a resource location representing the user's image. If provided, the resource must be a file (for example, a GIF, JPEG, or PNG image file) rather than a web page containing an image. | |
| EnvironmentId | String | True | Information.Environments.Id |
The identifier (UUID) of the environment in which the user exists. |
| CreatedAt | Datetime | True |
The time at which the user was created. | |
| UpdatedAt | Datetime | True |
The time at which the user was last updated. | |
| IsMFAEnabled | Boolean | False |
Boolean value indicating whether multi-factor authentication is enabled for the user. | |
| EmployeeType | String | False |
The employee type for the user (e.g. Contractor, Employee, etc.). This is organization-specific and has no special meaning within PingOne. | |
| EmployeePosition | String | False |
The employee title for the user (e.g. Vice President, CEO, etc.). This is organization-specific and has no special meaning within PingOne. | |
| Locale | String | False |
A valid language tag (e.g. fr, en-US, es-419, etc.) indicating the user's default location. This is used for purposes of localizing such items as currency, date time format, or numerical representations. | |
| PreferredLanguage | String | False |
A valid language range (e.g. en-US, en-gb, etc.) as specified in Section 5.3.5 of RFC 7231 indicating the user's preferred written or spoken languages. | |
| Timezone | String | False |
The user's time zone (e.g. America/Los_Angeles) conforming with IANA Time Zone database format RFC 6557. | |
| LifecycleStatus | String | False |
The status of the account lifecycle. Possible values are: 'ACCOUNT_OK' and 'VERIFICATION_REQUIRED'. | |
| VerificationStatus | String | False |
Indicates whether ID verification can be done for the user. Possible values are: 'NOT_INITIATED' (the initial value), 'ENABLED', or 'DISABLED'. | |
| Status | String | False |
The account's locked state. Possible values are: 'LOCKED' and 'OK'. | |
| CanAuthenticate | Boolean | False |
Boolean value indicating whether the user can authenticate. If the value is set to 'false', the account is locked or the user is disabled. Otherwise if the value is set to 'true', the user will be unable to authenticate. | |
| LockedAt | Datetime | True |
The time the specified user account was locked. This is empty or 'null' if the account is unlocked or if the account was locked out automatically by failed password attempts. | |
| UnlocksAt | Datetime | True |
The time the specified user account will be unlocked. This is empty or 'null' if the account is unlocked, or if it will not automatically unlock and must be unlocked by an administrator. | |
| LastSignOnTime | Datetime | True |
The last time the user signed on using one or more authenticators. | |
| LastSignOnIPAddress | String | True |
The IP address of the remote device used during the last sign-on. | |
| City | String | False |
The city in the user's address. | |
| Region | String | False |
The region in the user's address. | |
| StreetAddress | String | False |
The street address in the user's address. | |
| CountryCode | String | False |
The country code (in ISO 3166-1 'alpha-2' code format) in the user's address (e.g. 'US', 'SE'). | |
| PostalCode | String | False |
The postal code in the user's address. | |
| Password | String | False |
The user's password. The string is either in clear text or pre-encoded format. This column is write-only (affects only INSERT/UPDATE statements). | |
| ForcePasswordChange | Boolean | False |
Boolean value indicating whether the user is forced to change the password on the next log in. This column is write-only (affects only INSERT/UPDATE statements). | |
| BypassMFAEnabledUntil | Datetime | False |
Used to define a period during which the user can bypass MFA. This column is write-only (affects only INSERT/UPDATE statements). |