Attribute Description
email The Egnyte username for the user. This attribute is required.
authType
The authentication type for the user. This attribute is required. Available options include:
  • ad (Active Directory) – Users with their authType set to this option will be able to authenticate through Active Directory. This requires your Egnyte domain to be configured for Active Directory Authentication under Settings > Configuration > Security & Authentication. When setting this option on a user, the user must also have a userPrincipalName set.
  • sso (SAML SSO) – Users with their authType set to this option will be able to authenticate using single sign-on (SSO). This requires your Egnyte domain to be configured for Single Sign-on Authentication under Settings > Configuration > Security & Authentication. When setting this option on a user, the user must also have an idpUserId set.
  • egnyte (Internal Egnyte) – Users with their authType set to this option will be able to log in to Egnyte using their Egnyte account credentials.
externalId
An immutable unique identifier for the user. This can be any plain text value identifier. This attribute is required.
Warning: This field is immutable meaning once set, it can never be updated.
familyName

The last name of the user. This attribute is required.

givenName

The first name of the user. This attribute is required.

sendInvite
If set to true when creating a user, an invitation email will be sent if the user is created in active state in the LDAP data store. If the user is disabled in the LDAP data store when they are created, no email is sent. This attribute is required. Available options include:
  • true
  • false
userName

The Egnyte username for the user. This attribute is required.

Note: Usernames must start with a letter or digit. Special characters are not supported (with the exception of periods, hyphens, and underscores).
Important: It is not possible to change a user’s userName after they are created.
userType The type of the user. This attribute is required. Acceptable options include:
  • admin
  • power
  • standard
idpUserId

Only required if the user’s authType is set to 'sso'.

This is how the user is identified within the SAML response from an SSO identity provider. For example, the SAML subject 'bjensen' or 'bjensen@example.com'.

Tip: The idpUserId of a user must match the Default user mapping configured in Egnyte. For more information, see Configure Egnyte for SSO.
role

The role assigned to the user. Available options include 'default' or other existing custom role names.

Note: This option is only available to users with a userType of 'power'.
userPrincipalName

Only required if the user’s authType is set to 'ad'.

This field is used to bind child authentication policies to a user when using Active Directory authentication in a multi-domain setup. For example, 'bjensen@example.com'.