Skip to main content

Find Users

Find users in the identity store. The command uses the PV_USERS public view to find data. Any filters passed should apply to this public view.

GET https://instance.securid.com/aveksa/command.submit?cmd=findUsers

Request

Parameters

findUsers
formatproperties - (Default) Returns the response as key=value pairs. When multiple objects are returned, values are comma-delimited: key=value1,value2,value3.

json - Returns the response as JSON.

csv - Returns the response as comma-separated values.

tsv - Returns the response as tab-separated values.

xml - Returns the response as XML.
delimiterThe delimiter to use between values for csv and properties formats
returnColumns

The names of the columns to return. returnColumns may be a CSV list of multiple column names. The parameter may also be listed multiple times (ie returnColumns=col1,col2&returnColumns=col3,col4)

Refer to Columns table below.
returnMaxRowsThe maximum number of objects to return
distincttrue, false Returns only distinct values, equivalent to the distinct keyword in SQL.
sortByColumns

The results will be sorted based on the columns listed using comma as the delimiter if multiple columns are specified.

Refer to Columns table below.
sortDirectionDetermines sorting order. asc for ascending, desc for descending. If not specified, the natural order returned by the database is used.
includeHeaderRowtrue, false Include column headers when the return format is csv or tsv. (Default) true
ignoreCasetrue, false Returns case-insensitive search results for specified filter parameters. (Default) false

Filter Parameters

Any column listed in the Columns table can be passed as a filter parameter to narrow results. Filters are matched against the PV_USERS public view.

Query logic

ScenarioBehavior
Two different parameters: last_name=Doe&department=FinanceAND. Returns users with last name Doe who belong to the Finance department.
Same parameter repeated: last_name=Doe&last_name=SmithOR within that field. Returns users with last name Doe or Smith.
Mixed: department=Finance&last_name=Doe&last_name=Smith(department is Finance) AND (last_name is Doe or Smith)
OR logic across different parameters is not supported

A single API call cannot return users where last_name=Doe OR department=Finance. OR logic between different filter parameters is not supported.

Workaround: Make separate requests for each filter condition. Merge and deduplicate the results client-side.

Columns

id[Primary Key] Unique user identifier
idc_id[Foreign Key referencing IDENTITY_COLLECTOR.ID] Identity collector that loaded this user
add_statePending add workflow state. 0 = no pending add, 30 = pending CR creation, 50 = pending approval, 60 = pending delayed fulfillment, 70 = pending fulfillment, 80 = pending verification
remove_statePending remove workflow state. 0 = no pending remove, 30 = pending CR creation, 50 = pending approval, 60 = pending delayed fulfillment, 70 = pending fulfillment, 80 = pending verification
user_idUser's external identifier (login name)
unique_idUser's external unique identifier (UUID)
first_nameUser's first name
last_nameUser's last name
titleUser's job title
departmentUser's department name
email_addressUser's email address
employee_idUser's employee ID from the identity source
companyUser's company name
user_typeUser type classification
job_statusUser's current job status
jml_statusJoiner, mover, or leaver status used internally for lifecycle workflows
is_terminatedTrue, False Indicates whether the user has been terminated. Stored with a capital first letter.
hire_dateUser's hire date (formatted)
hire_date__raw_User's hire date (raw value from the identity source)
termination_dateUser's termination date (formatted)
termination_date__raw_User's termination date (raw value from the identity source)
supervisor_id[Foreign Key referencing USERS.ID] User ID of the direct supervisor
supervisor_id_nameDisplay name of the direct supervisor
backup_supervisor[Foreign Key referencing USERS.ID] User ID of the backup supervisor
backup_supervisor_nameDisplay name of the backup supervisor
business_unit_id[Foreign Key referencing BUSINESS_UNIT.ID] Business unit the user belongs to
availability_statusOut of Office status for the user
is_maskedY, N Whether this user record is masked for privacy
masking_run_idID of the masking run that anonymized this record
creation_dateDate and time the user record was created
deletion_dateDate and time the user record was removed
exception_countNumber of open exceptions for this user
violation_countNumber of open SoD violations for this user
cau1 … cauNCustom user-type attribute values. Reference names are configured per instance.
cad1 … cadNCustom date-type attribute values. Reference names are configured per instance.
cas1 … casNCustom string-type attribute values. Reference names are configured per instance.

Headers

Bearer token
Acceptapplication/json
Content-Typeapplication/json

Response

Parameters

The API returns the requested columns specified by returnColumns as output. If returnColumns is unspecified then all columns listed will be returned.

Examples

All columns

Omit returnColumns to return every field for each user.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findUsers&format=json&returnMaxRows=2" \
-H "Authorization: Bearer <token>"

Response

{
"findUsers": [
{
"id": "1",
"idc_id": "3",
"add_state": "0",
"remove_state": "0",
"backup_supervisor_name": "",
"supervisor_id_name": "",
"is_masked": "N",
"masking_run_id": "",
"supervisor_id": "",
"availability_status": "",
"backup_supervisor": "",
"business_unit_id": "",
"creation_date": "2024-03-15 06:03:46.0",
"deletion_date": "",
"department": "",
"email_address": "John.Smith@example.com",
"exception_count": "",
"first_name": "John",
"is_terminated": "False",
"jml_status": "",
"job_status": "",
"last_name": "Smith",
"termination_date": "",
"title": "",
"unique_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"user_id": "jsmith",
"violation_count": "",
"employee_id": "",
"company": "",
"hire_date": "",
"hire_date__raw_": "",
"termination_date__raw_": "",
"user_type": ""
},
{
"id": "2",
"idc_id": "3",
"add_state": "0",
"remove_state": "0",
"backup_supervisor_name": "",
"supervisor_id_name": "",
"is_masked": "N",
"masking_run_id": "",
"supervisor_id": "",
"availability_status": "",
"backup_supervisor": "",
"business_unit_id": "",
"creation_date": "2024-03-15 06:03:46.0",
"deletion_date": "",
"department": "",
"email_address": "Jane.Doe@example.com",
"exception_count": "",
"first_name": "Jane",
"is_terminated": "False",
"jml_status": "",
"job_status": "",
"last_name": "Doe",
"termination_date": "",
"title": "",
"unique_id": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
"user_id": "jdoe",
"violation_count": "",
"employee_id": "",
"company": "",
"hire_date": "",
"hire_date__raw_": "",
"termination_date__raw_": "",
"user_type": ""
}
]
}

Specific columns

Use returnColumns to limit the response to the fields you need. This keeps the payload small and the mapping work simple. The example returns six columns covering the most common user reporting needs.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findUsers&format=json&returnMaxRows=3&returnColumns=id,user_id,first_name,last_name,email_address,is_terminated" \
-H "Authorization: Bearer <token>"

Response

{
"findUsers": [
{
"id": "1",
"user_id": "jsmith",
"first_name": "John",
"last_name": "Smith",
"email_address": "John.Smith@example.com",
"is_terminated": "False"
},
{
"id": "2",
"user_id": "jdoe",
"first_name": "Jane",
"last_name": "Doe",
"email_address": "Jane.Doe@example.com",
"is_terminated": "False"
},
{
"id": "3",
"user_id": "abrown",
"first_name": "Alex",
"last_name": "Brown",
"email_address": "Alex.Brown@example.com",
"is_terminated": "False"
}
]
}

Filter by a single value

Pass any column name as a query parameter to filter results. Only users that match the value are returned. The example returns users where last_name is Doe.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findUsers&format=json&returnMaxRows=5&returnColumns=id,user_id,first_name,last_name,department&last_name=Doe" \
-H "Authorization: Bearer <token>"

Response

{
"findUsers": [
{
"id": "2",
"user_id": "jdoe",
"first_name": "Jane",
"last_name": "Doe",
"department": ""
},
{
"id": "10001",
"user_id": "USR-0001",
"first_name": "Jane",
"last_name": "Doe",
"department": "PS Delivery"
}
]
}

Filter with OR logic

Repeat the same parameter with different values to match any of them. The example returns users where last_name is Doe or Smith.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findUsers&format=json&returnMaxRows=5&returnColumns=id,user_id,first_name,last_name&last_name=Doe&last_name=Smith" \
-H "Authorization: Bearer <token>"

Response

{
"findUsers": [
{
"id": "1",
"user_id": "jsmith",
"first_name": "John",
"last_name": "Smith"
},
{
"id": "2",
"user_id": "jdoe",
"first_name": "Jane",
"last_name": "Doe"
},
{
"id": "10001",
"user_id": "USR-0001",
"first_name": "Jane",
"last_name": "Doe"
}
]
}

Case-insensitive filter

Filters are case-sensitive by default. Set ignoreCase=true to match regardless of case. The is_terminated field stores values as True or False with a capital first letter. The example passes is_terminated=false in lowercase and still returns matching records.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findUsers&format=json&returnMaxRows=3&returnColumns=id,user_id,first_name,last_name,is_terminated&is_terminated=false&ignoreCase=true" \
-H "Authorization: Bearer <token>"

Response

{
"findUsers": [
{
"id": "1",
"user_id": "jsmith",
"first_name": "John",
"last_name": "Smith",
"is_terminated": "False"
},
{
"id": "2",
"user_id": "jdoe",
"first_name": "Jane",
"last_name": "Doe",
"is_terminated": "False"
},
{
"id": "3",
"user_id": "abrown",
"first_name": "Alex",
"last_name": "Brown",
"is_terminated": "False"
}
]
}

Sort ascending

Use sortByColumns with a column name and sortDirection=asc to sort results from lowest to highest. The example sorts by id.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findUsers&format=json&returnMaxRows=3&returnColumns=id,user_id,first_name,last_name&sortByColumns=id&sortDirection=asc" \
-H "Authorization: Bearer <token>"

Response

{
"findUsers": [
{
"id": "-3",
"user_id": "GLDevOps-00000000-0000-0000-0000-000000000001",
"first_name": " ",
"last_name": "GLDevOps"
},
{
"id": "0",
"user_id": "AveksaAdmin",
"first_name": " ",
"last_name": "AveksaAdmin"
},
{
"id": "1",
"user_id": "jsmith",
"first_name": "John",
"last_name": "Smith"
}
]
}

Sort descending

Set sortDirection=desc to reverse the order.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findUsers&format=json&returnMaxRows=3&returnColumns=id,user_id,first_name,last_name&sortByColumns=id&sortDirection=desc" \
-H "Authorization: Bearer <token>"

Response

{
"findUsers": [
{
"id": "51337",
"user_id": "mwilson",
"first_name": "Michael",
"last_name": "Wilson"
},
{
"id": "51336",
"user_id": "lwang",
"first_name": "Li",
"last_name": "Wang"
},
{
"id": "51230",
"user_id": "rgarcia",
"first_name": "Robert",
"last_name": "Garcia"
}
]
}

CSV with custom delimiter

Set format=csv for a comma-separated response. Use delimiter to change the separator character.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findUsers&format=csv&returnMaxRows=3&returnColumns=id,user_id,first_name,last_name,email_address&delimiter=~" \
-H "Authorization: Bearer <token>"

Response

id~user_id~first_name~last_name~email_address
1~jsmith~John~Smith~John.Smith@example.com
2~jdoe~Paul~Doe~Jane.Doe@example.com
3~abrown~Alex~Brown~Alex.Brown@example.com

CSV without header row

Set includeHeaderRow=false when your downstream system expects raw data rows without a header.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findUsers&format=csv&returnMaxRows=3&returnColumns=id,user_id,first_name,last_name,email_address&includeHeaderRow=false" \
-H "Authorization: Bearer <token>"

Response

1,jsmith,John,Smith,John.Smith@example.com
2,jdoe,Paul,Doe,Jane.Doe@example.com
3,abrown,Alex,Brown,Alex.Brown@example.com

Error responses

A 401 is returned when the token is missing, invalid, or expired. A 412 is returned when returnColumns includes a column name that does not exist in the PV_USERS public view.

<html>
<head><title>Error</title></head>
<body>The token is not valid for the command 'findUsers'. Token is invalid or expired</body>
</html>

Verified with RSA Governance & Lifecycle version 8.0.0.188886 P10_HF01.