{ "$schema": "http://json-schema.org/draft-07/schema#", "$id": "#User", "description": "A user account/login to access certain systems and/or services. Examples include okta-user, aws-iam-user, ssh-user, local-user (on a host), etc.", "type": "object", "allOf": [ { "$ref": "#Entity" }, { "properties": { "username": { "description": "Username", "oneOf": [ { "type": "array", "uniqueItems": true, "items": { "type": "string" } }, { "type": "null" } ] }, "email": { "description": "The primary email address associated with the user account", "oneOf": [ { "type": "array", "uniqueItems": true, "items": { "type": "string", "format": "email" } }, { "type": "null" } ] }, "emailDomain": { "description": "The domain portion of the email addresses associated with the user account.", "oneOf": [ { "type": "array", "items": { "type": "string" }, "uniqueItems": true }, { "type": "null" } ] }, "shortLoginId": { "description": "The shortened login Id. For example, if the username is the full email address (first.last@company.com), the shortLoginId would be the part before @ (first.last).", "oneOf": [ { "type": "array", "uniqueItems": true, "items": { "type": "string" } }, { "type": "null" } ] }, "mfaEnabled": { "description": "Prefer property 'isMfaEnabled'", "type": "boolean", "deprecated": true }, "isMfaEnabled": { "description": "Specifies whether multi-factor authentication (MFA) is enabled for this user.", "type": "boolean" }, "mfaType": { "description": "Specifies what type of multi-factor authentication (MFA) is being used by this user.", "type": "string" }, "active": { "description": "Prefer property 'isActive'", "type": "boolean", "deprecated": true }, "isActive": { "description": "Specifies whether user account is active or disabled.", "type": "boolean" }, "firstName": { "description": "The user's official first name in the system (such as HR database)", "type": ["string", "null"] }, "lastName": { "description": "The user's official last name in the system (such as HR database)", "type": ["string", "null"] }, "passwordChangedOn": { "description": "The timestamp (in milliseconds since epoch) of when the user's password was last rotated for this particular account.", "type": "number", "format": "date-time" }, "employeeId": { "description": "The employee ID associated with the user account", "type": "string" }, "userIds": { "description": "The user IDs associated with the user account", "type": "array", "uniqueItems": true, "items": { "type": "string" } }, "isAdmin": { "description": "Specifies whether the user is an admin user.", "type": "boolean" }, "isPerson": { "description": "Specifies whether the user is a person or a non-human identity.", "type": "boolean" }, "isGuest": { "description": "Indicates whether the user is a guest is the system. A guest user is often a user outside of the organization who has limited or temporary access to the system.", "type": "boolean" } }, "required": ["firstName", "lastName", "email", "shortLoginId", "username"] } ] }