Users
AM handles the complete user lifecycle—from registration to deprovisioning—including enterprise SCIM integration for automated provisioning.
Users belong to applications, have credentials for authentication, and can be members of multiple accounts with different roles.
User Lifecycle
Operations
| Operation | Endpoint | Description |
|---|---|---|
| Create | POST /api/applications/:application_id/users | Provision user |
| List | GET /api/applications/:application_id/users | List application users |
| Get | GET /api/users/:user_id | Get user profile |
| Update | PATCH /api/users/:user_id | Modify user |
| Delete | DELETE /api/users/:user_id | Remove user |
User Components
┌─────────────────────────────────────┐
│ User │
│ ┌─────────────┐ ┌─────────────┐ │
│ │ Identity │ │ Credentials │ │
│ │ (PII) │ │ (Auth) │ │
│ └─────────────┘ └─────────────┘ │
│ ┌─────────────────────────────┐ │
│ │ Memberships │ │
│ └─────────────────────────────┘ │
└─────────────────────────────────────┘| Component | Purpose |
|---|---|
| Identity | Name, avatar, locale—deletable for GDPR |
| Credentials | Email/password for authentication |
| Memberships | Links to accounts with roles |
SCIM 2.0 Provisioning
Enterprise identity providers (Okta, Azure AD, OneLogin) can manage users via SCIM:
| Endpoint | Method | Operation |
|---|---|---|
/scim/v2/Users | GET | List/search users |
/scim/v2/Users | POST | Create user |
/scim/v2/Users/:id | GET | Get user |
/scim/v2/Users/:id | PUT | Replace user |
/scim/v2/Users/:id | PATCH | Update user |
/scim/v2/Users/:id | DELETE | Disable user |
SCIM delete performs soft-delete (sets status to disabled) to preserve audit trails.
Required scope: scim:provision or admin
User Status
| Status | Description |
|---|---|
active | Can authenticate and access resources |
suspended | Temporarily blocked |
disabled | SCIM deprovisioned |
deleted | Permanently removed |
Related
- User - User resource
- User Identity - Profile data
- Membership - Account relationships
- Privacy - Data handling