users
Creates, updates, deletes, gets or lists a users resource.
Overview
| Name | users |
| Type | Resource |
| Id | cloudflare.iam.users |
Fields
The following fields are returned by SELECT queries:
- get
- list
Get SCIM User response
| Name | Datatype | Description |
|---|---|---|
contents | string |
List SCIM Users response
| Name | Datatype | Description |
|---|---|---|
contents | string |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | account_id, user_id | Retrieves a single account member as a SCIM User resource by user tag. | |
list | select | account_id | startIndex, count, filter | Lists account members as SCIM User resources. Supports optional filtering by userName (email) using the SCIM filter syntax (e.g. userName eq "user@example.com"). Pagination is controlled via startIndex and count query parameters per RFC 7644 Section 3.4.2.4. |
scim_users_create | insert | account_id, schemas, userName, emails, active | Provisions a new account member via SCIM. The userName field must be a valid email address and must match the primary email in emails. The account must be an Enterprise account with SCIM entitlements enabled. | |
scim_users_patch | update | account_id, user_id, schemas, Operations | Partially updates a SCIM User via PATCH operations (RFC 7644 Section 3.5.2). Supports updating userName, name.givenName, name.familyName, and active. Setting active: false deprovisions the user (removes them from the account). For IdP compatibility, emails[type eq "work"].value is also accepted as an alias for userName. | |
scim_users_put | replace | account_id, user_id, schemas, userName | Replaces a SCIM User resource (RFC 7644 Section 3.5.1). Fully replaces the mutable attributes of the user. Supports updating userName, name, emails, and active. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
account_id | string | The Cloudflare account ID. |
user_id | string | The user ID. |
count | integer | |
filter | string | |
startIndex | integer |
SELECT examples
- get
- list
Retrieves a single account member as a SCIM User resource by user tag.
SELECT
contents
FROM cloudflare.iam.users
WHERE account_id = '{{ account_id }}' -- required
AND user_id = '{{ user_id }}' -- required
;
Lists account members as SCIM User resources. Supports optional filtering by userName (email) using the SCIM filter syntax (e.g. userName eq "user@example.com"). Pagination is controlled via startIndex and count query parameters per RFC 7644 Section 3.4.2.4.
SELECT
contents
FROM cloudflare.iam.users
WHERE account_id = '{{ account_id }}' -- required
AND startIndex = '{{ startIndex }}'
AND count = '{{ count }}'
AND filter = '{{ filter }}'
;
INSERT examples
- scim_users_create
- Manifest
Provisions a new account member via SCIM. The userName field must be a valid email address and must match the primary email in emails. The account must be an Enterprise account with SCIM entitlements enabled.
INSERT INTO cloudflare.iam.users (
active,
displayName,
emails,
externalId,
name,
schemas,
userName,
account_id
)
SELECT
{{ active }} /* required */,
'{{ displayName }}',
'{{ emails }}' /* required */,
'{{ externalId }}',
'{{ name }}',
'{{ schemas }}' /* required */,
'{{ userName }}' /* required */,
'{{ account_id }}'
;
# Description fields are for documentation purposes
- name: users
props:
- name: account_id
value: "{{ account_id }}"
description: Required parameter for the users resource.
- name: active
value: {{ active }}
description: |
A Boolean value indicating the user's administrative status. Must be `true` for user creation.
- name: displayName
value: "{{ displayName }}"
description: |
The name of the user, suitable for display to end-users. If not explicitly set, falls back to the formatted name or userName.
- name: emails
description: |
Email addresses for the user. The primary email must match `userName`.
value:
- primary: {{ primary }}
type: "{{ type }}"
value: "{{ value }}"
- name: externalId
value: "{{ externalId }}"
description: |
An identifier for the user as defined by the provisioning client (IdP). This value is stored and returned but not interpreted by Cloudflare.
- name: name
description: |
The components of the user's real name.
value:
familyName: "{{ familyName }}"
formatted: "{{ formatted }}"
givenName: "{{ givenName }}"
- name: schemas
value:
- "{{ schemas }}"
description: |
Must contain `urn:ietf:params:scim:schemas:core:2.0:User`.
- name: userName
value: "{{ userName }}"
description: |
Unique identifier for the user, equal to the user's email address.
UPDATE examples
- scim_users_patch
Partially updates a SCIM User via PATCH operations (RFC 7644 Section 3.5.2). Supports updating userName, name.givenName, name.familyName, and active. Setting active: false deprovisions the user (removes them from the account). For IdP compatibility, emails[type eq "work"].value is also accepted as an alias for userName.
UPDATE cloudflare.iam.users
SET
Operations = '{{ Operations }}',
schemas = '{{ schemas }}'
WHERE
account_id = '{{ account_id }}' --required
AND user_id = '{{ user_id }}' --required
AND schemas = '{{ schemas }}' --required
AND Operations = '{{ Operations }}' --required
RETURNING
contents;
REPLACE examples
- scim_users_put
Replaces a SCIM User resource (RFC 7644 Section 3.5.1). Fully replaces the mutable attributes of the user. Supports updating userName, name, emails, and active.
REPLACE cloudflare.iam.users
SET
active = {{ active }},
displayName = '{{ displayName }}',
emails = '{{ emails }}',
externalId = '{{ externalId }}',
name = '{{ name }}',
schemas = '{{ schemas }}',
userName = '{{ userName }}'
WHERE
account_id = '{{ account_id }}' --required
AND user_id = '{{ user_id }}' --required
AND schemas = '{{ schemas }}' --required
AND userName = '{{ userName }}' --required
RETURNING
contents;