users

Creates, updates, deletes, gets or lists a users resource.

Overview

Name	users
Type	Resource
Id	cloudflare.zero_trust.users

Fields

The following fields are returned by SELECT queries:

get

Get user response

Name	Datatype	Description
id	string	UUID. (example: f174e90a-fafe-4643-bbbc-4a0ed4fc8415)
name	string	The name of the user. (example: Jane Doe)
access_seat	boolean	True if the user has authenticated with Cloudflare Access.
active_device_count	number	The number of active devices registered to the user.
created_at	string (date-time)	(example: 2014-01-01T05:20:00.12345Z)
email	string (email)	The email of the user. (example: jdoe@example.com)
gateway_seat	boolean	True if the user has logged into the WARP client.
last_successful_login	string (date-time)	The time at which the user last successfully logged in. (example: 2020-07-01T05:20:00Z)
seat_uid	string	The unique API identifier for the Zero Trust seat.
uid	string	The unique API identifier for the user.
updated_at	string (date-time)	(example: 2014-01-01T05:20:00.12345Z)

Methods

The following methods are available for this resource:

Name	Accessible by	Required Params	Optional Params	Description
get	select	user_id, account_id		Gets a specific user for an account.
create	insert	account_id, email		Creates a new user.
update	replace	user_id, account_id, name, email		Updates a specific user's name for an account. Requires the user's current email as confirmation (email cannot be changed).
delete	delete	user_id, account_id		Deletes a specific user for an account. This will also revoke any active seats and tokens for the user.
delete_mfa_authenticators	exec	user_id, account_id, authenticator_id		Deletes a specific MFA device for a user. This action is only available if MFA is turned on for the organization.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

Name	Datatype	Description
account_id	string	The Cloudflare account ID.
authenticator_id	string
user_id	string	The user ID.

SELECT examples

get

Gets a specific user for an account.

SELECT
id,
name,
access_seat,
active_device_count,
created_at,
email,
gateway_seat,
last_successful_login,
seat_uid,
uid,
updated_at
FROM cloudflare.zero_trust.users
WHERE user_id = '{{ user_id }}' -- required
AND account_id = '{{ account_id }}' -- required
;

INSERT examples

create

Creates a new user.

INSERT INTO cloudflare.zero_trust.users (
email,
name,
account_id
)
SELECT 
'{{ email }}' /* required */,
'{{ name }}',
'{{ account_id }}'
RETURNING
errors,
messages,
result,
success
;

Manifest

# Description fields are for documentation purposes
- name: users
props:
  - name: account_id
    value: "{{ account_id }}"
    description: Required parameter for the users resource.
  - name: email
    value: "{{ email }}"
    description: |
      The email of the user.
  - name: name
    value: "{{ name }}"
    description: |
      The name of the user.

REPLACE examples

update

Updates a specific user's name for an account. Requires the user's current email as confirmation (email cannot be changed).

REPLACE cloudflare.zero_trust.users
SET 
email = '{{ email }}',
name = '{{ name }}'
WHERE 
user_id = '{{ user_id }}' --required
AND account_id = '{{ account_id }}' --required
AND name = '{{ name }}' --required
AND email = '{{ email }}' --required
RETURNING
errors,
messages,
result,
success;

DELETE examples

delete

Deletes a specific user for an account. This will also revoke any active seats and tokens for the user.

DELETE FROM cloudflare.zero_trust.users
WHERE user_id = '{{ user_id }}' --required
AND account_id = '{{ account_id }}' --required
;

Lifecycle Methods

delete_mfa_authenticators

Deletes a specific MFA device for a user. This action is only available if MFA is turned on for the organization.

EXEC cloudflare.zero_trust.users.delete_mfa_authenticators 
@user_id='{{ user_id }}' --required, 
@account_id='{{ account_id }}' --required, 
@authenticator_id='{{ authenticator_id }}' --required
;