Create SSO user

Available in Classic and VPC

Create an SSO user based on the user information of an external account. You can log in to the NAVER Cloud Platform with the external account used to create the SSO user.

Note

Up to 100 SSO users can be created.

Request

This section describes the request format. The method and URI are as follows:

Method	URI
POST	/api/v1/users

Request headers

For information about the headers common to all Ncloud Single Sign-On APIs, see Ncloud Single Sign-On request headers.

Request body

You can include the following data in the body of your request:

Field	Type	Required	Description
`loginId`	String	Required	SSO user login ID 3-60 characters Email format Can't be changed after creation
`description`	String	Optional	SSO user description 0-300 characters
`userProfile`	Object	Optional	SSO user profile information
`userProfile.firstName`	String	Optional	SSO user name 0-200 characters
`userProfile.lastName`	String	Optional	SSO user last name 0-200 characters
`userProfile.email`	String	Optional	SSO user email address 0-200 characters
`userProfile.empNo`	String	Optional	SSO user employee number 0-200 characters
`userProfile.phoneCountryCode`	String	Optional	SSO user country code 0-10 characters Country code format
`userProfile.phoneNo`	String	Optional	SSO user mobile phone number 0-200 characters Mobile phone number format
`userProfile.deptName`	String	Optional	SSO user department name 0-200 characters
`accessRules`	Object	Required	Access rule information
`accessRules.consoleAccessAllowed`	Boolean	Required	Whether to allow console access `true` \| `false` `true`: allow `false`: not allow
`accessRules.apiAccessAllowed`	Boolean	Required	Whether to allow API Gateway access `true` \| `false` `true`: allow `false`: not allow

Request example

The request example is as follows:

curl --location --request POST 'https://sso.apigw.ntruss.com/api/v1/users' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--data '{
    "loginId": "******@ncloud.com",
    "description": "SSO User",
    "userProfile": {
        "firstName": "Gildong",
        "lastName": "Hong",
        "email": "******@ncloud.com",
        "empNo": "00112233",
        "phoneCountryCode": "82",
        "phoneNo": "010-0000-0000",
        "deptName": "Department"
    },
    "accessRules": {
        "consoleAccessAllowed": true,
        "apiAccessAllowed": true
    }
}'

Response

This section describes the response format.

Response body

The response body includes the following data:

Field	Type	Required	Description
`userId`	String	-	SSO user ID
`loginId`	String	-	SSO user login ID
`nrn`	String	-	NAVER Cloud Platform resource identification value for SSO user
`userProfile`	Object	-	SSO user profile information
`userProfile.firstName`	String	-	SSO user name
`userProfile.lastName`	String	-	SSO user last name
`userProfile.email`	String	-	SSO user email address
`userProfile.emailVerified`	Boolean	-	Email address verification status `true` \| `false` `true`: verification completed `false`: verification required
`userProfile.empNo`	String	-	SSO user employee number
`userProfile.phoneCountryCode`	String	-	SSO user country number
`userProfile.phoneNo`	String	-	SSO user mobile phone number
`userProfile.phoneNoVerified`	Boolean	-	Mobile phone number verification status `true` \| `false` `true`: verification completed `false`: verification required
`userProfile.deptName`	String	-	SSO user department name
`accessRules`	Object	-	Access rule information
`accessRules.consoleAccessAllowed`	Boolean	-	Whether to allow console access `true` \| `false` `true`: allow `false`: not allow
`accessRules.apiAccessAllowed`	Boolean	-	Whether to allow API Gateway access `true` \| `false` `true`: allow `false`: not allow
`status`	String	-	SSO user status `active` \| `suspended` `active`: in use (enabled) `suspended`: suspended (disabled)
`description`	String	-	SSO user description
`lastLoginAt`	String	-	SSO user last access date and time ISO 8601 format
`createdAt`	String	-	SSO user creation date and time ISO 8601 format
`updatedAt`	String	-	SSO user modification date and time ISO 8601 format

Response status codes

For information about the response status codes common to all Ncloud Single Sign-On APIs, see Ncloud Single Sign-On response status codes.

Response example

The response example is as follows:

{
    "userId": "8306bedf-****-****-****-40394feacec8",
    "loginId": "******@ncloud.com",
    "nrn": "nrn:PUB:SSO::*******:User/8306bedf-****-****-****-40394feacec8",
    "userProfile": {
        "firstName": "Gildong",
        "lastName": "Hong",
        "email": "******@ncloud.com",
        "emailVerified": true,
        "empNo": "00112233",
        "phoneCountryCode": "82",
        "phoneNo": "010-0000-0000",
        "phoneNoVerified": true,
        "deptName": "Department"
    },
    "accessRules": {
        "consoleAccessAllowed": true,
        "apiAccessAllowed": true
    },
    "status": "active",
    "createdAt": "2025-01-03T05:04:54Z",
    "updatedAt": "2025-01-03T05:04:54Z",
    "description": "SSO User"
}