Provision a user or service account in an enterprise organization
POST/organizations/:organization_id/users
Provisions a user into an enterprise organization, assigning them the base user role plus the org-scoped org-client role. Two userTypes are supported:
human— a managed end-user. RequiresfirstNameandlastName. An Authentik identity is created (if absent) and a password-recovery / welcome email is sent.descriptionis ignored.client-managed— a service account with no external IdP identity. Requiresemail(and acceptsdescription);firstName/lastNameare ignored. This is the only user type for which anoat_API token can subsequently be minted (seePOST .../users/{user_id}/tokens).
If a user with the given email already exists on the platform, they are attached to the organization (granted org-client) instead of being recreated; an existing member of this org returns 400.
The response data.id is the new (or attached) user / service-account ID. Requires user:write, an enterprise organization, and at least the org-admin role.
Request
Responses
- 200
- 400
- 401
- 404
The created (or attached) managed user / service account
Validation error — e.g. missing first/last name for a human user, or the user is already a member of this organization
Caller lacks permission to create users in this organization
Organization not found