{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-apis/platform/iam/sidebars.yaml","oas-apis/platform/iam/openapi/iam-openapi.json":"oas-apis/platform/iam/openapi/iam-openapi.json"},"props":{"metadata":{"markdoc":{"tagList":["openapi-code-sample","admonition"]},"type":"markdown"},"seo":{"title":"User Management","keywords":"documentation, api, portal, banking, payment, account information, aritma, psd2, open banking, reconciliation","description":"Developer documentation for Aritma's banking and financial APIs - payments, account information, webhooks, authentication and integrations.","meta":[{"name":"google-site-verification","content":"hplqlK_5O42BZjNnjtVQMEpxv9JkxcD1eH4J1T-NQmI"}],"llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":["openapi"],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"user-management","__idx":0},"children":["User Management"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["This guide walks through managing users in Aritma IAM — inviting users, listing them, and managing their OIDC roles."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"prerequisites","__idx":1},"children":["Prerequisites"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["An access token with IAM admin permissions"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["A configured tenant"]}]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"list-users","__idx":2},"children":["List users"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Retrieve a paginated list of all user subjects in your tenant. You can filter by a search query."]},{"$$mdtype":"Tag","name":"OpenApiCodeSample","attributes":{"descriptionFile":"oas-apis/platform/iam/openapi/iam-openapi.json","operationId":"GetUserSubjects","language":"curl","parameters":{},"environments":{}},"children":[]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"get-a-user","__idx":3},"children":["Get a user"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Retrieve a single user by their subject ID."]},{"$$mdtype":"Tag","name":"OpenApiCodeSample","attributes":{"descriptionFile":"oas-apis/platform/iam/openapi/iam-openapi.json","operationId":"GetUser","language":"curl","parameters":{},"environments":{}},"children":[]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"invite-a-user","__idx":4},"children":["Invite a user"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Send an invitation email to a user. The recipient will receive a link to complete registration in Aritma ID. Once they register, they become an active subject in your tenant."]},{"$$mdtype":"Tag","name":"OpenApiCodeSample","attributes":{"descriptionFile":"oas-apis/platform/iam/openapi/iam-openapi.json","operationId":"InviteUserSubject","language":"curl","parameters":{},"environments":{}},"children":[]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Parameter"},"children":["Parameter"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Description"},"children":["Description"]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["email"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["The email address to send the invitation to"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["redirectUrl"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["Optional. The URL the user will be redirected to after accepting the invitation. Useful for sending users to your own application after they complete registration"]}]}]}]}]},{"$$mdtype":"Tag","name":"Admonition","attributes":{"type":"info","name":"Note"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The user will appear in your tenant after they accept the invitation and complete registration. Until then, they are not listed as an active subject."]}]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"create-a-user-directly","__idx":5},"children":["Create a user directly"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["If your organization has verified domain ownership in Aritma IAM (see ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/apis/platform/iam/guides/domains"},"children":["Domains"]},"), you can create users directly within your tenant without sending an invitation email."]},{"$$mdtype":"Tag","name":"OpenApiCodeSample","attributes":{"descriptionFile":"oas-apis/platform/iam/openapi/iam-openapi.json","operationId":"CreateUserSubject","language":"curl","parameters":{},"environments":{}},"children":[]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Parameter"},"children":["Parameter"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Description"},"children":["Description"]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["email"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["The email address for the new user. Must belong to a verified domain"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["fullName"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["The full name of the new user"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["phoneNumber"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["The phone number of the new user"]}]}]}]}]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"assign-an-oidc-role-to-a-user","__idx":6},"children":["Assign an OIDC role to a user"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["OIDC roles are claims included in the user's access token. They are used by your applications for their own authorization logic — they do not control access to Aritma resources. To grant access to Aritma resources, use ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/apis/platform/iam/guides/policies"},"children":["Policies"]}," instead."]},{"$$mdtype":"Tag","name":"OpenApiCodeSample","attributes":{"descriptionFile":"oas-apis/platform/iam/openapi/iam-openapi.json","operationId":"AssignRoleToUser","language":"curl","parameters":{},"environments":{}},"children":[]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"remove-an-oidc-role-from-a-user","__idx":7},"children":["Remove an OIDC role from a user"]},{"$$mdtype":"Tag","name":"OpenApiCodeSample","attributes":{"descriptionFile":"oas-apis/platform/iam/openapi/iam-openapi.json","operationId":"RemoveRoleFromUser","language":"curl","parameters":{},"environments":{}},"children":[]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"view-a-users-permissions","__idx":8},"children":["View a user's permissions"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["To see the effective permissions for a user subject, use the subject permissions endpoint:"]},{"$$mdtype":"Tag","name":"OpenApiCodeSample","attributes":{"descriptionFile":"oas-apis/platform/iam/openapi/iam-openapi.json","operationId":"GetUserPermissions","language":"curl","parameters":{},"environments":{}},"children":[]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"view-a-users-group-memberships","__idx":9},"children":["View a user's group memberships"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["To see which groups a user belongs to:"]},{"$$mdtype":"Tag","name":"OpenApiCodeSample","attributes":{"descriptionFile":"oas-apis/platform/iam/openapi/iam-openapi.json","operationId":"GetSubjectMemberships","language":"curl","parameters":{},"environments":{}},"children":[]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"check-your-own-permissions","__idx":10},"children":["Check your own permissions"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Any authenticated subject can check their own permissions using the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["/v1/me"]}," endpoints - no admin rights required:"]},{"$$mdtype":"Tag","name":"OpenApiCodeSample","attributes":{"descriptionFile":"oas-apis/platform/iam/openapi/iam-openapi.json","operationId":"GetSelf","language":"curl","parameters":{},"environments":{}},"children":[]},{"$$mdtype":"Tag","name":"OpenApiCodeSample","attributes":{"descriptionFile":"oas-apis/platform/iam/openapi/iam-openapi.json","operationId":"GetOwnPermissions","language":"curl","parameters":{},"environments":{}},"children":[]},{"$$mdtype":"Tag","name":"OpenApiCodeSample","attributes":{"descriptionFile":"oas-apis/platform/iam/openapi/iam-openapi.json","operationId":"GetUserRoles","language":"curl","parameters":{},"environments":{}},"children":[]},{"$$mdtype":"Tag","name":"OpenApiCodeSample","attributes":{"descriptionFile":"oas-apis/platform/iam/openapi/iam-openapi.json","operationId":"GetUserClaims","language":"curl","parameters":{},"environments":{}},"children":[]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["GetUserClaims"]}," returns the OIDC claims assigned to your subject. Claims are key-value pairs included in your access token and are used by Aritma services and your own applications for authorization decisions."]}]},"headings":[{"value":"User Management","id":"user-management","depth":1},{"value":"Prerequisites","id":"prerequisites","depth":2},{"value":"List users","id":"list-users","depth":2},{"value":"Get a user","id":"get-a-user","depth":2},{"value":"Invite a user","id":"invite-a-user","depth":2},{"value":"Create a user directly","id":"create-a-user-directly","depth":2},{"value":"Assign an OIDC role to a user","id":"assign-an-oidc-role-to-a-user","depth":2},{"value":"Remove an OIDC role from a user","id":"remove-an-oidc-role-from-a-user","depth":2},{"value":"View a user's permissions","id":"view-a-users-permissions","depth":2},{"value":"View a user's group memberships","id":"view-a-users-group-memberships","depth":2},{"value":"Check your own permissions","id":"check-your-own-permissions","depth":2}],"frontmatter":{"title":"User Management","seo":{"title":"User Management"}},"lastModified":"2026-05-08T13:38:07.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/apis/platform/iam/guides/user-management","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}