SDK for PHP 3.x

AWS SSO Identity Store 2020-06-15

Client: Aws\IdentityStore\IdentityStoreClient
Service ID: identitystore
Version: 2020-06-15

This page describes the parameters and results for the operations of the AWS SSO Identity Store (2020-06-15), and shows how to use the Aws\IdentityStore\IdentityStoreClient object to call the described operations. This documentation is specific to the 2020-06-15 API version of the service.

Operation Summary

Each of the following operations can be created from a client using $client->getCommand('CommandName'), where "CommandName" is the name of one of the following operations. Note: a command is a value that encapsulates an operation and the parameters used to create an HTTP request.

You can also create and send a command immediately using the magic methods available on a client object: $client->commandName(/* parameters */). You can send the command asynchronously (returning a promise) by appending the word "Async" to the operation name: $client->commandNameAsync(/* parameters */).

CreateGroup ( array $params = [] )
Creates a group within the specified identity store.
CreateGroupMembership ( array $params = [] )
Creates a relationship between a member and a group.
CreateUser ( array $params = [] )
Creates a user within the specified identity store.
DeleteGroup ( array $params = [] )
Delete a group within an identity store given GroupId.
DeleteGroupMembership ( array $params = [] )
Delete a membership within a group given MembershipId.
DeleteUser ( array $params = [] )
Deletes a user within an identity store given UserId.
DescribeGroup ( array $params = [] )
Retrieves the group metadata and attributes from GroupId in an identity store.
DescribeGroupMembership ( array $params = [] )
Retrieves membership metadata and attributes from MembershipId in an identity store.
DescribeUser ( array $params = [] )
Retrieves the user metadata and attributes from the UserId in an identity store.
GetGroupId ( array $params = [] )
Retrieves GroupId in an identity store.
GetGroupMembershipId ( array $params = [] )
Retrieves the MembershipId in an identity store.
GetUserId ( array $params = [] )
Retrieves the UserId in an identity store.
IsMemberInGroups ( array $params = [] )
Checks the user's membership in all requested groups and returns if the member exists in all queried groups.
ListGroupMemberships ( array $params = [] )
For the specified group in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form.
ListGroupMembershipsForMember ( array $params = [] )
For the specified member in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form.
ListGroups ( array $params = [] )
Lists all groups in the identity store.
ListUsers ( array $params = [] )
Lists all users in the identity store.
UpdateGroup ( array $params = [] )
For the specified group in the specified identity store, updates the group metadata and attributes.
UpdateUser ( array $params = [] )
For the specified user in the specified identity store, updates the user metadata and attributes.

Paginators

Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:

ListGroupMemberships
ListGroupMembershipsForMember
ListGroups
ListUsers

Operations

CreateGroup 

$result = $client->createGroup([/* ... */]);
$promise = $client->createGroupAsync([/* ... */]);

Creates a group within the specified identity store.

Parameter Syntax

$result = $client->createGroup([
    'Description' => '<string>',
    'DisplayName' => '<string>',
    'IdentityStoreId' => '<string>', // REQUIRED
]);

Parameter Details

Members
Description
Type: string

A string containing the description of the group.

DisplayName
Type: string

A string containing the name of the group. This value is commonly displayed when the group is referenced. Administrator and AWSAdministrators are reserved names and can't be used for users or groups.

IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

Result Syntax

[
    'GroupId' => '<string>',
    'IdentityStoreId' => '<string>',
]

Result Details

Members
GroupId
Required: Yes
Type: string

The identifier of the newly created group in the identity store.

IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

Errors

ResourceNotFoundException:

Indicates that a requested resource is not found.

ThrottlingException:

Indicates that the principal has crossed the throttling limits of the API operations.

AccessDeniedException:

You do not have sufficient access to perform this action.

ConflictException:

This request cannot be completed for one of the following reasons:

  • Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.

  • The requested resource was being concurrently modified by another request.

InternalServerException:

The request processing has failed because of an unknown error, exception or failure with an internal server.

ValidationException:

The request failed because it contains a syntax error.

ServiceQuotaExceededException:

The request would cause the number of users or groups in the identity store to exceed the maximum allowed.

CreateGroupMembership 

$result = $client->createGroupMembership([/* ... */]);
$promise = $client->createGroupMembershipAsync([/* ... */]);

Creates a relationship between a member and a group. The following identifiers must be specified: GroupId, IdentityStoreId, and MemberId.

Parameter Syntax

$result = $client->createGroupMembership([
    'GroupId' => '<string>', // REQUIRED
    'IdentityStoreId' => '<string>', // REQUIRED
    'MemberId' => [ // REQUIRED
        'UserId' => '<string>',
    ],
]);

Parameter Details

Members
GroupId
Required: Yes
Type: string

The identifier for a group in the identity store.

IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

MemberId
Required: Yes
Type: MemberId structure

An object that contains the identifier of a group member. Setting the UserID field to the specific identifier for a user indicates that the user is a member of the group.

Result Syntax

[
    'IdentityStoreId' => '<string>',
    'MembershipId' => '<string>',
]

Result Details

Members
IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

MembershipId
Required: Yes
Type: string

The identifier for a newly created GroupMembership in an identity store.

Errors

ResourceNotFoundException:

Indicates that a requested resource is not found.

ThrottlingException:

Indicates that the principal has crossed the throttling limits of the API operations.

AccessDeniedException:

You do not have sufficient access to perform this action.

ConflictException:

This request cannot be completed for one of the following reasons:

  • Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.

  • The requested resource was being concurrently modified by another request.

InternalServerException:

The request processing has failed because of an unknown error, exception or failure with an internal server.

ValidationException:

The request failed because it contains a syntax error.

ServiceQuotaExceededException:

The request would cause the number of users or groups in the identity store to exceed the maximum allowed.

CreateUser 

$result = $client->createUser([/* ... */]);
$promise = $client->createUserAsync([/* ... */]);

Creates a user within the specified identity store.

Parameter Syntax

$result = $client->createUser([
    'Addresses' => [
        [
            'Country' => '<string>',
            'Formatted' => '<string>',
            'Locality' => '<string>',
            'PostalCode' => '<string>',
            'Primary' => true || false,
            'Region' => '<string>',
            'StreetAddress' => '<string>',
            'Type' => '<string>',
        ],
        // ...
    ],
    'DisplayName' => '<string>',
    'Emails' => [
        [
            'Primary' => true || false,
            'Type' => '<string>',
            'Value' => '<string>',
        ],
        // ...
    ],
    'IdentityStoreId' => '<string>', // REQUIRED
    'Locale' => '<string>',
    'Name' => [
        'FamilyName' => '<string>',
        'Formatted' => '<string>',
        'GivenName' => '<string>',
        'HonorificPrefix' => '<string>',
        'HonorificSuffix' => '<string>',
        'MiddleName' => '<string>',
    ],
    'NickName' => '<string>',
    'PhoneNumbers' => [
        [
            'Primary' => true || false,
            'Type' => '<string>',
            'Value' => '<string>',
        ],
        // ...
    ],
    'PreferredLanguage' => '<string>',
    'ProfileUrl' => '<string>',
    'Timezone' => '<string>',
    'Title' => '<string>',
    'UserName' => '<string>',
    'UserType' => '<string>',
]);

Parameter Details

Members
Addresses
Type: Array of Address structures

A list of Address objects containing addresses associated with the user.

DisplayName
Type: string

A string containing the name of the user. This value is typically formatted for display when the user is referenced. For example, "John Doe."

Emails
Type: Array of Email structures

A list of Email objects containing email addresses associated with the user.

IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

Locale
Type: string

A string containing the geographical region or location of the user.

Name
Type: Name structure

An object containing the name of the user.

NickName
Type: string

A string containing an alternate name for the user.

PhoneNumbers
Type: Array of PhoneNumber structures

A list of PhoneNumber objects containing phone numbers associated with the user.

PreferredLanguage
Type: string

A string containing the preferred language of the user. For example, "American English" or "en-us."

ProfileUrl
Type: string

A string containing a URL that might be associated with the user.

Timezone
Type: string

A string containing the time zone of the user.

Title
Type: string

A string containing the title of the user. Possible values are left unspecified. The value can vary based on your specific use case.

UserName
Type: string

A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store. Administrator and AWSAdministrators are reserved names and can't be used for users or groups.

UserType
Type: string

A string indicating the type of user. Possible values are left unspecified. The value can vary based on your specific use case.

Result Syntax

[
    'IdentityStoreId' => '<string>',
    'UserId' => '<string>',
]

Result Details

Members
IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

UserId
Required: Yes
Type: string

The identifier of the newly created user in the identity store.

Errors

ResourceNotFoundException:

Indicates that a requested resource is not found.

ThrottlingException:

Indicates that the principal has crossed the throttling limits of the API operations.

AccessDeniedException:

You do not have sufficient access to perform this action.

ConflictException:

This request cannot be completed for one of the following reasons:

  • Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.

  • The requested resource was being concurrently modified by another request.

InternalServerException:

The request processing has failed because of an unknown error, exception or failure with an internal server.

ValidationException:

The request failed because it contains a syntax error.

ServiceQuotaExceededException:

The request would cause the number of users or groups in the identity store to exceed the maximum allowed.

DeleteGroup 

$result = $client->deleteGroup([/* ... */]);
$promise = $client->deleteGroupAsync([/* ... */]);

Delete a group within an identity store given GroupId.

Parameter Syntax

$result = $client->deleteGroup([
    'GroupId' => '<string>', // REQUIRED
    'IdentityStoreId' => '<string>', // REQUIRED
]);

Parameter Details

Members
GroupId
Required: Yes
Type: string

The identifier for a group in the identity store.

IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ResourceNotFoundException:

Indicates that a requested resource is not found.

ThrottlingException:

Indicates that the principal has crossed the throttling limits of the API operations.

AccessDeniedException:

You do not have sufficient access to perform this action.

ConflictException:

This request cannot be completed for one of the following reasons:

  • Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.

  • The requested resource was being concurrently modified by another request.

InternalServerException:

The request processing has failed because of an unknown error, exception or failure with an internal server.

ValidationException:

The request failed because it contains a syntax error.

DeleteGroupMembership 

$result = $client->deleteGroupMembership([/* ... */]);
$promise = $client->deleteGroupMembershipAsync([/* ... */]);

Delete a membership within a group given MembershipId.

Parameter Syntax

$result = $client->deleteGroupMembership([
    'IdentityStoreId' => '<string>', // REQUIRED
    'MembershipId' => '<string>', // REQUIRED
]);

Parameter Details

Members
IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

MembershipId
Required: Yes
Type: string

The identifier for a GroupMembership in an identity store.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ResourceNotFoundException:

Indicates that a requested resource is not found.

ThrottlingException:

Indicates that the principal has crossed the throttling limits of the API operations.

AccessDeniedException:

You do not have sufficient access to perform this action.

ConflictException:

This request cannot be completed for one of the following reasons:

  • Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.

  • The requested resource was being concurrently modified by another request.

InternalServerException:

The request processing has failed because of an unknown error, exception or failure with an internal server.

ValidationException:

The request failed because it contains a syntax error.

DeleteUser 

$result = $client->deleteUser([/* ... */]);
$promise = $client->deleteUserAsync([/* ... */]);

Deletes a user within an identity store given UserId.

Parameter Syntax

$result = $client->deleteUser([
    'IdentityStoreId' => '<string>', // REQUIRED
    'UserId' => '<string>', // REQUIRED
]);

Parameter Details

Members
IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

UserId
Required: Yes
Type: string

The identifier for a user in the identity store.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ResourceNotFoundException:

Indicates that a requested resource is not found.

ThrottlingException:

Indicates that the principal has crossed the throttling limits of the API operations.

AccessDeniedException:

You do not have sufficient access to perform this action.

ConflictException:

This request cannot be completed for one of the following reasons:

  • Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.

  • The requested resource was being concurrently modified by another request.

InternalServerException:

The request processing has failed because of an unknown error, exception or failure with an internal server.

ValidationException:

The request failed because it contains a syntax error.

DescribeGroup 

$result = $client->describeGroup([/* ... */]);
$promise = $client->describeGroupAsync([/* ... */]);

Retrieves the group metadata and attributes from GroupId in an identity store.

If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.

Parameter Syntax

$result = $client->describeGroup([
    'GroupId' => '<string>', // REQUIRED
    'IdentityStoreId' => '<string>', // REQUIRED
]);

Parameter Details

Members
GroupId
Required: Yes
Type: string

The identifier for a group in the identity store.

IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store, such as d-1234567890. In this example, d- is a fixed prefix, and 1234567890 is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created.

Result Syntax

[
    'Description' => '<string>',
    'DisplayName' => '<string>',
    'ExternalIds' => [
        [
            'Id' => '<string>',
            'Issuer' => '<string>',
        ],
        // ...
    ],
    'GroupId' => '<string>',
    'IdentityStoreId' => '<string>',
]

Result Details

Members
Description
Type: string

A string containing a description of the group.

DisplayName
Type: string

The group’s display name value. The length limit is 1,024 characters. This value can consist of letters, accented characters, symbols, numbers, punctuation, tab, new line, carriage return, space, and nonbreaking space in this attribute. This value is specified at the time that the group is created and stored as an attribute of the group object in the identity store.

ExternalIds
Type: Array of ExternalId structures

A list of ExternalId objects that contains the identifiers issued to this resource by an external identity provider.

GroupId
Required: Yes
Type: string

The identifier for a group in the identity store.

IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

Errors

ResourceNotFoundException:

Indicates that a requested resource is not found.

ThrottlingException:

Indicates that the principal has crossed the throttling limits of the API operations.

AccessDeniedException:

You do not have sufficient access to perform this action.

InternalServerException:

The request processing has failed because of an unknown error, exception or failure with an internal server.

ValidationException:

The request failed because it contains a syntax error.

DescribeGroupMembership 

$result = $client->describeGroupMembership([/* ... */]);
$promise = $client->describeGroupMembershipAsync([/* ... */]);

Retrieves membership metadata and attributes from MembershipId in an identity store.

If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.

Parameter Syntax

$result = $client->describeGroupMembership([
    'IdentityStoreId' => '<string>', // REQUIRED
    'MembershipId' => '<string>', // REQUIRED
]);

Parameter Details

Members
IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

MembershipId
Required: Yes
Type: string

The identifier for a GroupMembership in an identity store.

Result Syntax

[
    'GroupId' => '<string>',
    'IdentityStoreId' => '<string>',
    'MemberId' => [
        'UserId' => '<string>',
    ],
    'MembershipId' => '<string>',
]

Result Details

Members
GroupId
Required: Yes
Type: string

The identifier for a group in the identity store.

IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

MemberId
Required: Yes
Type: MemberId structure

An object containing the identifier of a group member.

MembershipId
Required: Yes
Type: string

The identifier for a GroupMembership in an identity store.

Errors

ResourceNotFoundException:

Indicates that a requested resource is not found.

ThrottlingException:

Indicates that the principal has crossed the throttling limits of the API operations.

AccessDeniedException:

You do not have sufficient access to perform this action.

InternalServerException:

The request processing has failed because of an unknown error, exception or failure with an internal server.

ValidationException:

The request failed because it contains a syntax error.

DescribeUser 

$result = $client->describeUser([/* ... */]);
$promise = $client->describeUserAsync([/* ... */]);

Retrieves the user metadata and attributes from the UserId in an identity store.

If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.

Parameter Syntax

$result = $client->describeUser([
    'IdentityStoreId' => '<string>', // REQUIRED
    'UserId' => '<string>', // REQUIRED
]);

Parameter Details

Members
IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store, such as d-1234567890. In this example, d- is a fixed prefix, and 1234567890 is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created.

UserId
Required: Yes
Type: string

The identifier for a user in the identity store.

Result Syntax

[
    'Addresses' => [
        [
            'Country' => '<string>',
            'Formatted' => '<string>',
            'Locality' => '<string>',
            'PostalCode' => '<string>',
            'Primary' => true || false,
            'Region' => '<string>',
            'StreetAddress' => '<string>',
            'Type' => '<string>',
        ],
        // ...
    ],
    'DisplayName' => '<string>',
    'Emails' => [
        [
            'Primary' => true || false,
            'Type' => '<string>',
            'Value' => '<string>',
        ],
        // ...
    ],
    'ExternalIds' => [
        [
            'Id' => '<string>',
            'Issuer' => '<string>',
        ],
        // ...
    ],
    'IdentityStoreId' => '<string>',
    'Locale' => '<string>',
    'Name' => [
        'FamilyName' => '<string>',
        'Formatted' => '<string>',
        'GivenName' => '<string>',
        'HonorificPrefix' => '<string>',
        'HonorificSuffix' => '<string>',
        'MiddleName' => '<string>',
    ],
    'NickName' => '<string>',
    'PhoneNumbers' => [
        [
            'Primary' => true || false,
            'Type' => '<string>',
            'Value' => '<string>',
        ],
        // ...
    ],
    'PreferredLanguage' => '<string>',
    'ProfileUrl' => '<string>',
    'Timezone' => '<string>',
    'Title' => '<string>',
    'UserId' => '<string>',
    'UserName' => '<string>',
    'UserType' => '<string>',
]

Result Details

Members
Addresses
Type: Array of Address structures

The physical address of the user.

DisplayName
Type: string

The display name of the user.

Emails
Type: Array of Email structures

The email address of the user.

ExternalIds
Type: Array of ExternalId structures

A list of ExternalId objects that contains the identifiers issued to this resource by an external identity provider.

IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

Locale
Type: string

A string containing the geographical region or location of the user.

Name
Type: Name structure

The name of the user.

NickName
Type: string

An alternative descriptive name for the user.

PhoneNumbers
Type: Array of PhoneNumber structures

A list of PhoneNumber objects associated with a user.

PreferredLanguage
Type: string

The preferred language of the user.

ProfileUrl
Type: string

A URL link for the user's profile.

Timezone
Type: string

The time zone for a user.

Title
Type: string

A string containing the title of the user.

UserId
Required: Yes
Type: string

The identifier for a user in the identity store.

UserName
Type: string

A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.

UserType
Type: string

A string indicating the type of user.

Errors

ResourceNotFoundException:

Indicates that a requested resource is not found.

ThrottlingException:

Indicates that the principal has crossed the throttling limits of the API operations.

AccessDeniedException:

You do not have sufficient access to perform this action.

InternalServerException:

The request processing has failed because of an unknown error, exception or failure with an internal server.

ValidationException:

The request failed because it contains a syntax error.

GetGroupId 

$result = $client->getGroupId([/* ... */]);
$promise = $client->getGroupIdAsync([/* ... */]);

Retrieves GroupId in an identity store.

If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.

Parameter Syntax

$result = $client->getGroupId([
    'AlternateIdentifier' => [ // REQUIRED
        'ExternalId' => [
            'Id' => '<string>', // REQUIRED
            'Issuer' => '<string>', // REQUIRED
        ],
        'UniqueAttribute' => [
            'AttributePath' => '<string>', // REQUIRED
            'AttributeValue' => [ // REQUIRED
            ],
        ],
    ],
    'IdentityStoreId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AlternateIdentifier
Required: Yes
Type: AlternateIdentifier structure

A unique identifier for a user or group that is not the primary identifier. This value can be an identifier from an external identity provider (IdP) that is associated with the user, the group, or a unique attribute. For the unique attribute, the only valid path is displayName.

IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

Result Syntax

[
    'GroupId' => '<string>',
    'IdentityStoreId' => '<string>',
]

Result Details

Members
GroupId
Required: Yes
Type: string

The identifier for a group in the identity store.

IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

Errors

ResourceNotFoundException:

Indicates that a requested resource is not found.

ThrottlingException:

Indicates that the principal has crossed the throttling limits of the API operations.

AccessDeniedException:

You do not have sufficient access to perform this action.

InternalServerException:

The request processing has failed because of an unknown error, exception or failure with an internal server.

ValidationException:

The request failed because it contains a syntax error.

GetGroupMembershipId 

$result = $client->getGroupMembershipId([/* ... */]);
$promise = $client->getGroupMembershipIdAsync([/* ... */]);

Retrieves the MembershipId in an identity store.

If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.

Parameter Syntax

$result = $client->getGroupMembershipId([
    'GroupId' => '<string>', // REQUIRED
    'IdentityStoreId' => '<string>', // REQUIRED
    'MemberId' => [ // REQUIRED
        'UserId' => '<string>',
    ],
]);

Parameter Details

Members
GroupId
Required: Yes
Type: string

The identifier for a group in the identity store.

IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

MemberId
Required: Yes
Type: MemberId structure

An object that contains the identifier of a group member. Setting the UserID field to the specific identifier for a user indicates that the user is a member of the group.

Result Syntax

[
    'IdentityStoreId' => '<string>',
    'MembershipId' => '<string>',
]

Result Details

Members
IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

MembershipId
Required: Yes
Type: string

The identifier for a GroupMembership in an identity store.

Errors

ResourceNotFoundException:

Indicates that a requested resource is not found.

ThrottlingException:

Indicates that the principal has crossed the throttling limits of the API operations.

AccessDeniedException:

You do not have sufficient access to perform this action.

InternalServerException:

The request processing has failed because of an unknown error, exception or failure with an internal server.

ValidationException:

The request failed because it contains a syntax error.

GetUserId 

$result = $client->getUserId([/* ... */]);
$promise = $client->getUserIdAsync([/* ... */]);

Retrieves the UserId in an identity store.

If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.

Parameter Syntax

$result = $client->getUserId([
    'AlternateIdentifier' => [ // REQUIRED
        'ExternalId' => [
            'Id' => '<string>', // REQUIRED
            'Issuer' => '<string>', // REQUIRED
        ],
        'UniqueAttribute' => [
            'AttributePath' => '<string>', // REQUIRED
            'AttributeValue' => [ // REQUIRED
            ],
        ],
    ],
    'IdentityStoreId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AlternateIdentifier
Required: Yes
Type: AlternateIdentifier structure

A unique identifier for a user or group that is not the primary identifier. This value can be an identifier from an external identity provider (IdP) that is associated with the user, the group, or a unique attribute. For the unique attribute, the only valid paths are userName and emails.value.

IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

Result Syntax

[
    'IdentityStoreId' => '<string>',
    'UserId' => '<string>',
]

Result Details

Members
IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

UserId
Required: Yes
Type: string

The identifier for a user in the identity store.

Errors

ResourceNotFoundException:

Indicates that a requested resource is not found.

ThrottlingException:

Indicates that the principal has crossed the throttling limits of the API operations.

AccessDeniedException:

You do not have sufficient access to perform this action.

InternalServerException:

The request processing has failed because of an unknown error, exception or failure with an internal server.

ValidationException:

The request failed because it contains a syntax error.

IsMemberInGroups 

$result = $client->isMemberInGroups([/* ... */]);
$promise = $client->isMemberInGroupsAsync([/* ... */]);

Checks the user's membership in all requested groups and returns if the member exists in all queried groups.

If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.

Parameter Syntax

$result = $client->isMemberInGroups([
    'GroupIds' => ['<string>', ...], // REQUIRED
    'IdentityStoreId' => '<string>', // REQUIRED
    'MemberId' => [ // REQUIRED
        'UserId' => '<string>',
    ],
]);

Parameter Details

Members
GroupIds
Required: Yes
Type: Array of strings

A list of identifiers for groups in the identity store.

IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

MemberId
Required: Yes
Type: MemberId structure

An object containing the identifier of a group member.

Result Syntax

[
    'Results' => [
        [
            'GroupId' => '<string>',
            'MemberId' => [
                'UserId' => '<string>',
            ],
            'MembershipExists' => true || false,
        ],
        // ...
    ],
]

Result Details

Members
Results
Required: Yes
Type: Array of GroupMembershipExistenceResult structures

A list containing the results of membership existence checks.

Errors

ResourceNotFoundException:

Indicates that a requested resource is not found.

ThrottlingException:

Indicates that the principal has crossed the throttling limits of the API operations.

AccessDeniedException:

You do not have sufficient access to perform this action.

InternalServerException:

The request processing has failed because of an unknown error, exception or failure with an internal server.

ValidationException:

The request failed because it contains a syntax error.

ListGroupMemberships 

$result = $client->listGroupMemberships([/* ... */]);
$promise = $client->listGroupMembershipsAsync([/* ... */]);

For the specified group in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form.

If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.

Parameter Syntax

$result = $client->listGroupMemberships([
    'GroupId' => '<string>', // REQUIRED
    'IdentityStoreId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
GroupId
Required: Yes
Type: string

The identifier for a group in the identity store.

IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

MaxResults
Type: int

The maximum number of results to be returned per request. This parameter is used in all List requests to specify how many results to return in one page.

NextToken
Type: string

The pagination token used for the ListUsers, ListGroups and ListGroupMemberships API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

Result Syntax

[
    'GroupMemberships' => [
        [
            'GroupId' => '<string>',
            'IdentityStoreId' => '<string>',
            'MemberId' => [
                'UserId' => '<string>',
            ],
            'MembershipId' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
GroupMemberships
Required: Yes
Type: Array of GroupMembership structures

A list of GroupMembership objects in the group.

NextToken
Type: string

The pagination token used for the ListUsers, ListGroups, and ListGroupMemberships API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

Errors

ResourceNotFoundException:

Indicates that a requested resource is not found.

ThrottlingException:

Indicates that the principal has crossed the throttling limits of the API operations.

AccessDeniedException:

You do not have sufficient access to perform this action.

InternalServerException:

The request processing has failed because of an unknown error, exception or failure with an internal server.

ValidationException:

The request failed because it contains a syntax error.

ListGroupMembershipsForMember 

$result = $client->listGroupMembershipsForMember([/* ... */]);
$promise = $client->listGroupMembershipsForMemberAsync([/* ... */]);

For the specified member in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form.

If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.

Parameter Syntax

$result = $client->listGroupMembershipsForMember([
    'IdentityStoreId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'MemberId' => [ // REQUIRED
        'UserId' => '<string>',
    ],
    'NextToken' => '<string>',
]);

Parameter Details

Members
IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

MaxResults
Type: int

The maximum number of results to be returned per request. This parameter is used in the ListUsers and ListGroups requests to specify how many results to return in one page. The length limit is 50 characters.

MemberId
Required: Yes
Type: MemberId structure

An object that contains the identifier of a group member. Setting the UserID field to the specific identifier for a user indicates that the user is a member of the group.

NextToken
Type: string

The pagination token used for the ListUsers, ListGroups, and ListGroupMemberships API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

Result Syntax

[
    'GroupMemberships' => [
        [
            'GroupId' => '<string>',
            'IdentityStoreId' => '<string>',
            'MemberId' => [
                'UserId' => '<string>',
            ],
            'MembershipId' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
GroupMemberships
Required: Yes
Type: Array of GroupMembership structures

A list of GroupMembership objects in the group for a specified member.

NextToken
Type: string

The pagination token used for the ListUsers, ListGroups, and ListGroupMemberships API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

Errors

ResourceNotFoundException:

Indicates that a requested resource is not found.

ThrottlingException:

Indicates that the principal has crossed the throttling limits of the API operations.

AccessDeniedException:

You do not have sufficient access to perform this action.

InternalServerException:

The request processing has failed because of an unknown error, exception or failure with an internal server.

ValidationException:

The request failed because it contains a syntax error.

ListGroups 

$result = $client->listGroups([/* ... */]);
$promise = $client->listGroupsAsync([/* ... */]);

Lists all groups in the identity store. Returns a paginated list of complete Group objects. Filtering for a Group by the DisplayName attribute is deprecated. Instead, use the GetGroupId API action.

If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.

Parameter Syntax

$result = $client->listGroups([
    'Filters' => [
        [
            'AttributePath' => '<string>', // REQUIRED
            'AttributeValue' => '<string>', // REQUIRED
        ],
        // ...
    ],
    'IdentityStoreId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
Filters
Type: Array of Filter structures

A list of Filter objects, which is used in the ListUsers and ListGroups requests.

IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store, such as d-1234567890. In this example, d- is a fixed prefix, and 1234567890 is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created.

MaxResults
Type: int

The maximum number of results to be returned per request. This parameter is used in the ListUsers and ListGroups requests to specify how many results to return in one page. The length limit is 50 characters.

NextToken
Type: string

The pagination token used for the ListUsers and ListGroups API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

Result Syntax

[
    'Groups' => [
        [
            'Description' => '<string>',
            'DisplayName' => '<string>',
            'ExternalIds' => [
                [
                    'Id' => '<string>',
                    'Issuer' => '<string>',
                ],
                // ...
            ],
            'GroupId' => '<string>',
            'IdentityStoreId' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
Groups
Required: Yes
Type: Array of Group structures

A list of Group objects in the identity store.

NextToken
Type: string

The pagination token used for the ListUsers and ListGroups API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it1 is used in the API request to search for the next page.

Errors

ResourceNotFoundException:

Indicates that a requested resource is not found.

ThrottlingException:

Indicates that the principal has crossed the throttling limits of the API operations.

AccessDeniedException:

You do not have sufficient access to perform this action.

InternalServerException:

The request processing has failed because of an unknown error, exception or failure with an internal server.

ValidationException:

The request failed because it contains a syntax error.

ListUsers 

$result = $client->listUsers([/* ... */]);
$promise = $client->listUsersAsync([/* ... */]);

Lists all users in the identity store. Returns a paginated list of complete User objects. Filtering for a User by the UserName attribute is deprecated. Instead, use the GetUserId API action.

If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.

Parameter Syntax

$result = $client->listUsers([
    'Filters' => [
        [
            'AttributePath' => '<string>', // REQUIRED
            'AttributeValue' => '<string>', // REQUIRED
        ],
        // ...
    ],
    'IdentityStoreId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
Filters
Type: Array of Filter structures

A list of Filter objects, which is used in the ListUsers and ListGroups requests.

IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store, such as d-1234567890. In this example, d- is a fixed prefix, and 1234567890 is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created.

MaxResults
Type: int

The maximum number of results to be returned per request. This parameter is used in the ListUsers and ListGroups requests to specify how many results to return in one page. The length limit is 50 characters.

NextToken
Type: string

The pagination token used for the ListUsers and ListGroups API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

Result Syntax

[
    'NextToken' => '<string>',
    'Users' => [
        [
            'Addresses' => [
                [
                    'Country' => '<string>',
                    'Formatted' => '<string>',
                    'Locality' => '<string>',
                    'PostalCode' => '<string>',
                    'Primary' => true || false,
                    'Region' => '<string>',
                    'StreetAddress' => '<string>',
                    'Type' => '<string>',
                ],
                // ...
            ],
            'DisplayName' => '<string>',
            'Emails' => [
                [
                    'Primary' => true || false,
                    'Type' => '<string>',
                    'Value' => '<string>',
                ],
                // ...
            ],
            'ExternalIds' => [
                [
                    'Id' => '<string>',
                    'Issuer' => '<string>',
                ],
                // ...
            ],
            'IdentityStoreId' => '<string>',
            'Locale' => '<string>',
            'Name' => [
                'FamilyName' => '<string>',
                'Formatted' => '<string>',
                'GivenName' => '<string>',
                'HonorificPrefix' => '<string>',
                'HonorificSuffix' => '<string>',
                'MiddleName' => '<string>',
            ],
            'NickName' => '<string>',
            'PhoneNumbers' => [
                [
                    'Primary' => true || false,
                    'Type' => '<string>',
                    'Value' => '<string>',
                ],
                // ...
            ],
            'PreferredLanguage' => '<string>',
            'ProfileUrl' => '<string>',
            'Timezone' => '<string>',
            'Title' => '<string>',
            'UserId' => '<string>',
            'UserName' => '<string>',
            'UserType' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The pagination token used for the ListUsers and ListGroups API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.

Users
Required: Yes
Type: Array of User structures

A list of User objects in the identity store.

Errors

ResourceNotFoundException:

Indicates that a requested resource is not found.

ThrottlingException:

Indicates that the principal has crossed the throttling limits of the API operations.

AccessDeniedException:

You do not have sufficient access to perform this action.

InternalServerException:

The request processing has failed because of an unknown error, exception or failure with an internal server.

ValidationException:

The request failed because it contains a syntax error.

UpdateGroup 

$result = $client->updateGroup([/* ... */]);
$promise = $client->updateGroupAsync([/* ... */]);

For the specified group in the specified identity store, updates the group metadata and attributes.

Parameter Syntax

$result = $client->updateGroup([
    'GroupId' => '<string>', // REQUIRED
    'IdentityStoreId' => '<string>', // REQUIRED
    'Operations' => [ // REQUIRED
        [
            'AttributePath' => '<string>', // REQUIRED
            'AttributeValue' => [
            ],
        ],
        // ...
    ],
]);

Parameter Details

Members
GroupId
Required: Yes
Type: string

The identifier for a group in the identity store.

IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

Operations
Required: Yes
Type: Array of AttributeOperation structures

A list of AttributeOperation objects to apply to the requested group. These operations might add, replace, or remove an attribute.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ResourceNotFoundException:

Indicates that a requested resource is not found.

ThrottlingException:

Indicates that the principal has crossed the throttling limits of the API operations.

AccessDeniedException:

You do not have sufficient access to perform this action.

ConflictException:

This request cannot be completed for one of the following reasons:

  • Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.

  • The requested resource was being concurrently modified by another request.

InternalServerException:

The request processing has failed because of an unknown error, exception or failure with an internal server.

ValidationException:

The request failed because it contains a syntax error.

ServiceQuotaExceededException:

The request would cause the number of users or groups in the identity store to exceed the maximum allowed.

UpdateUser 

$result = $client->updateUser([/* ... */]);
$promise = $client->updateUserAsync([/* ... */]);

For the specified user in the specified identity store, updates the user metadata and attributes.

Parameter Syntax

$result = $client->updateUser([
    'IdentityStoreId' => '<string>', // REQUIRED
    'Operations' => [ // REQUIRED
        [
            'AttributePath' => '<string>', // REQUIRED
            'AttributeValue' => [
            ],
        ],
        // ...
    ],
    'UserId' => '<string>', // REQUIRED
]);

Parameter Details

Members
IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

Operations
Required: Yes
Type: Array of AttributeOperation structures

A list of AttributeOperation objects to apply to the requested user. These operations might add, replace, or remove an attribute.

UserId
Required: Yes
Type: string

The identifier for a user in the identity store.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ResourceNotFoundException:

Indicates that a requested resource is not found.

ThrottlingException:

Indicates that the principal has crossed the throttling limits of the API operations.

AccessDeniedException:

You do not have sufficient access to perform this action.

ConflictException:

This request cannot be completed for one of the following reasons:

  • Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.

  • The requested resource was being concurrently modified by another request.

InternalServerException:

The request processing has failed because of an unknown error, exception or failure with an internal server.

ValidationException:

The request failed because it contains a syntax error.

ServiceQuotaExceededException:

The request would cause the number of users or groups in the identity store to exceed the maximum allowed.

Shapes

AccessDeniedException

Description

You do not have sufficient access to perform this action.

Members
Message
Type: string
RequestId
Type: string

The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.

Address

Description

The address associated with the specified user.

Members
Country
Type: string

The country of the address.

Formatted
Type: string

A string containing a formatted version of the address for display.

Locality
Type: string

A string of the address locality.

PostalCode
Type: string

The postal code of the address.

Primary
Type: boolean

A Boolean value representing whether this is the primary address for the associated resource.

Region
Type: string

The region of the address.

StreetAddress
Type: string

The street of the address.

Type
Type: string

A string representing the type of address. For example, "Home."

AlternateIdentifier

Description

A unique identifier for a user or group that is not the primary identifier. This value can be an identifier from an external identity provider (IdP) that is associated with the user, the group, or a unique attribute.

Members
ExternalId
Type: ExternalId structure

The identifier issued to this resource by an external identity provider.

UniqueAttribute
Type: UniqueAttribute structure

An entity attribute that's unique to a specific entity.

AttributeOperation

Description

An operation that applies to the requested group. This operation might add, replace, or remove an attribute.

Members
AttributePath
Required: Yes
Type: string

A string representation of the path to a given attribute or sub-attribute. Supports JMESPath.

AttributeValue
Type: document (null|bool|string|numeric) or an (array|associative array) whose members are all valid documents

The value of the attribute. This is a Document type. This type is not supported by Java V1, Go V1, and older versions of the CLI.

AttributeValue

Description

The value of the attribute. This is a Document type. This type is not supported by Java V1, Go V1, and older versions of the CLI.

Members

ConflictException

Description

This request cannot be completed for one of the following reasons:

  • Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.

  • The requested resource was being concurrently modified by another request.

Members
Message
Type: string
Reason
Type: string

This request cannot be completed for one of the following reasons:

  • Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.

  • The requested resource was being concurrently modified by another request.

RequestId
Type: string

The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.

Email

Description

The email address associated with the user.

Members
Primary
Type: boolean

A Boolean value representing whether this is the primary email address for the associated resource.

Type
Type: string

A string representing the type of address. For example, "Work."

Value
Type: string

A string containing an email address. For example, "johndoe@amazon.com."

ExternalId

Description

The identifier issued to this resource by an external identity provider.

Members
Id
Required: Yes
Type: string

The identifier issued to this resource by an external identity provider.

Issuer
Required: Yes
Type: string

The issuer for an external identifier.

Filter

Description

A query filter used by ListUsers and ListGroups. This filter object provides the attribute name and attribute value to search users or groups.

Members
AttributePath
Required: Yes
Type: string

The attribute path that is used to specify which attribute name to search. Length limit is 255 characters. For example, UserName is a valid attribute path for the ListUsers API, and DisplayName is a valid attribute path for the ListGroups API.

AttributeValue
Required: Yes
Type: string

Represents the data for an attribute. Each attribute value is described as a name-value pair.

Group

Description

A group object that contains the metadata and attributes for a specified group.

Members
Description
Type: string

A string containing a description of the specified group.

DisplayName
Type: string

The display name value for the group. The length limit is 1,024 characters. This value can consist of letters, accented characters, symbols, numbers, punctuation, tab, new line, carriage return, space, and nonbreaking space in this attribute. This value is specified at the time the group is created and stored as an attribute of the group object in the identity store.

ExternalIds
Type: Array of ExternalId structures

A list of ExternalId objects that contains the identifiers issued to this resource by an external identity provider.

GroupId
Required: Yes
Type: string

The identifier for a group in the identity store.

IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

GroupMembership

Description

Contains the identifiers for a group, a group member, and a GroupMembership object in the identity store.

Members
GroupId
Type: string

The identifier for a group in the identity store.

IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

MemberId
Type: MemberId structure

An object that contains the identifier of a group member. Setting the UserID field to the specific identifier for a user indicates that the user is a member of the group.

MembershipId
Type: string

The identifier for a GroupMembership object in an identity store.

GroupMembershipExistenceResult

Description

Indicates whether a resource is a member of a group in the identity store.

Members
GroupId
Type: string

The identifier for a group in the identity store.

MemberId
Type: MemberId structure

An object that contains the identifier of a group member. Setting the UserID field to the specific identifier for a user indicates that the user is a member of the group.

MembershipExists
Type: boolean

Indicates whether a membership relation exists or not.

InternalServerException

Description

The request processing has failed because of an unknown error, exception or failure with an internal server.

Members
Message
Type: string
RequestId
Type: string

The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.

RetryAfterSeconds
Type: int

The number of seconds to wait before retrying the next request.

MemberId

Description

An object containing the identifier of a group member.

Members
UserId
Type: string

An object containing the identifiers of resources that can be members.

Name

Description

The full name of the user.

Members
FamilyName
Type: string

The family name of the user.

Formatted
Type: string

A string containing a formatted version of the name for display.

GivenName
Type: string

The given name of the user.

HonorificPrefix
Type: string

The honorific prefix of the user. For example, "Dr."

HonorificSuffix
Type: string

The honorific suffix of the user. For example, "M.D."

MiddleName
Type: string

The middle name of the user.

PhoneNumber

Description

The phone number associated with the user.

Members
Primary
Type: boolean

A Boolean value representing whether this is the primary phone number for the associated resource.

Type
Type: string

A string representing the type of a phone number. For example, "Mobile."

Value
Type: string

A string containing a phone number. For example, "8675309" or "+1 (800) 123-4567".

ResourceNotFoundException

Description

Indicates that a requested resource is not found.

Members
Message
Type: string
RequestId
Type: string

The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.

ResourceId
Type: string

The identifier for a resource in the identity store that can be used as UserId or GroupId. The format for ResourceId is either UUID or 1234567890-UUID, where UUID is a randomly generated value for each resource when it is created and 1234567890 represents the IdentityStoreId string value. In the case that the identity store is migrated from a legacy SSO identity store, the ResourceId for that identity store will be in the format of UUID. Otherwise, it will be in the 1234567890-UUID format.

ResourceType
Type: string

An enum object indicating the type of resource in the identity store service. Valid values include USER, GROUP, and IDENTITY_STORE.

ServiceQuotaExceededException

Description

The request would cause the number of users or groups in the identity store to exceed the maximum allowed.

Members
Message
Type: string
RequestId
Type: string

The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.

ThrottlingException

Description

Indicates that the principal has crossed the throttling limits of the API operations.

Members
Message
Type: string
RequestId
Type: string

The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.

RetryAfterSeconds
Type: int

The number of seconds to wait before retrying the next request.

UniqueAttribute

Description

An entity attribute that's unique to a specific entity.

Members
AttributePath
Required: Yes
Type: string

A string representation of the path to a given attribute or sub-attribute. Supports JMESPath.

AttributeValue
Required: Yes
Type: document (null|bool|string|numeric) or an (array|associative array) whose members are all valid documents

The value of the attribute. This is a Document type. This type is not supported by Java V1, Go V1, and older versions of the CLI.

User

Description

A user object that contains the metadata and attributes for a specified user.

Members
Addresses
Type: Array of Address structures

A list of Address objects containing addresses associated with the user.

DisplayName
Type: string

A string containing the name of the user that is formatted for display when the user is referenced. For example, "John Doe."

Emails
Type: Array of Email structures

A list of Email objects containing email addresses associated with the user.

ExternalIds
Type: Array of ExternalId structures

A list of ExternalId objects that contains the identifiers issued to this resource by an external identity provider.

IdentityStoreId
Required: Yes
Type: string

The globally unique identifier for the identity store.

Locale
Type: string

A string containing the geographical region or location of the user.

Name
Type: Name structure

An object containing the name of the user.

NickName
Type: string

A string containing an alternate name for the user.

PhoneNumbers
Type: Array of PhoneNumber structures

A list of PhoneNumber objects containing phone numbers associated with the user.

PreferredLanguage
Type: string

A string containing the preferred language of the user. For example, "American English" or "en-us."

ProfileUrl
Type: string

A string containing a URL that might be associated with the user.

Timezone
Type: string

A string containing the time zone of the user.

Title
Type: string

A string containing the title of the user. Possible values are left unspecified. The value can vary based on your specific use case.

UserId
Required: Yes
Type: string

The identifier for a user in the identity store.

UserName
Type: string

A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.

UserType
Type: string

A string indicating the type of user. Possible values are left unspecified. The value can vary based on your specific use case.

ValidationException

Description

The request failed because it contains a syntax error.

Members
Message
Type: string
RequestId
Type: string

The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.