Zone-scoped user identifier. Defaults to the user's Keycard ID. When the provider has user_identifier_claim configured, the value is set from that claim at user creation time.
organization_id: string
Organization that owns this user
status: "active" | "disabled"
Status of the user. Disabled users cannot authenticate.
Accepts one of the following:
"active"
"disabled"
updated_at: string
Entity update timestamp
formatdate-time
zone_id: string
Zone this user belongs to
authenticated_at?: string
Date when the user was last authenticated
grant_count?: number
Delegated-grant count for this user. Populated only when expand[]=grant_count is set on the listing endpoint.
minimum0
issuer?: string
Issuer identifier of the identity provider
provider_id?: string
Reference to the identity provider. This field is undefined when the source identity provider is deleted but the user is not deleted.
role_assignments?: Array<RoleAssignment>
Role grants for this user within the zone. Populated only when expand[]=role-assignments is set on the listing endpoint.
role_id: string
ID of the assigned role
role_identifier: string
Opaque role identifier. Treated as an opaque identifier by the API and unique within a zone.
minLength1
maxLength255
scope: Scope | null
The resource this grant is scoped to, or null when the grant is unscoped (applies to the owning zone itself).
id: string
The ID of the scoped resource.
type: string
The kind of resource this grant is scoped to (e.g. zone).
session_count?: number
Session count for this user. Populated only when expand[]=session_count is set on the listing endpoint.
