User Provisioning API

The Provisioning API allows administrators to automate creating and provisioning user and service accounts, and enable Sysdig applications at scale for users.

For example, you can programmatically onboard users and configure their accounts by using a method of your choice without having to verify their email addresses.

The two primary flows for add passwords are:

Provision a user that is a real person:

  1. Create the user
  2. Leave the password blank
  3. Tell the user to login and reset the password

Provision a user as a service account, someone that doesn’t login

  1. Create the user
  2. Put a password in that only the admin knows, or is stored in something like Vault
  3. Use that password to build an api service without ever logging in

Prerequisites

  • Requires Administrator permissions (the admin role).

  • An API client is installed.

    The examples in this topic use simple HTTP calls.

Overview

When this API call is made, the following happens:

  • If the call is successful, the user is created as specified.

  • The user is added to the default team with the role defined in the team.

REST Resource: Provisioning

POST /api/user/provisioning/
Authorization: {{token}}
Content-Type: application/json

{
   "username": "user@company",
}

See Sysdig REST API Conventions for generic conventions and authentication.

Request Parameters

Field

Description

Username

(mandatory)

String

The username should be in the format of an email address. The email address need not be functional.

Password

(optional)

String

The password associated with the username you have provided.

First and Last Name

(optional)

String

The first and last name of the account.

Response Parameters

FieldDescription
User dataThe user data such as user plan.
TokenThe unique token string association with the user created.

Sample Request: REST

REST

POST /api/user/provisioning/
Authorization: {{token}}
Content-Type: application/json

{
   "username": "user@domain.tld",
}

Python SDK

from <sdc_url> import SdMonitorClient

api_token = "<your_api_token>"

client = SdMonitorClient(token=api_token,sdc_url="https://<backend-url>")

ok, user = client.create_user(user_email='user@domain.tld')

if ok:
  print(user['token'])

Sample Response

The response consists of a standard user model response and the API token for the user.

{

  "user": {

...<user data: ...see JSON Representation>

  },
  "token": {

    "key": "<user_key>"
  }
}

JSON Representation

The samples given below describes the user Provisioning API response in JSON format.

HTTP/1.1 201 Created
Content-Type: application/json;charset=utf-8
Transfer-Encoding: chunked
Connection: close
Date: Mon, 01 Feb 2021 17:55:02 GMT
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Encoding: gzip
Strict-Transport-Security: max-age=15768000
Set-Cookie: INGRESSCOOKIEAPI=0190df6e720daaa9; path=/; HttpOnly

{

  "user": {

    "termsAndConditions": false,
    "timezone": "+00:00",
    "pictureUrl": "http://www.gravatar.com/avatar/fec77cc55cf4ba4176609cfec69a25d6",
    "customerSettings": {

      "sysdig": {

        "enabled": false,
        "enabledSSE": false,
        "buckets": []
      },
      "plan": {

        "maxAgents": 0,
        "onDemandAgents": 0,
        "maxTeams": -1,
        "timelines": [

          {

            "from": null,
            "to": null,
            "sampling": 10000000
          },
          {

            "from": null,
            "to": null,
            "sampling": 60000000
          },
          {

            "from": null,
            "to": null,
            "sampling": 600000000
          },
          {

            "from": null,
            "to": null,
            "sampling": 3600000000
          },
          {

            "from": null,
            "to": null,
            "sampling": 86400000000
          }
        ],
        "metricsSettings": {

          "enforce": false,
          "showExperimentals": false,
          "limits": {

            "jmx": 500,
            "statsd": 1000,
            "appCheck": 500,
            "prometheus": 1000,
            "prometheusPerProcess": 500,
            "connections": 80,
            "progAggregationCount": 12,
            "appCheckAggregationCount": 12,
            "promMetricsWeight": 0.0,
            "topFilesCount": 10,
            "topDevicesCount": 10,
            "hostServerPorts": 10,
            "containerServerPorts": 5,
            "limitKubernetesResources": false,
            "kubernetesPods": 10000,
            "kubernetesJobs": 10000,
            "containerDensity": 200,
            "meerkatSuited": false
          },
          "enforceAgentAggregation": false,
          "enablePromCalculatedIngestion": true
        },
        "secureEnabled": true,
        "monitorEnabled": true,
        "allocatedAgentsCount": 25,
        "subscriptionState": "active",
        "paymentsIntegrationId": {

          "id": "19656859",
          "ttl": {

            "ttl": 3
          }
        },
        "pricingPlan": "pro",
        "indirectCustomer": true,
        "trialPlanName": "monitor-14",
        "partner": "None",
        "overageAssessmentEligible": true
      },
      "environment": {}
    },
    "customer": {

      "id": 1,
      "name": "sdc-admin",
      "accessKey": "7a41xxxx-xxxx-xxxx-xxxx-0d07c2ebxxxx",
      "externalId": "a674xxxx-xxxx-xxxx-xxxx-8247bd29xxxx",
      "dateCreated": 1428687374000
    },
    "oauth": false,
    "agentInstallParams": {

      "accessKey": "7a41xxxx-xxxx-xxxx-xxxx-0d07c2ebxxxx",
      "collectorAddress": "collector.domain.tld",
      "collectorPort": 6443,
      "checkCertificate": true,
      "sslEnabled": true
    },
    "properties": {

      "has_been_invited": true
    },
    "resetPassword": false,
    "additionalRoles": [],
    "teamRoles": [

      {

        "teamId": 2674,
        "teamName": "Full Infrastructure",
        "teamTheme": "#7BB0B2",
        "userId": 48199,
        "userName": "user@domain.tld",
        "role": "ROLE_TEAM_EDIT",
        "admin": false
      }
    ],
    "lastUpdated": 1612202103000,
    "dateActivated": 1612202103000,
    "accessKey": "7a41xxxx-xxxx-xxxx-xxxx-0d07c2ebxxxx",
    "enabled": false,
    "version": 1,
    "id": 48199,
    "products": [

      "SDC"
    ],
    "systemRole": "ROLE_USER",
    "username": "user@domain.tld",
    "status": "registered",
    "dateCreated": 1612202103000
  },
  "token": {

    "key": "<user_key>"
  }
}

Example Account Creation without Activation Email

Sample Curl Command

curl -k -XPOST -H 'Authorization: Bearer 69a4xxxx-xxxx-xxxx-xxxx-4e942401xxxx' \
  -H 'Content-Type: application/json' \
  -d '{"username": "user@domain.tld", "password": "abc123"}' \
  https://<backend-url>/api/user/provisioning/

Sample Result

{
   "user":{
      "termsAndConditions":true,
      "timezone":"+00:00",
      "pictureUrl":"http://www.gravatar.com/avatar/4b760b68a17be552fcc8b04503af80ca",
      "customerSettings":{
         "sysdig":{
            "enabled":false,
            "enabledSSE":false,
            "buckets":[
               
            ]
         },
         "plan":{
            "maxAgents":50,
            "onDemandAgents":0,
            "maxTeams":-1,
            "timelines":[
               {
                  "from":null,
                  "to":null,
                  "sampling":10000000
               },
               {
                  "from":null,
                  "to":null,
                  "sampling":60000000
               },
               {
                  "from":null,
                  "to":null,
                  "sampling":600000000
               },
               {
                  "from":null,
                  "to":null,
                  "sampling":3600000000
               },
               {
                  "from":null,
                  "to":null,
                  "sampling":86400000000
               }
            ],
            "metricsSettings":{
               "enforce":false,
               "showExperimentals":false,
               "limits":{
                  "jmx":500,
                  "statsd":1000,
                  "appCheck":500,
                  "prometheus":1000,
                  "prometheusPerProcess":500,
                  "connections":80,
                  "progAggregationCount":12,
                  "appCheckAggregationCount":12,
                  "promMetricsWeight":0.0,
                  "topFilesCount":10,
                  "topDevicesCount":10,
                  "hostServerPorts":10,
                  "containerServerPorts":5,
                  "limitKubernetesResources":false,
                  "kubernetesPods":10000,
                  "kubernetesJobs":10000,
                  "containerDensity":200,
                  "meerkatSuited":false
               },
               "enforceAgentAggregation":true,
               "enablePromScrapeV2":true
            },
            "secureEnabled":true,
            "monitorEnabled":true,
            "allocatedAgentsCount":15,
            "paymentsIntegrationId":{
               "id":"not migrated",
               "ttl":{
                  "ttl":50
               }
            },
            "pricingPlan":"onpremise",
            "indirectCustomer":false,
            "trialPlanName":"monitor-14",
            "partner":"None",
            "licenseExpirationDate":1677888000000,
            "migratedToV2Direct":false,
            "overageAssessmentEligible":false
         },
         "environment":{
            
         }
      },
      "customer":{
         "id":1,
         "name":"<company-name>",
         "accessKey":"87cfxxxx-xxxx-xxxx-xxxx-f7b6eab7xxxx",
         "externalId":"a79dxxxx-xxxx-xxxx-xxxx-2da0f75dxxxx",
         "dateCreated":1646363720071
      },
      "oauth":false,
      "agentInstallParams":{
         "accessKey":"87cfxxxx-xxxx-xxxx-xxxx-f7b6eab7xxxx",
         "collectorAddress":"collector.domain.tld",
         "collectorPort":6443,
         "checkCertificate":true,
         "sslEnabled":true
      },
      "properties":{
         "has_been_invited":true
      },
      "resetPassword":false,
      "additionalRoles":[
         
      ],
      "teamRoles":[
         {
            "teamId":2,
            "teamName":"Secure Operations",
            "teamTheme":"#7BB0B2",
            "userId":3,
            "userName":"user@domain.tld",
            "role":"ROLE_TEAM_EDIT",
            "admin":false
         }
      ],
      "lastUpdated":1647395152277,
      "dateActivated":1647395152231,
      "accessKey":"87cfxxxx-xxxx-xxxx-xxxx-f7b6eab7xxxx",
      "enabled":true,
      "version":1,
      "status":"confirmed",
      "systemRole":"ROLE_USER",
      "products":[
         "SDS"
      ],
      "username":"user@domain.tld",
      "dateCreated":1647395152238,
      "name":"user@domain.tld",
      "id":3
   },
   "token":{
      "key":"<user_key>"
   }
}