This the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

    User Provisioning API

    The Provisioning API allows administrators to automate creating and provisioning user and service accounts, and enable Sysdig applications at scale for users.

    For example, you can programmatically onboard users and configure their accounts by using a method of your choice without having to verify their email addresses.

    The two primary flows for add passwords are:

    Provision a user that is a real person:

    1. Create the user
    2. Leave the password blank
    3. Tell the user to login and reset the password

    Provision a user as a service account, someone that doesn’t login

    1. Create the user
    2. Put a password in that only the admin knows, or is stored in something like Vault
    3. Use that password to build an api service without ever logging in

    Prerequisites

    • Requires Administrator permissions (the admin role).

    • An API client is installed.

      The examples in this topic use simple HTTP calls.

    Overview

    When this API call is made, the following happens:

    • If the call is successful, the user is created as specified.

    • The user is added to the default team with the role defined in the team.

    REST Resource: Provisioning

    POST /api/user/provisioning/
    Authorization: {{token}}
    Content-Type: application/json
    
    {
       "username": "user@company",
    }
    

    See Sysdig REST API Conventions for generic conventions and authentication.

    Request Parameters

    Field

    Description

    Username

    (mandatory)

    String

    The username should be in the format of an email address. The email address need not be functional.

    Password

    (optional)

    String

    The password associated with the username you have provided.

    First and Last Name

    (optional)

    String

    The first and last name of the account.

    Response Parameters

    FieldDescription
    User dataThe user data such as user plan.
    TokenThe unique token string association with the user created.

    Sample Request: REST

    REST

    POST /api/user/provisioning/
    Authorization: {{token}}
    Content-Type: application/json
    
    {
       "username": "testuser@company",
    }
    

    Python SDK

    from <sdc_url> import SdMonitorClient
    
    api_token = "<your_api_token>"
    
    client = SdMonitorClient(token=api_token,sdc_url="https://app-staging.sysdigcloud.com")
    
    ok, user = client.create_user(user_email='test2user@company')
    
    if ok:
      print(user['token'])
    

    Sample Response

    The response consists of a standard user model response and the API token for the user.

    {
    
      "user": {
    
    ...<user data: ...see JSON Representation>
    
      },
      "token": {
    
        "key": "<user_key>"
      }
    }
    

    JSON Representation

    The samples given below describes the user Provisioning API response in JSON format.

    HTTP/1.1 201 Created
    Content-Type: application/json;charset=utf-8
    Transfer-Encoding: chunked
    Connection: close
    Date: Mon, 01 Feb 2021 17:55:02 GMT
    Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Accept-Encoding, User-Agent
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 1; mode=block
    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
    Pragma: no-cache
    Expires: 0
    X-Frame-Options: DENY
    Content-Encoding: gzip
    Strict-Transport-Security: max-age=15768000
    Set-Cookie: INGRESSCOOKIEAPI=0190df6e720daaa9; path=/; HttpOnly
    X-Cache: Miss from cloudfront
    Via: 1.1 3b6239c61689b2727182c34a97307648.cloudfront.net (CloudFront)
    X-Amz-Cf-Pop: BUD50-C1
    X-Amz-Cf-Id: MM6SIVal3FXYfjQ4Z0ohK76GCZBa4DBhxQg5AHwRVOMkhcgjbx4OhA==
    
    {
    
      "user": {
    
        "termsAndConditions": false,
        "timezone": "+00:00",
        "pictureUrl": "http://www.gravatar.com/avatar/fec77cc55cf4ba4176609cfec69a25d6",
        "customerSettings": {
    
          "sysdig": {
    
            "enabled": false,
            "enabledSSE": false,
            "buckets": []
          },
          "plan": {
    
            "maxAgents": 0,
            "onDemandAgents": 0,
            "maxTeams": -1,
            "timelines": [
    
              {
    
                "from": null,
                "to": null,
                "sampling": 10000000
              },
              {
    
                "from": null,
                "to": null,
                "sampling": 60000000
              },
              {
    
                "from": null,
                "to": null,
                "sampling": 600000000
              },
              {
    
                "from": null,
                "to": null,
                "sampling": 3600000000
              },
              {
    
                "from": null,
                "to": null,
                "sampling": 86400000000
              }
            ],
            "metricsSettings": {
    
              "enforce": false,
              "showExperimentals": false,
              "limits": {
    
                "jmx": 500,
                "statsd": 1000,
                "appCheck": 500,
                "prometheus": 1000,
                "prometheusPerProcess": 500,
                "connections": 80,
                "progAggregationCount": 12,
                "appCheckAggregationCount": 12,
                "promMetricsWeight": 0.0,
                "topFilesCount": 10,
                "topDevicesCount": 10,
                "hostServerPorts": 10,
                "containerServerPorts": 5,
                "limitKubernetesResources": false,
                "kubernetesPods": 10000,
                "kubernetesJobs": 10000,
                "containerDensity": 200,
                "meerkatSuited": false
              },
              "enforceAgentAggregation": false,
              "enablePromCalculatedIngestion": true
            },
            "secureEnabled": true,
            "monitorEnabled": true,
            "allocatedAgentsCount": 25,
            "subscriptionState": "active",
            "paymentsIntegrationId": {
    
              "id": "19656859",
              "ttl": {
    
                "ttl": 3
              }
            },
            "pricingPlan": "pro",
            "indirectCustomer": true,
            "trialPlanName": "monitor-14",
            "partner": "None",
            "overageAssessmentEligible": true
          },
          "environment": {}
        },
        "customer": {
    
          "id": 1,
          "name": "sdc-admin",
          "accessKey": "7a412697-3ac6-421a-a901-0d07c2eb6071",
          "externalId": "a6742502-9cf0-4595-a9d4-8247bd29c6a0",
          "dateCreated": 1428687374000
        },
        "oauth": false,
        "agentInstallParams": {
    
          "accessKey": "7a412697-3ac6-421a-a901-0d07c2eb6071",
          "collectorAddress": "collector-static.sysdigcloud.com",
          "collectorPort": 6443,
          "checkCertificate": true,
          "sslEnabled": true
        },
        "properties": {
    
          "has_been_invited": true
        },
        "resetPassword": false,
        "additionalRoles": [],
        "teamRoles": [
    
          {
    
            "teamId": 2674,
            "teamName": "Full Infrastructure",
            "teamTheme": "#7BB0B2",
            "userId": 48199,
            "userName": "testuser@company",
            "role": "ROLE_TEAM_EDIT",
            "admin": false
          }
        ],
        "lastUpdated": 1612202103000,
        "dateActivated": 1612202103000,
        "accessKey": "7a412697-3ac6-421a-a901-0d07c2eb6071",
        "intercomUserIdHash": "80d29ebc391c94718fc0fb28f3d80df973741fb1765675fd69420cf314ed2cdf",
        "uniqueIntercomUserId": "48199.a6742502-9cf0-4595-a9d4-8247bd29c6a0",
        "enabled": false,
        "version": 1,
        "id": 48199,
        "products": [
    
          "SDC"
        ],
        "systemRole": "ROLE_USER",
        "username": "testuser@company",
        "status": "registered",
        "dateCreated": 1612202103000
      },
      "token": {
    
        "key": "<user_key>"
      }
    }
    
    
    

    Example Account Creation without Activation Email

    Sample Curl Command

    curl -k -XPOST -H 'Authorization: Bearer 69a4a069-f743-4f3b-a441-4e9424011ae2' \
      -H 'Content-Type: application/json' \
      -d '{"username": "andrew.d+1@sysdig.com", "password": "abc123"}' \
      https://sysdig.f.lan:30001/api/user/provisioning/
    

    Sample Result

    {
       "user":{
          "termsAndConditions":true,
          "timezone":"+00:00",
          "pictureUrl":"http://www.gravatar.com/avatar/4b760b68a17be552fcc8b04503af80ca",
          "customerSettings":{
             "sysdig":{
                "enabled":false,
                "enabledSSE":false,
                "buckets":[
                   
                ]
             },
             "plan":{
                "maxAgents":50,
                "onDemandAgents":0,
                "maxTeams":-1,
                "timelines":[
                   {
                      "from":null,
                      "to":null,
                      "sampling":10000000
                   },
                   {
                      "from":null,
                      "to":null,
                      "sampling":60000000
                   },
                   {
                      "from":null,
                      "to":null,
                      "sampling":600000000
                   },
                   {
                      "from":null,
                      "to":null,
                      "sampling":3600000000
                   },
                   {
                      "from":null,
                      "to":null,
                      "sampling":86400000000
                   }
                ],
                "metricsSettings":{
                   "enforce":false,
                   "showExperimentals":false,
                   "limits":{
                      "jmx":500,
                      "statsd":1000,
                      "appCheck":500,
                      "prometheus":1000,
                      "prometheusPerProcess":500,
                      "connections":80,
                      "progAggregationCount":12,
                      "appCheckAggregationCount":12,
                      "promMetricsWeight":0.0,
                      "topFilesCount":10,
                      "topDevicesCount":10,
                      "hostServerPorts":10,
                      "containerServerPorts":5,
                      "limitKubernetesResources":false,
                      "kubernetesPods":10000,
                      "kubernetesJobs":10000,
                      "containerDensity":200,
                      "meerkatSuited":false
                   },
                   "enforceAgentAggregation":true,
                   "enablePromScrapeV2":true
                },
                "secureEnabled":true,
                "monitorEnabled":true,
                "allocatedAgentsCount":15,
                "paymentsIntegrationId":{
                   "id":"not migrated",
                   "ttl":{
                      "ttl":50
                   }
                },
                "pricingPlan":"onpremise",
                "indirectCustomer":false,
                "trialPlanName":"monitor-14",
                "partner":"None",
                "trackingCustomerId":"001j000000nA0ICAA0",
                "licenseExpirationDate":1677888000000,
                "migratedToV2Direct":false,
                "overageAssessmentEligible":false
             },
             "environment":{
                
             }
          },
          "customer":{
             "id":1,
             "name":"andrew_dean_lab7a",
             "accessKey":"87cfcbbf-b0a8-47ee-afcb-f7b6eab7e53d",
             "externalId":"a79da4ff-c11d-44a7-9024-2da0f75d3e6b",
             "dateCreated":1646363720071
          },
          "oauth":false,
          "agentInstallParams":{
             "accessKey":"87cfcbbf-b0a8-47ee-afcb-f7b6eab7e53d",
             "collectorAddress":"sysdig.f.lan",
             "collectorPort":6443,
             "checkCertificate":true,
             "sslEnabled":true
          },
          "properties":{
             "has_been_invited":true
          },
          "resetPassword":false,
          "additionalRoles":[
             
          ],
          "teamRoles":[
             {
                "teamId":2,
                "teamName":"Secure Operations",
                "teamTheme":"#7BB0B2",
                "userId":3,
                "userName":"andrew.d+1@sysdig.com",
                "role":"ROLE_TEAM_EDIT",
                "admin":false
             }
          ],
          "lastUpdated":1647395152277,
          "dateActivated":1647395152231,
          "accessKey":"87cfcbbf-b0a8-47ee-afcb-f7b6eab7e53d",
          "intercomUserIdHash":"0bd0606ccad9e877024d6f11a371663a1c3134b7660a3419f1b15dda844cfe45",
          "uniqueIntercomUserId":"3.a79da4ff-c11d-44a7-9024-2da0f75d3e6b",
          "enabled":true,
          "version":1,
          "status":"confirmed",
          "systemRole":"ROLE_USER",
          "products":[
             "SDS"
          ],
          "username":"andrew.d+1@sysdig.com",
          "dateCreated":1647395152238,
          "name":"andrew.d+1@sysdig.com",
          "id":3
       },
       "token":{
          "key":"61d42285-5f36-4cc9-82da-b124ede9434d"
       }
    }