Team User Management (v1)
Lets enterprise tenant administrators provision, update, and offboard team members from external identity systems such as SailPoint, Okta, or custom integrations. v1 splits the surface across two endpoints families:| Family | Path prefix | Purpose | Auth |
|---|---|---|---|
| Credential management | /team.v1.TeamManagementService/* | Create / list / delete API credentials (client_id + client_secret) | Browser session token (Bearer) |
| User management (REST) | /api/user/manage/v1/* | OAuth token + CRUD on team members | OAuth 2.0 Client Credentials access token (Bearer) |
Endpoints
Credential management (RPC, session token)
Create credential
Issue a
client_id + client_secret pair for an integrationList credentials
Inspect existing credentials and last-used timestamps
Delete credential
Permanently revoke a credential
User management (REST, OAuth access token)
Obtain access token
Exchange
client_id + client_secret for a 1-hour Bearer tokenList users
Page through team members with offset-based pagination
Get user
Look up a single team member by email
Create user
Add a new member; auto-creates the personal account if needed
Update user
Change a member’s status (
active / inactive) and/or roleQuickstart
See Quickstart for an end-to-end SailPoint-style flow: create a credential, mint an access token, list members.Operational notes
- Token caching: Cache the access token and reuse it for the full hour. Re-mint only when expired.
- Pagination:
limitdefaults to 100 and is capped at 1000. - URL encoding: Always URL-encode emails in path parameters (
john.doe%40example.com). - Roles:
owneris read-only via API.admin,member, andsuper_admincan be set on create/update. - Audit logging: All operations are logged for security review, including the body of create/update calls (with
client_secretredacted).