Overview
This article explains whether a complete user profile can be retrieved/exported using a single API endpoint, as observed in the Raw JSON tab.
Cause
Solution
There is no single API endpoint to get the complete user profile. The GET /api/v2/users Management API endpoint retrieves the user’s profile, including metadata and multifactor attributes: List or search users
The only information not available is the user’s password hash and the enrolled MFA factors.
For the MFA methods , the alternative would be to use an undocumented endpoint: /api/v2/users/:id/authenticators . This will return an array of all the MFA factors a user is enrolled in.
An example to get this information for each user with a request like the following
curl --location --request GET '[https://YOUR-TENANT-DOMAIN/api/v2/users/{](https://your-tenant-domain/api/v2/users/%7B)url-encoded-user_id}/authenticators' \ --header 'Authorization: Bearer eyJ...'
This method needs to loop through all user_ids to get the enrolled factor for all users.
While planning to make a series of requests to get this information for all users, make sure to stay within the rate limits for the Management APIv2: Rate Limit Policy
The Engineering team can manually export the MFA methods, but this is not supported on a periodic basis. This request can be raised via a support case with the case details.
While performing bulk export, make sure to specify each metadata field to be included in the export to fetch the user_metadata information. The bulk export job/extension should export the specified fields.
This is explained with an example here for a Bulk export job: Include user metadata in exported CSV
Even in the case of bulk export, the user’s password hash and the MFA factors enrolled information are not available and need to be performed as explained above.
In addition, the roles assigned to a user are not part of the raw JSON, but the GET /api/v2/users/{id}/roles Management API endpoint can be leveraged to pull down the roles for each user in the export: Get a user’s roles
This will be similar to getting MFA enrollments for user profiles, so making a series of requests to get this information for all users, make sure to stay within the rate limits for the Management APIv2: Rate Limit Policy