Users
Create, modify, and delete users in AuthN
Create a user
To create a user:
- In the Pangea Console , click AuthN.
- In the left navigation panel, click Users.
- Click the + New button.
- Click Create User.
- Fill in the information for the user:
- Username
- Email address
- First Name
- Last Name
- Phone Number
- Click Save.
Username and email are required when creating users via the AuthN Create a User modal. To address backwards compatibility, you may notice in AuthN >> Users that users created before the username field was implemented will have their email value duplicated in this field since it is required.
Import users
Import users in bulk by uploading a CSV where rows are the individual users.
Each CSV file can be a maximum of 50GB. To upload a CSV that is more than 50GB, split the file into files that are smaller than 50GB and upload each file separately.
To import users:
-
In the Pangea Console , click AuthN.
-
In the left navigation panel, click Users.
-
Click + New.
-
Click Import Users.
-
An Import users modal opens.
-
Click Import CSV. A file selector opens.
-
Navigate to your User CSV file, select it, and then click Upload.
-
A modal displays to map the CSV values (left) to AuthN user information (right). Map the fields, and then click Import.
- If you are importing user passwords as well, map the password field to the password_hash parameter and then select a Hash Algorithm for the password hash. Passwords can also be imported via the
importAPI endpoint.
Available hash algorithms:
- MD5
- SHA1
- SHA256
- SHA512
- BCRYPT
- PBKDF2
- ARGON2
- SCRYPT
- FIREBASE-SCRYPT
- If you are importing user passwords as well, map the password field to the password_hash parameter and then select a Hash Algorithm for the password hash. Passwords can also be imported via the
-
AuthN then uploads the users. Once AuthN completes the import task, a report displays with the number of successful records imported, the number of records skipped, and the number of failed records.
-
Click Import CSV to continue importing users, or click Done.
At their next authentication, imported users will be required to complete the enrollment process. At a minimum, this will include resetting their password, but could also include MFA enrollment.
If you import a CSV file multiple times, existing users do not get overwritten. Any users with duplicate email addresses are skipped and only users with unique email addresses are processed.
View user details
To view users, click on Users in the left-hand navigation menu. A user table with various informative columns will appear. The columns include user details like:
- First name
- Last name
- Username
- Status
- Last login
- Auth method
- MFA
- Phone
Edit user details
To edit a user’s information:
- Click Users on the left-hand navigation menu.
- Click on the user to modify.
- Click the menu button in the dialog box that displays.
- Click Update.
- A dialog will appear. Here you can edit:
- First Name
- Last Name
- Phone Number
- MFA requirements
- The option to disable the user
- Click Save.
Force password expiration
There may be instances in which you or an administrator of your application need to prompt users to change their passwords, due to a new security policy, a data breach, or any other reasons. In such cases, those with admin access can force individual user passwords to expire, prompting a password reset flow upon the user's next successful login.
Steps to expire user passwords
- The password expiration flow must be performed by an administrator.
- These steps assume you have selected
passwordas your primary method of authentication in AuthN. If not, or for more information, please visit our documentation on primary authentication before proceeding.
- Log into your Pangea User Console (PUC), and navigate to the AuthN tab on the left.
- Select Users, then find the user you wish to expire the password for.
- Select the user’s name to open the side panel containing their details on the right.
- Click the three-dot icon to the right of their name in the panel, then select Expire password from the dropdown.
- Select the Expire button.
- Upon their next login, the user will be given a prompt to change their password. Admins do not have the ability to reset passwords for users directly; each user needs to authenticate their identity, which is achieved when they successfully login with their password and second factor.
Password force reset API
In addition to the manual steps above, we also provide an API endpoint dedicated to the password force expiration functionality as well. For more information, explore the API reference to try out the various endpoints and samples provided.
Password expiration endpoint: /v2/user/password/expire
Required token: Your Pangea AuthN Token, which can be found in your PUC under AuthN >> Overview in the Configuration Details section. The service-specific "Default Token" also has a copy button next to it for convenience.
Data fields: User ID
Potential results:
- 200 Ok - Success
- 400 Bad Request - The request failed for some reason - missing ID, invalid ID, etc.
- 401 Not Authorized - Wrong scope
Password force reset example
The following is a sample API request and response, demonstrating a successful response given the necessary domain, token, and user ID. When exploring our API reference, you would replace these with your own values for testing.
export PANGEA_DOMAIN="aws.us.pangea.cloud"
export PANGEA_AUTHN_TOKEN="pts_zi5orj...7c6c5l"
curl -sSLX POST "https://authn.$PANGEA_DOMAIN/v2/user/password/expire" \
-H "Authorization: Bearer $PANGEA_AUTHN_TOKEN" \
-H 'Content-Type: application/json' \
-d '{"id":"pui_xpkhwpnz2cmegsws737xbsqnmnuwtbm5"}'
Sample Success (200) Response:
{
"result": {},
"request_id": "prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd",
"request_time": "2022-09-21T17:24:33.105Z",
"response_time": "2022-09-21T17:24:34.007Z",
"status": "success"
}
Delete a user
To delete a user:
- Click Users on the left-hand navigation menu.
- Click on the user to modify.
- Click the menu button in the dialog box that displays.
- Click Delete.
- A dialog will appear. Click Delete to confirm deleting the user.
Was this article helpful?