Users - Create
Materialize an existing AAD or MSA user into the VSTS account.
NOTE: Created users are not active in an account unless they have been explicitly assigned a parent group at creation time or have signed in and been autolicensed through AAD group memberships.
Adding a user to an account is required before the user can be added to VSTS groups or assigned an asset.
The body of the request must be a derived type of GraphUserCreationContext:
- GraphUserMailAddressCreationContext - Create a new user using the mail address as a reference to an existing user from an external AD or AAD backed provider.
- GraphUserOriginIdCreationContext - Create a new user using the OriginID as a reference to an existing user from an external AD or AAD backed provider.
- GraphUserPrincipalNameCreationContext - Create a new user using the principal name as a reference to an existing user from an external AD or AAD backed provider.
If the user to be added corresponds to a user that was previously deleted, then that user will be restored.
Optionally, you can add the newly created user as a member of an existing VSTS group and/or specify a custom storage key for the user.
POST https://vssps.dev.azure.com/{organization}/_apis/graph/users?api-version=4.1-preview.1
POST https://vssps.dev.azure.com/{organization}/_apis/graph/users?groupDescriptors={groupDescriptors}&api-version=4.1-preview.1
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
organization
|
path | True |
string |
The name of the Azure DevOps organization. |
api-version
|
query | True |
string |
Version of the API to use. This should be set to '4.1-preview.1' to use this version of the api. |
group
|
query |
string array (string) |
A comma separated list of descriptors of groups you want the graph user to join |
Request Body
Name | Type | Description |
---|---|---|
storageKey |
string |
Optional: If provided, we will use this identifier for the storage key of the created user |
Responses
Name | Type | Description |
---|---|---|
200 OK |
successful operation |
Security
accessToken
Personal access token. Use any value for the user name and the token as the password.
Type:
basic
Examples
Add a MSA user by UPN |
Add an AAD user as member of a group |
Add an AAD user by OID |
Add an AAD user by UPN |
Add an AAD user with a custom storage key |
Add a MSA user by UPN
Sample Request
POST https://vssps.dev.azure.com/fabrikam/_apis/graph/users?api-version=4.1-preview.1
{
"principalName": "fabrikamfiber4@hotmail.com"
}
Sample Response
{
"subjectKind": "user",
"metaType": "guest",
"cuid": "afd336dd-e80c-61eb-8ebd-833631ba05c6",
"domain": "45aa3d2d-7442-473d-b4d3-3c670da9dd96",
"principalName": "fabrikamfiber4@hotmail.com",
"mailAddress": "fabrikamfiber4@hotmail.com",
"origin": "aad",
"originId": "ddddb7d1-2de3-4bab-98b6-ddcc994e964d",
"displayName": "Jamal Hartnett",
"_links": {
"self": {
"href": "https://vssps.dev.azure.com/fabrikam/_apis/graph/users/TWljcm9zb2Z0LklkZW50aXR5TW9kZWwuQ2xhaW1zLkNsYWltc0lkZW50aXR5OzQ1YWEzZDJkLTc0NDItNDczZC1iNGQzLTNjNjcwZGE5ZGQ5NlxmYWJyaWthbWZpYmVyNEBob3RtYWlsLmNvbQ"
},
"memberships": {
"href": "https://vssps.dev.azure.com/fabrikam/_apis/graph/memberships/TWljcm9zb2Z0LklkZW50aXR5TW9kZWwuQ2xhaW1zLkNsYWltc0lkZW50aXR5OzQ1YWEzZDJkLTc0NDItNDczZC1iNGQzLTNjNjcwZGE5ZGQ5NlxmYWJyaWthbWZpYmVyNEBob3RtYWlsLmNvbQ"
}
},
"url": "https://vssps.dev.azure.com/fabrikam/_apis/graph/users/TWljcm9zb2Z0LklkZW50aXR5TW9kZWwuQ2xhaW1zLkNsYWltc0lkZW50aXR5OzQ1YWEzZDJkLTc0NDItNDczZC1iNGQzLTNjNjcwZGE5ZGQ5NlxmYWJyaWthbWZpYmVyNEBob3RtYWlsLmNvbQ",
"descriptor": "TWljcm9zb2Z0LklkZW50aXR5TW9kZWwuQ2xhaW1zLkNsYWltc0lkZW50aXR5OzQ1YWEzZDJkLTc0NDItNDczZC1iNGQzLTNjNjcwZGE5ZGQ5NlxmYWJyaWthbWZpYmVyNEBob3RtYWlsLmNvbQ"
}
Add an AAD user as member of a group
Sample Request
POST https://vssps.dev.azure.com/fabrikam/_apis/graph/users?groupDescriptors=TWljcm9zb2Z0LlRlYW1Gb3VuZGF0aW9uLklkZW50aXR5O1MtMS05LTE1NTEzNzQyNDUtNDI4NzE1MDg5LTI0ODk3NTM0MTMtMjc5MTIyNzA3NS0yNDUyNDc1MzktMS0xMTA3OTI1OTgzLTM5OTYxMTQyNDYtMjMyNjM2MDQzOS0zMTk0NjAxNzQ5&api-version=4.1-preview.1
{
"principalName": "jtseng@vscsi.us"
}
Sample Response
{
"subjectKind": "user",
"cuid": "00470e34-da61-6a69-bd96-487a849ec558",
"domain": "45aa3d2d-7442-473d-b4d3-3c670da9dd96",
"principalName": "jtseng@vscsi.us",
"mailAddress": "jtseng@vscsi.us",
"origin": "aad",
"originId": "55c8c7b6-7ace-43bc-918f-304dfa2b6317",
"displayName": "Jia-hao Tseng",
"_links": {
"self": {
"href": "https://vssps.dev.azure.com/fabrikam/_apis/graph/users/TWljcm9zb2Z0LklkZW50aXR5TW9kZWwuQ2xhaW1zLkNsYWltc0lkZW50aXR5OzQ1YWEzZDJkLTc0NDItNDczZC1iNGQzLTNjNjcwZGE5ZGQ5NlxqdHNlbmdAdnNjc2kudXM"
},
"memberships": {
"href": "https://vssps.dev.azure.com/fabrikam/_apis/graph/memberships/TWljcm9zb2Z0LklkZW50aXR5TW9kZWwuQ2xhaW1zLkNsYWltc0lkZW50aXR5OzQ1YWEzZDJkLTc0NDItNDczZC1iNGQzLTNjNjcwZGE5ZGQ5NlxqdHNlbmdAdnNjc2kudXM"
}
},
"url": "https://vssps.dev.azure.com/fabrikam/_apis/graph/users/TWljcm9zb2Z0LklkZW50aXR5TW9kZWwuQ2xhaW1zLkNsYWltc0lkZW50aXR5OzQ1YWEzZDJkLTc0NDItNDczZC1iNGQzLTNjNjcwZGE5ZGQ5NlxqdHNlbmdAdnNjc2kudXM",
"descriptor": "TWljcm9zb2Z0LklkZW50aXR5TW9kZWwuQ2xhaW1zLkNsYWltc0lkZW50aXR5OzQ1YWEzZDJkLTc0NDItNDczZC1iNGQzLTNjNjcwZGE5ZGQ5NlxqdHNlbmdAdnNjc2kudXM"
}
Add an AAD user by OID
Sample Request
POST https://vssps.dev.azure.com/fabrikam/_apis/graph/users?api-version=4.1-preview.1
{
"originId": "e97b0e7f-0a61-41ad-860c-748ec5fcb20b"
}
Sample Response
{
"subjectKind": "user",
"cuid": "62a9f1bd-6a09-6642-93a0-01d15fd46498",
"domain": "45aa3d2d-7442-473d-b4d3-3c670da9dd96",
"principalName": "CPotra@vscsi.us",
"mailAddress": "CPotra@vscsi.us",
"origin": "aad",
"originId": "e97b0e7f-0a61-41ad-860c-748ec5fcb20b",
"displayName": "Cristina Potra",
"_links": {
"self": {
"href": "https://vssps.dev.azure.com/fabrikam/_apis/graph/users/TWljcm9zb2Z0LklkZW50aXR5TW9kZWwuQ2xhaW1zLkNsYWltc0lkZW50aXR5OzQ1YWEzZDJkLTc0NDItNDczZC1iNGQzLTNjNjcwZGE5ZGQ5NlxDUG90cmFAdnNjc2kudXM"
},
"memberships": {
"href": "https://vssps.dev.azure.com/fabrikam/_apis/graph/memberships/TWljcm9zb2Z0LklkZW50aXR5TW9kZWwuQ2xhaW1zLkNsYWltc0lkZW50aXR5OzQ1YWEzZDJkLTc0NDItNDczZC1iNGQzLTNjNjcwZGE5ZGQ5NlxDUG90cmFAdnNjc2kudXM"
}
},
"url": "https://vssps.dev.azure.com/fabrikam/_apis/graph/users/TWljcm9zb2Z0LklkZW50aXR5TW9kZWwuQ2xhaW1zLkNsYWltc0lkZW50aXR5OzQ1YWEzZDJkLTc0NDItNDczZC1iNGQzLTNjNjcwZGE5ZGQ5NlxDUG90cmFAdnNjc2kudXM",
"descriptor": "TWljcm9zb2Z0LklkZW50aXR5TW9kZWwuQ2xhaW1zLkNsYWltc0lkZW50aXR5OzQ1YWEzZDJkLTc0NDItNDczZC1iNGQzLTNjNjcwZGE5ZGQ5NlxDUG90cmFAdnNjc2kudXM"
}
Add an AAD user by UPN
Sample Request
POST https://vssps.dev.azure.com/fabrikam/_apis/graph/users?api-version=4.1-preview.1
{
"principalName": "jtseng@vscsi.us"
}
Sample Response
{
"subjectKind": "user",
"cuid": "00470e34-da61-6a69-bd96-487a849ec558",
"domain": "45aa3d2d-7442-473d-b4d3-3c670da9dd96",
"principalName": "jtseng@vscsi.us",
"mailAddress": "jtseng@vscsi.us",
"origin": "aad",
"originId": "55c8c7b6-7ace-43bc-918f-304dfa2b6317",
"displayName": "Jia-hao Tseng",
"_links": {
"self": {
"href": "https://vssps.dev.azure.com/fabrikam/_apis/graph/users/TWljcm9zb2Z0LklkZW50aXR5TW9kZWwuQ2xhaW1zLkNsYWltc0lkZW50aXR5OzQ1YWEzZDJkLTc0NDItNDczZC1iNGQzLTNjNjcwZGE5ZGQ5NlxqdHNlbmdAdnNjc2kudXM"
},
"memberships": {
"href": "https://vssps.dev.azure.com/fabrikam/_apis/graph/memberships/TWljcm9zb2Z0LklkZW50aXR5TW9kZWwuQ2xhaW1zLkNsYWltc0lkZW50aXR5OzQ1YWEzZDJkLTc0NDItNDczZC1iNGQzLTNjNjcwZGE5ZGQ5NlxqdHNlbmdAdnNjc2kudXM"
}
},
"url": "https://vssps.dev.azure.com/fabrikam/_apis/graph/users/TWljcm9zb2Z0LklkZW50aXR5TW9kZWwuQ2xhaW1zLkNsYWltc0lkZW50aXR5OzQ1YWEzZDJkLTc0NDItNDczZC1iNGQzLTNjNjcwZGE5ZGQ5NlxqdHNlbmdAdnNjc2kudXM",
"descriptor": "TWljcm9zb2Z0LklkZW50aXR5TW9kZWwuQ2xhaW1zLkNsYWltc0lkZW50aXR5OzQ1YWEzZDJkLTc0NDItNDczZC1iNGQzLTNjNjcwZGE5ZGQ5NlxqdHNlbmdAdnNjc2kudXM"
}
Add an AAD user with a custom storage key
Sample Request
POST https://vssps.dev.azure.com/fabrikam/_apis/graph/users?api-version=4.1-preview.1
{
"originId": "27dbfced-5593-4756-98a3-913c39af7612",
"storageKey": "9b71f216-4c4f-6b74-a911-efb0fa9c777f"
}
Sample Response
{
"subjectKind": "user",
"cuid": "9b71f216-4c4f-6b74-a911-efb0fa9c777f",
"domain": "45aa3d2d-7442-473d-b4d3-3c670da9dd96",
"principalName": "JMcleod@vscsi.us",
"mailAddress": "JMcleod@vscsi.us",
"origin": "aad",
"originId": "27dbfced-5593-4756-98a3-913c39af7612",
"displayName": "Johnnie McLeod",
"_links": {
"self": {
"href": "https://vssps.dev.azure.com/fabrikam/_apis/graph/users/TWljcm9zb2Z0LklkZW50aXR5TW9kZWwuQ2xhaW1zLkNsYWltc0lkZW50aXR5OzQ1YWEzZDJkLTc0NDItNDczZC1iNGQzLTNjNjcwZGE5ZGQ5NlxKTWNsZW9kQHZzY3NpLnVz"
},
"memberships": {
"href": "https://vssps.dev.azure.com/fabrikam/_apis/graph/memberships/TWljcm9zb2Z0LklkZW50aXR5TW9kZWwuQ2xhaW1zLkNsYWltc0lkZW50aXR5OzQ1YWEzZDJkLTc0NDItNDczZC1iNGQzLTNjNjcwZGE5ZGQ5NlxKTWNsZW9kQHZzY3NpLnVz"
}
},
"url": "https://vssps.dev.azure.com/fabrikam/_apis/graph/users/TWljcm9zb2Z0LklkZW50aXR5TW9kZWwuQ2xhaW1zLkNsYWltc0lkZW50aXR5OzQ1YWEzZDJkLTc0NDItNDczZC1iNGQzLTNjNjcwZGE5ZGQ5NlxKTWNsZW9kQHZzY3NpLnVz",
"descriptor": "TWljcm9zb2Z0LklkZW50aXR5TW9kZWwuQ2xhaW1zLkNsYWltc0lkZW50aXR5OzQ1YWEzZDJkLTc0NDItNDczZC1iNGQzLTNjNjcwZGE5ZGQ5NlxKTWNsZW9kQHZzY3NpLnVz"
}
Definitions
Name | Description |
---|---|
Graph |
Graph user entity |
Graph |
Do not attempt to use this type to create a new user. Use one of the subclasses instead. This type does not contain sufficient fields to create a new user. |
Reference |
The class to represent a collection of REST reference links. |
GraphUser
Graph user entity
Name | Type | Description |
---|---|---|
_links |
This field contains zero or more interesting links about the graph subject. These links may be invoked to obtain additional relationships or more detailed information about this graph subject. |
|
cuid |
string |
The Consistently Unique Identifier of the subject |
descriptor |
string |
The descriptor is the primary way to reference the graph subject while the system is running. This field will uniquely identify the same graph subject across both Accounts and Organizations. |
displayName |
string |
This is the non-unique display name of the graph subject. To change this field, you must alter its value in the source provider. |
domain |
string |
This represents the name of the container of origin for a graph member. (For MSA this is "Windows Live ID", for AD the name of the domain, for AAD the tenantID of the directory, for VSTS groups the ScopeId, etc) |
legacyDescriptor |
string |
[Internal Use Only] The legacy descriptor is here in case you need to access old version IMS using identity descriptor. |
mailAddress |
string |
The email address of record for a given graph member. This may be different than the principal name. |
metaType |
string |
The meta type of the user in the origin, such as "member", "guest", etc. See UserMetaType for the set of possible values. |
origin |
string |
The type of source provider for the origin identifier (ex:AD, AAD, MSA) |
originId |
string |
The unique identifier from the system of origin. Typically a sid, object id or Guid. Linking and unlinking operations can cause this value to change for a user because the user is not backed by a different provider and has a different unique id in the new provider. |
principalName |
string |
This is the PrincipalName of this graph member from the source provider. The source provider may change this field over time and it is not guaranteed to be immutable for the life of the graph member by VSTS. |
subjectKind |
string |
This field identifies the type of the graph subject (ex: Group, Scope, User). |
url |
string |
This url is the full route to the source resource of this graph subject. |
GraphUserCreationContext
Do not attempt to use this type to create a new user. Use one of the subclasses instead. This type does not contain sufficient fields to create a new user.
Name | Type | Description |
---|---|---|
storageKey |
string |
Optional: If provided, we will use this identifier for the storage key of the created user |
ReferenceLinks
The class to represent a collection of REST reference links.
Name | Type | Description |
---|---|---|
links |
object |
The readonly view of the links. Because Reference links are readonly, we only want to expose them as read only. |
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for