API Overview

User Management Tasks

To manage Adobe users in your organization, your applications can use the User Management API to create, update, and delete user accounts of different identity types. For a complete discussion of the different account types, see Identity Types.

You can use the API to perform a variety of user-management tasks:

  • Update user information associated with an Enterprise ID or Federated ID account that is managed by your organization. Adobe ID accounts are managed by the user and by Adobe.
  • Remove accounts of any type from your organization. For Enterprise IDs, you can also delete the accounts.
  • Query your Adobe users.
  • Manage membership in user groups and product profiles. These memberships control user access to Adobe products.
  • Manage administrative rights for users within user groups and product profiles.

This page provides an introduction to the endpoints and techniques you use to perform these tasks. For complete syntax details, see the UM API Reference.

Calling into the UM API

Before you can make calls into the User Management API, you must obtain proper credentials. See Authentication for API Access. You use your access credentials to authorize all calls into the UM API.

Address all user-management requests to the UM API server:

https://usermanagement.adobe.io/v2/usermanagement/...

For a Python code walkthrough and samples of actual API calls that demonstrate most user management tasks, see the User Management Walkthrough.


Introduction to User Management APIs


Manage your Adobe Users

The API defines a set of specific write actions that you use to create, update, and delete user accounts, and manage Adobe product access for users. To make most user-management requests, send an HTTPS POST request to the user-management Action API:

https://usermanagement.adobe.io/v2/usermanagement/action/{orgId}
  • Replace {orgId} with your organization’s unique ID, which looks like this: “12345@AdobeOrg”.

You specify actions for specific users in the JSON body of a POST request to the action endpoint for your organization. The JSON structure specifies a set of commands. Each command names a user or user group, and specifies one or more action steps to take for that user or group. A single request can include commands for multiple users or groups. An optional test mode allows you to check a set of commands for validity without making any actual changes in your user data.

You can also use this POST request to manage administrative rights for users in user groups and product profiles.

Adding Users with Adobe ID Identity Type

You can add users with any of the three identity types: Enterprise, Federated ID, or Adobe ID. See a full discussion at Identity Types.

When you create a new user of the Adobe ID type, the user is identified by email address. The Adobe ID can already exist or be created. The new user is immediately added to your organization, and sent an email that gives them the option to be removed from the organization, or to update their user profile.

Previously, users were required to accept an email invitation before being added to your organization. A deprecated API allowed you to manage pending new-user invites. Please discontinue use of this API in your applications.

Query Users

You can retrieve paged lists of all users for the organization, and examine information for an individual user through the unique user ID. See User Access APIs.

Manage User Groups

You can create new user groups programmatically, update the names and descriptions of existing user groups, and delete user groups, through the Action API.


Manage Product Access and Admin Rights

Users are provisioned for access to Adobe products through their membership in user groups and product profiles. A user group is a collection of users who share a set of permissions. Both individual users and user groups can be added to product profiles to give them access to a set of products.

You cannot create product profiles through the API. You must create them in the Admin Console. You can then use the User Management API to manage product access for users by adding and removing users to and from your existing user groups and product profiles.

Manage memberships and roles

  • To manage user group membership and assign administrative rights in user groups, use the usergroup root command in a POST request to the Action API for your organization. For details, see User Group Management Actions.
    https://usermanagement.adobe.io/v2/usermanagement/action/{orgId}
    
  • To manage product profile membership and administrative rights, use the user root command in a POST request to the Action API for your organization. Use the Product Information APIs to find products and profiles for your organization.
    https://usermanagement.adobe.io/v2/usermanagement/{orgId}/product/{productId}/configurations/{profileId}
    

Throttling and Error Handling

To protect the availability of the Adobe back-end user identity systems, the User Management API imposes limits on client access to the data. Limits apply to the number of calls that an individual client can make within a time interval, and global limits apply to access by all clients within the time period.

Please refer to the Throttling section of each API to determine its limitations. When the access limit is reached, further calls fail with 429 Too Many Requests.

If you are leveraging the User Sync Tool, our recommendation is to run the tool no more than once every 2 hours. Further information on scheduling recommendations can be found in the User Sync Tool Deployment Best Practices section.