Entitlements required: inviteUser (Invite user).
This API is a public preview and is enabled for a tenant that includes invite user beta support.
Send users an invitation to onboard them to use an application. Upon accepting the invitation, the user is optionally created and added to the specified groups. Through the group membership, users are automatically given the roles and permissions that are assigned to those groups.
This API supports emailing invitations to multiple people in one request. Each invitation that is sent is given a transaction ID. The transaction ID is needed to validate and complete the invite user transaction. The email contains a link to accept the invitation. The email link includes the transaction ID and the OTP as query parameters. By default, the link takes you to ISV to process the invited user. You can override the link by specifying a baseVerificationUrl in the payload. When you override the link, the application is responsible for processing the invited user by calling the PUT on the invitation to complete the transaction.
The adopterId + email combination enables multiple invitations to be sent to the same user in different requests. This combination can onboard a user to different applications on the same tenant. For example, you can add a user to different groups as part of accepting the invitation. Only one invitation to the adopterId + email combination is active. When you resend the invitation, the existing invitation with that adopterId + email combination is replaced.
The assignment of groups requires the manageUserGroups (Manage users and groups) or the manageUserStandardGroups (Manage users and standard groups) permission. An admin can further scope the groups that can be assigned to invited users by creating a custom admin role and then scope the groups that the manageUserGroups permission applies to.
You can enable or disable user invitations in the identity provider that is associated with the realm.
A maximum of 100 invitations and 20 groups can be specified in the payload.
Notifications can be branded by passing in the themeId as a query parameter. The template for branding is located at "notifications/user_management/invite/invite_user_email.xml"
post https://{tenanturl}/v1.0/usc/user/invitation