End-User Management
Manage end-users who authenticate with your organization’s services.
Overview
End-users are customers who authenticate with services within your organization. They are distinct from organization members (owners, admins, members who manage the organization).
Endpoints
| Method | Path | Description |
|---|---|---|
GET |
/api/organizations/:slug/users |
List end-users |
GET |
/api/organizations/:slug/users/:user_id |
Get user details |
DELETE |
/api/organizations/:slug/users/:user_id/sessions |
Revoke sessions |
GET /api/organizations/:slug/users
List end-users with pagination and search.
Synopsis
| Property | Value |
|---|---|
| Authentication | Required (JWT) |
| Authorization | Organization Member |
Query Parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
page |
integer |
1 | Page number |
limit |
integer |
50 | Items per page (max 100) |
search |
string |
- | Search by email |
service_id |
string |
- | Filter by service |
Example Request
curl -X GET "https://sso.example.com/api/organizations/acme-corp/users?search=john" \
-H "Authorization: Bearer {jwt}"
Response (200 OK)
{
"users": [
{
"id": "user-uuid",
"email": "john@customer.com",
"created_at": "2025-01-15T10:30:00Z",
"last_login_at": "2025-01-16T14:20:00Z",
"mfa_enabled": true,
"services": ["main-app", "mobile-app"]
}
],
"pagination": {
"page": 1,
"limit": 50,
"total": 1
}
}
GET /api/organizations/:slug/users/:user_id
Get detailed information about an end-user.
Synopsis
| Property | Value |
|---|---|
| Authentication | Required (JWT) |
| Authorization | Organization Member |
Example Request
curl -X GET https://sso.example.com/api/organizations/acme-corp/users/user-uuid \
-H "Authorization: Bearer {jwt}"
Response (200 OK)
{
"id": "user-uuid",
"email": "john@customer.com",
"email_verified": true,
"created_at": "2025-01-15T10:30:00Z",
"updated_at": "2025-01-16T14:20:00Z",
"last_login_at": "2025-01-16T14:20:00Z",
"mfa_enabled": true,
"linked_identities": [
{
"provider": "github",
"provider_user_id": "12345",
"email": "john@customer.com",
"linked_at": "2025-01-15T10:30:00Z"
}
],
"services": [
{
"id": "service-uuid",
"slug": "main-app",
"name": "Main Application",
"first_login_at": "2025-01-15T10:30:00Z",
"last_login_at": "2025-01-16T14:20:00Z"
}
],
"sessions": {
"active_count": 2,
"last_created_at": "2025-01-16T14:20:00Z"
}
}
DELETE /api/organizations/:slug/users/:user_id/sessions
Revoke all active sessions for an end-user.
Synopsis
| Property | Value |
|---|---|
| Authentication | Required (JWT) |
| Authorization | Owner or Admin |
Example Request
curl -X DELETE https://sso.example.com/api/organizations/acme-corp/users/user-uuid/sessions \
-H "Authorization: Bearer {jwt}"
Response (200 OK)
{
"message": "All sessions revoked",
"sessions_revoked": 3
}
Use Cases
- User reported account compromise
- Employee offboarding
- Security incident response
End-User vs Organization Member
| Aspect | End-User | Organization Member |
|---|---|---|
| Purpose | Uses services | Manages organization |
| Authentication | Via services | Via admin portal |
| Roles | None | Owner, Admin, Member |
| Access | Service-specific | Organization-wide |