Platform User Management

Platform owner endpoints for global user administration and MFA management.

Endpoints

GET /api/platform/users

Retrieve a paginated list of all users on the platform.

Authorization: Platform Owner Only

Query Parameters

Response (200 OK)

{
  "users": [
    {
      "id": "user-uuid",
      "email": "user@example.com",
      "is_platform_owner": false,
      "created_at": "2025-01-15T10:30:00Z"
    }
  ],
  "total": 15420
}

GET /api/platform/users/search

Search for users by email or ID.

Query Parameters

Example Request

curl -X GET "https://sso.example.com/api/platform/users/search?q=john" \
  -H "Authorization: Bearer {platform_owner_jwt}"

Response (200 OK)

[
  {
    "id": "user-uuid",
    "email": "john@example.com",
    "is_platform_owner": false,
    "created_at": "2025-01-15T10:30:00Z"
  }
]

GET /api/platform/users/:user_id/mfa/status

Check if a user has MFA enabled and if they have backup codes.

Response (200 OK)

{
  "enabled": true,
  "has_backup_codes": true
}

DELETE /api/platform/users/:user_id/mfa

Forcefully disable MFA for a user. This will delete their TOTP secret and all backup codes.

Authorization: Platform Owner Only

Response (200 OK)

{
  "success": true,
  "message": "MFA has been force-disabled for the user"
}

[!WARNING] This action is permanent and should only be used for support scenarios where a user has lost access to their MFA device and backup codes.

POST /api/platform/owners

Promote a regular user to Platform Owner.

Request Body

DELETE /api/platform/owners/:user_id

Remove Platform Owner status from a user.

[!NOTE] You cannot demote yourself, and you cannot demote the last remaining Platform Owner.

GET /api/platform/mfa/suspicious-activity

Retrieve high-risk MFA activity alerts.

Query Parameters

Response (200 OK)

[
  {
    "user_id": "user-uuid",
    "email": "user@example.com",
    "alert_type": "MultipleFailures",
    "severity": "High",
    "details": "10 failed MFA attempts in 5 minutes",
    "detected_at": "2025-01-15T10:30:00Z"
  }
]