> ## Documentation Index
> Fetch the complete documentation index at: https://docs.dfns.co/llms.txt
> Use this file to discover all available pages before exploring further.
# Create User
> Invite a new user in the caller's org. This will create the user and send a registration email to the created User's email, with a registration code, and pointing him to complete his registration on Dfns Dashboard. The user is created without any permissions.
If you want the created User to not know about about Dfns, and don't want him to
receive the registration email from Dfns, you should rather use the Delegated Registration
endpoint.
## OpenAPI
````yaml /openapi.yaml post /auth/users
openapi: 3.1.0
info:
version: 1.807.0
title: Dfns
servers:
- url: https://api.dfns.io
description: Default - Europe
- url: https://api.uae.dfns.io
description: UAE
- url: https://api.dfns.ninja
description: Staging
security: []
paths:
/auth/users:
post:
tags:
- Auth
summary: Create User
description: >-
Invite a new user in the caller's org. This will create the user and
send a registration email to the created User's email, with a
registration code, and pointing him to complete his registration on Dfns
Dashboard. The user is created without any permissions.
If you want the created User to not know about about Dfns, and don't want him to
receive the registration email from Dfns, you should rather use the Delegated Registration
endpoint.
requestBody:
content:
application/json:
schema:
type: object
properties:
email:
type: string
format: email
description: The email address of the new user.
kind:
type: string
enum:
- CustomerEmployee
description: |-
The kind of user being created.
In this endpoint it can only be "`CustomerEmployee`" (creating an "`EndUser`" is done through the [Delegated Registration](https://docs.dfns.co/api-reference/auth/registration-flows#delegated-users-registration-flow) endpoint)
publicKey:
type: string
externalId:
type: string
description: >-
Value that can be used to correlate the entity with an
external system.
isSSORequired:
type: boolean
default: false
description: If set to true, the user will have to authenticate via SSO
required:
- email
- kind
additionalProperties: false
responses:
'200':
description: Success
content:
application/json:
schema:
$ref: '#/components/schemas/User'
security:
- authenticationToken: []
userActionSignature: []
components:
schemas:
User:
type: object
properties:
username:
type: string
name:
type: string
userId:
type: string
minLength: 1
maxLength: 64
pattern: ^us-[a-z0-9]{5}-[a-z0-9]{5}-[a-z0-9]{14,16}$
description: User id.
example: us-6b58p-r53sr-rlrd3l5cj3uc4ome
kind:
type: string
enum:
- CustomerEmployee
- EndUser
description: User kind.
credentialUuid:
type: string
orgId:
type: string
permissions:
type: array
items:
type: string
isActive:
type: boolean
isServiceAccount:
type: boolean
isRegistered:
type: boolean
isSSORequired:
type: boolean
permissionAssignments:
type: array
items:
type: object
properties:
permissionName:
type: string
permissionId:
type: string
assignmentId:
type: string
operations:
type: array
items:
type: string
required:
- permissionName
- permissionId
- assignmentId
required:
- username
- name
- userId
- kind
- credentialUuid
- orgId
- isActive
- isServiceAccount
- isRegistered
- isSSORequired
- permissionAssignments
securitySchemes:
authenticationToken:
type: http
scheme: bearer
bearerFormat: JWT
description: >-
**Bearer Token:** Used to authenticate API requests.
More details how to generate the token: [Authentication
flows](https://docs.dfns.co/api-reference/auth/login-flows)
userActionSignature:
type: apiKey
in: header
name: X-DFNS-USERACTION
description: >-
**User Action Signature:** Used to sign the change-inducing API
requests.
More details how to generate the token: [User Action Signing
flows](https://docs.dfns.co/api-reference/auth/signing-flows)
````