Skip to main content

Create user and SAML user accounts with the REST API

These use case scenarios provide the Identity REST API requests and payloads for creating a user account or a SAML user account.

Send the following request to create a user account:

http --auth-type=veracode_hmac POST "https://api.veracode.com/api/authn/v2/users" < input.json

The API passes the JSON file that you populate with the necessary values as shown in this example payload:

{
"email_address":"[email protected]",
"first_name":"Example",
"last_name":"User",
"ip_restricted":false,
"pin_required": true,
"active":true,
"roles":[
{
"role_name":"extseclead"
},
{
"role_name":"extsubmitanyscan"
}
],
"title":"Sample",
"user_name":"[email protected]",
"userType":"VOSP",
"teams":[
{
"team_id":"teamId"
}
]
}

Send the following request to create a user account with SAML sign-on:

http --auth-type=veracode_hmac POST "https://api.veracode.com/api/authn/v2/users" < input.json

The API passes the JSON file that you populate with the necessary values as shown in this example payload:

{
"email_address":"[email protected]",
"first_name":"Example",
"last_name":"User",
"ip_restricted":false,
"active":true,
"roles":[
{
"role_name":"extseclead"
},
{
"role_name":"extsubmitanyscan"
}
],
"title":"Sample",
"saml_user":true,
"saml_subject":"[email protected]",
"user_type":"VOSP"
}

For some roles, you must include one or more of these scan types that the user can submit:

  • extsubmitanyscan: any scan type
  • extsubmitstaticscan: Static Analysis
  • extsubmitdynamicanalysis: Dynamic Analysis
  • extsubmitmanualscan: Manual Penetration Testing

When Veracode creates the user account and configures the authentication, it can take up to one minute.

Role Short NameRole NameAdditional Roles Required
deletescansDelete Scansextseclead or extcreator
sandboxadminSandbox Administrator 
sandboxuserSandbox User 
workSpaceAdminWorkspace Administrator 
workSpaceEditorWorkspace Editor 
extsecleadSecurity LeadUsers must have at lease one of these additional roles: extsubmitmanualscan, extsubmitstaticscan, extsubmitdynamicscan, extsubmitdynamicanalysis, extsubmitdynamicmpscan, extsubmitanyscan, extsubmitdiscoveryscan
extcreatorCreatorUsers must have the additional role that matches the type of scan they want to create and submit: extsubmitmanualscan, extsubmitstaticscan, extsubmitdynamicscan, extsubmitdynamicanalysis, extsubmitanyscan, extsubmitdynamicmpscan, extsubmitdiscoveryscan
extsubmitterSubmitterUsers must have the additional role that matches the type of scan they want to submit: extsubmitmanualscan, extsubmitstaticscan, extsubmitdynamicscan, extsubmitdynamicanalysis, extsubmitanyscan, extsubmitdynamicmpscan, extsubmitdiscoveryscan
extreviewerReviewer 
extmitigationapproverMitigation Approver 
extexecutiveExecutive 
securityinsightsonlySecurity Insights 
securityLabsUserSecurity Labs User 
extadminAdministratorContact Veracode Technical Support to assign this role to a user.
extpolicyadminPolicy Administrator 
extelearneLearning 
teamAdminTeam Admin 
greenlightideuserGreenlight IDE User