Use ListUsers to query a paginated list of accounts - Identity as a Service

Retrieves a paginated list of EIAM accounts.

Operation description

This API retrieves only applications directly assigned to an organization. Use the ApplicationIds parameter to filter applications.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

eiam:ListUsers

list

*User

acs:eiam:{#regionId}:{#accountId}:instance/{#InstanceId}/user/*

None

Request parameters

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	The instance ID.	idaas_ue2jvisn35ea5lmthk267xxxxx
PageNumber	integer	No	The page number. The default value is 1.	1
PageSize	integer	No	The number of entries per page. The default value is 20. The maximum value is 100.	20
UserIds	array	No	The list of user IDs.	20
	string	No	The user ID.	user_d6sbsuumeta4h66ec3il7yxxxx
UsernameStartsWith	string	No	The prefix of the username. The query is performed based on the prefix.	name_001
DisplayNameStartsWith	string	No	The prefix of the display name. The query is performed based on the prefix.	name
PhoneRegion	string	No	The country calling code. For example, the country calling code of China is `86`. Do not add `00` or `+` to the country calling code.	86
PhoneNumber	string	No	The mobile number of the user.	156xxxxxxx
Email	string	No	The email address of the user.	user@example.com
UserExternalId	string	No	The external ID of the user. The external ID can be used to associate the user with a user in an external system. Note The external ID must be unique within the same source type and source ID.	id_wovwffm62xifdziem7an7xxxxx
UserSourceId	string	No	The source ID of the user. If the user is created in EIAM, the value of this parameter is the ID of the EIAM instance. If the user is imported from an external system, the value of this parameter is the enterprise ID of the user in the external system. For example, if the user is imported from DingTalk, the value of this parameter is the `corpId` of the enterprise in DingTalk.	idaas_ue2jvisn35ea5lmthk267xxxxx
UserSourceType	string	No	The source type of the user. Valid values: `build_in`: The user is created in EIAM. `ding_talk`: The user is imported from DingTalk. `ad`: The user is imported from Active Directory (AD). `ldap`: The user is imported from a Lightweight Directory Access Protocol (LDAP) directory. `we_com`: The user is imported from WeCom.	build_in
Status	string	No	The status of the user. Valid values: `enabled`: The user is enabled. `disabled`: The user is disabled.	enable
OrganizationalUnitId	string	No	The ID of the organizational unit.	ou_wovwffm62xifdziem7an7xxxxx
NextToken	string	No	The pagination token that is used in the next request to retrieve a new page of results.	NTxxxxexample
MaxResults	integer	No	The number of entries per page.	20

Response elements

Element	Type	Description	Example
	object	The response data.
RequestId	string	The request ID.	0441BD79-92F3-53AA-8657-F8CE4A2B912A
TotalCount	integer	The total number of entries.	100
Users	array<object>	The list of users.
	object	The user data.
UserId	string	The user ID.	user_d6sbsuumeta4h66ec3il7yxxxx
Username	string	The user name.	name001
DisplayName	string	The display name.	display_name001
PasswordSet	boolean	Indicates whether a password is set.	false
PhoneRegion	string	The country calling code. For example, specify `86` for Chinese mainland. Do not include `00` or a plus sign (+).	86
PhoneNumber	string	The phone number.	156xxxxxxx
PhoneNumberVerified	boolean	Indicates whether the phone number is verified. `true` means the user has verified the phone number or an administrator has marked it as verified. `false` means the phone number is not verified.	true
Email	string	The email address.	user@example.com
EmailVerified	boolean	Indicates whether the email address is verified. `true` means the user has verified the email address or an administrator has marked it as verified. `false` means the email address is not verified.	true
UserExternalId	string	The external user ID. This ID maps data from an external system to a user in IDaaS. It defaults to the user ID. Note: The external user ID must be unique for the same source type and source ID.	user_d6sbsuumeta4h66ec3il7yxxxx
UserSourceType	string	The user source type. Valid values: `build_in`: The user is a built-in user. `ding_talk`: The user is imported from DingTalk. `ad`: The user is imported from AD. `ldap`: The user is imported from LDAP.	build_in
UserSourceId	string	The user source ID. If the user is built-in, this is the instance ID. For users from other sources, this is the enterprise ID from the source, such as the `corpId` for a DingTalk organization.	idaas_ue2jvisn35ea5lmthk267xxxxx
Status	string	The status. Valid values: `enabled`: The user is enabled. `disabled`: The user is disabled.	enabled
AccountExpireTime	integer	The account expiration time. This is a Unix timestamp in milliseconds.	1652085686179
PasswordExpireTime	integer	The password expiration time. This is a Unix timestamp in milliseconds.	1652085686179
RegisterTime	integer	The registration time. This is a Unix timestamp in milliseconds.	1652085686179
LockExpireTime	integer	The account lock expiration time. This is a Unix timestamp in milliseconds.	1652085686179
CreateTime	integer	The creation time. This is a Unix timestamp in milliseconds.	1652085686179
UpdateTime	integer	The last update time. This is a Unix timestamp in milliseconds.	1652085686179
Description	string	The user description.	xxxx
InstanceId	string	The instance ID.	idaas_ue2jvisn35ea5lmthk267xxxxx
NextToken	string	The token used to retrieve the next page of results.	NTxxxxxexample
MaxResults	integer	The number of entries returned per page.	20

Examples

Success response

JSON format

{
  "RequestId": "0441BD79-92F3-53AA-8657-F8CE4A2B912A",
  "TotalCount": 100,
  "Users": [
    {
      "UserId": "user_d6sbsuumeta4h66ec3il7yxxxx",
      "Username": "name001",
      "DisplayName": "display_name001",
      "PasswordSet": false,
      "PhoneRegion": "86",
      "PhoneNumber": "156xxxxxxx",
      "PhoneNumberVerified": true,
      "Email": "user@example.com",
      "EmailVerified": true,
      "UserExternalId": "user_d6sbsuumeta4h66ec3il7yxxxx",
      "UserSourceType": "build_in",
      "UserSourceId": "idaas_ue2jvisn35ea5lmthk267xxxxx",
      "Status": "enabled",
      "AccountExpireTime": 1652085686179,
      "PasswordExpireTime": 1652085686179,
      "RegisterTime": 1652085686179,
      "LockExpireTime": 1652085686179,
      "CreateTime": 1652085686179,
      "UpdateTime": 1652085686179,
      "Description": "xxxx",
      "InstanceId": "idaas_ue2jvisn35ea5lmthk267xxxxx"
    }
  ],
  "NextToken": "NTxxxxxexample",
  "MaxResults": 20
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.