Activate a user profile Generally available; Added in 8.2.0

POST /_security/profile/_activate
Api key auth Basic auth Bearer auth

Create or update a user profile on behalf of another user.

NOTE: The user profile feature is designed only for use by Kibana and Elastic's Observability, Enterprise Search, and Elastic Security solutions. Individual users and external applications should not call this API directly. The calling application must have either an access_token or a combination of username and password for the user that the profile document is intended for. Elastic reserves the right to change or remove this feature in future releases without prior notice.

This API creates or updates a profile document for end users with information that is extracted from the user's authentication object including username, full_name, roles, and the authentication realm. For example, in the JWT access_token case, the profile user's username is extracted from the JWT token claim pointed to by the claims.principal setting of the JWT realm that authenticated the token.

When updating a profile document, the API enables the document if it was disabled. Any updates do not change existing content for either the labels or data fields.

Required authorization

  • Cluster privileges: manage_user_profile
application/json

Body Required

  • access_token string

    The user's Elasticsearch access token or JWT. Both access and id JWT token types are supported and they depend on the underlying JWT realm configuration. If you specify the access_token grant type, this parameter is required. It is not valid with other grant types.

  • grant_type string Required

    The type of grant.

    Supported values include:

    • password: In this type of grant, you must supply the user ID and password for which you want to create the API key.
    • access_token: In this type of grant, you must supply an access token that was created by the Elasticsearch token service. If you are activating a user profile, you can alternatively supply a JWT (either a JWT access_token or a JWT id_token).

    Values are password or access_token.

  • password string

    The user's password. If you specify the password grant type, this parameter is required. It is not valid with other grant types.

  • username string

    The username that identifies the user. If you specify the password grant type, this parameter is required. It is not valid with other grant types.

Responses

  • 200 application/json
    Hide response attributes Show response attributes object
    • uid string Required
    • user object Required
      Hide user attributes Show user attributes object
    • data object Required
      Hide data attribute Show data attribute object
      • * object Additional properties
    • labels object Required
      Hide labels attribute Show labels attribute object
      • * object Additional properties
    • enabled boolean
    • last_synchronized number Required
    • _doc object Required
      Hide _doc attributes Show _doc attributes object
      • _primary_term number Required
      • _seq_no number Required
POST /_security/profile/_activate 
POST /_security/profile/_activate
{
  "grant_type": "password",
  "username" : "jacknich",
  "password" : "l0ng-r4nd0m-p@ssw0rd"
}
resp = client.security.activate_user_profile(
    grant_type="password",
    username="jacknich",
    password="l0ng-r4nd0m-p@ssw0rd",
)
const response = await client.security.activateUserProfile({
  grant_type: "password",
  username: "jacknich",
  password: "l0ng-r4nd0m-p@ssw0rd",
});
response = client.security.activate_user_profile(
  body: {
    "grant_type": "password",
    "username": "jacknich",
    "password": "l0ng-r4nd0m-p@ssw0rd"
  }
)
$resp = $client->security()->activateUserProfile([
    "body" => [
        "grant_type" => "password",
        "username" => "jacknich",
        "password" => "l0ng-r4nd0m-p@ssw0rd",
    ],
]);
curl -X POST -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d '{"grant_type":"password","username":"jacknich","password":"l0ng-r4nd0m-p@ssw0rd"}' "$ELASTICSEARCH_URL/_security/profile/_activate"
client.security().activateUserProfile(a -> a
    .grantType(GrantType.Password)
    .password("l0ng-r4nd0m-p@ssw0rd")
    .username("jacknich")
);
Request example
Run `POST /_security/profile/_activate` to activate a user profile. 
{
  "grant_type": "password",
  "username" : "jacknich",
  "password" : "l0ng-r4nd0m-p@ssw0rd"
}
Response examples (200)
A successful response from `POST /_security/profile/_activate`. 
{
  "uid": "u_79HkWkwmnBH5gqFKwoxggWPjEBOur1zLPXQPEl1VBW0_0",
  "enabled": true,
  "last_synchronized": 1642650651037,
  "user": {
    "username": "jacknich",
    "roles": [
      "admin", "other_role1"
    ],
    "realm_name": "native",
    "full_name": "Jack Nicholson",
    "email": "jacknich@example.com"
  },
  "labels": {},
  "data": {},
  "_doc": {
    "_primary_term": 88,
    "_seq_no": 66
  }
}