OneLogin · Capability

OneLogin API — Users

OneLogin API — Users. 14 operations. Lead operation: List users. Self-contained Naftiko capability covering one Onelogin business surface.

Run with Naftiko OneloginUsers

What You Can Do

GET

Listusers — List users

/v1/api/1/users

POST

Createuser — Create user

/v1/api/1/users

GET

Getuser — Get user by ID

/v1/api/1/users/{id}

PUT

Updateuser — Update user by ID

/v1/api/1/users/{id}

DELETE

Deleteuser — Delete user by ID

/v1/api/1/users/{id}

GET

Getuserapps — Get apps for a user

/v1/api/1/users/{id}/apps

PUT

Setusercustomattribute — Set custom attribute

/v1/api/1/users/{id}/custom-attributes

POST

Lockuser — Lock user account

/v1/api/1/users/{id}/lock

POST

Logoutuser — Log user out

/v1/api/1/users/{id}/logout

PUT

Setuserpassword — Set user password

/v1/api/1/users/{id}/password

GET

Getuserroles — Get roles for a user

/v1/api/1/users/{id}/roles

POST

Assignuserrole — Assign role to user

/v1/api/1/users/{id}/roles

DELETE

Removeuserrole — Remove role from user

/v1/api/1/users/{id}/roles/{role-id}

PUT

Setuserstate — Set user state

/v1/api/1/users/{id}/state

MCP Tools

list-users

List users

read-only idempotent

create-user

Create user

get-user-id

Get user by ID

read-only idempotent

update-user-id

Update user by ID

idempotent

delete-user-id

Delete user by ID

idempotent

get-apps-user

Get apps for a user

read-only idempotent

set-custom-attribute

Set custom attribute

idempotent

lock-user-account

Lock user account

log-user-out

Log user out

set-user-password

Set user password

idempotent

get-roles-user

Get roles for a user

read-only idempotent

assign-role-user

Assign role to user

remove-role-user

Remove role from user

idempotent

set-user-state

Set user state

idempotent

Capability Spec

naftiko: 1.0.0-alpha2
info:
  label: OneLogin API — Users
  description: 'OneLogin API — Users. 14 operations. Lead operation: List users. Self-contained Naftiko capability covering
    one Onelogin business surface.'
  tags:
  - Onelogin
  - Users
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    ONELOGIN_API_KEY: ONELOGIN_API_KEY
capability:
  consumes:
  - type: http
    namespace: onelogin-users
    baseUri: https://{subdomain}.onelogin.com
    description: OneLogin API — Users business capability. Self-contained, no shared references.
    resources:
    - name: api-1-users
      path: /api/1/users
      operations:
      - name: listusers
        method: GET
        description: List users
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: limit
          in: query
          type: integer
        - name: page
          in: query
          type: integer
      - name: createuser
        method: POST
        description: Create user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    - name: api-1-users-id
      path: /api/1/users/{id}
      operations:
      - name: getuser
        method: GET
        description: Get user by ID
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updateuser
        method: PUT
        description: Update user by ID
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
      - name: deleteuser
        method: DELETE
        description: Delete user by ID
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-1-users-id-apps
      path: /api/1/users/{id}/apps
      operations:
      - name: getuserapps
        method: GET
        description: Get apps for a user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-1-users-id-custom_attributes
      path: /api/1/users/{id}/custom_attributes
      operations:
      - name: setusercustomattribute
        method: PUT
        description: Set custom attribute
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-1-users-id-lock
      path: /api/1/users/{id}/lock
      operations:
      - name: lockuser
        method: POST
        description: Lock user account
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-1-users-id-logout
      path: /api/1/users/{id}/logout
      operations:
      - name: logoutuser
        method: POST
        description: Log user out
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-1-users-id-password
      path: /api/1/users/{id}/password
      operations:
      - name: setuserpassword
        method: PUT
        description: Set user password
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-1-users-id-roles
      path: /api/1/users/{id}/roles
      operations:
      - name: getuserroles
        method: GET
        description: Get roles for a user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: assignuserrole
        method: POST
        description: Assign role to user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-1-users-id-roles-role_id
      path: /api/1/users/{id}/roles/{role_id}
      operations:
      - name: removeuserrole
        method: DELETE
        description: Remove role from user
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: api-1-users-id-state
      path: /api/1/users/{id}/state
      operations:
      - name: setuserstate
        method: PUT
        description: Set user state
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    authentication:
      type: bearer
      token: '{{env.ONELOGIN_API_KEY}}'
  exposes:
  - type: rest
    namespace: onelogin-users-rest
    port: 8080
    description: REST adapter for OneLogin API — Users. One Spectral-compliant resource per consumed operation, prefixed with
      /v1.
    resources:
    - path: /v1/api/1/users
      name: api-1-users
      description: REST surface for api-1-users.
      operations:
      - method: GET
        name: listusers
        description: List users
        call: onelogin-users.listusers
        with:
          limit: rest.limit
          page: rest.page
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: createuser
        description: Create user
        call: onelogin-users.createuser
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/1/users/{id}
      name: api-1-users-id
      description: REST surface for api-1-users-id.
      operations:
      - method: GET
        name: getuser
        description: Get user by ID
        call: onelogin-users.getuser
        outputParameters:
        - type: object
          mapping: $.
      - method: PUT
        name: updateuser
        description: Update user by ID
        call: onelogin-users.updateuser
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
      - method: DELETE
        name: deleteuser
        description: Delete user by ID
        call: onelogin-users.deleteuser
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/1/users/{id}/apps
      name: api-1-users-id-apps
      description: REST surface for api-1-users-id-apps.
      operations:
      - method: GET
        name: getuserapps
        description: Get apps for a user
        call: onelogin-users.getuserapps
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/1/users/{id}/custom-attributes
      name: api-1-users-id-custom-attributes
      description: REST surface for api-1-users-id-custom_attributes.
      operations:
      - method: PUT
        name: setusercustomattribute
        description: Set custom attribute
        call: onelogin-users.setusercustomattribute
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/1/users/{id}/lock
      name: api-1-users-id-lock
      description: REST surface for api-1-users-id-lock.
      operations:
      - method: POST
        name: lockuser
        description: Lock user account
        call: onelogin-users.lockuser
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/1/users/{id}/logout
      name: api-1-users-id-logout
      description: REST surface for api-1-users-id-logout.
      operations:
      - method: POST
        name: logoutuser
        description: Log user out
        call: onelogin-users.logoutuser
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/1/users/{id}/password
      name: api-1-users-id-password
      description: REST surface for api-1-users-id-password.
      operations:
      - method: PUT
        name: setuserpassword
        description: Set user password
        call: onelogin-users.setuserpassword
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/1/users/{id}/roles
      name: api-1-users-id-roles
      description: REST surface for api-1-users-id-roles.
      operations:
      - method: GET
        name: getuserroles
        description: Get roles for a user
        call: onelogin-users.getuserroles
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: assignuserrole
        description: Assign role to user
        call: onelogin-users.assignuserrole
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/1/users/{id}/roles/{role-id}
      name: api-1-users-id-roles-role-id
      description: REST surface for api-1-users-id-roles-role_id.
      operations:
      - method: DELETE
        name: removeuserrole
        description: Remove role from user
        call: onelogin-users.removeuserrole
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/api/1/users/{id}/state
      name: api-1-users-id-state
      description: REST surface for api-1-users-id-state.
      operations:
      - method: PUT
        name: setuserstate
        description: Set user state
        call: onelogin-users.setuserstate
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: onelogin-users-mcp
    port: 9090
    transport: http
    description: MCP adapter for OneLogin API — Users. One tool per consumed operation, routed inline through this capability's
      consumes block.
    tools:
    - name: list-users
      description: List users
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: onelogin-users.listusers
      with:
        limit: tools.limit
        page: tools.page
      outputParameters:
      - type: object
        mapping: $.
    - name: create-user
      description: Create user
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: onelogin-users.createuser
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: get-user-id
      description: Get user by ID
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: onelogin-users.getuser
      outputParameters:
      - type: object
        mapping: $.
    - name: update-user-id
      description: Update user by ID
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: onelogin-users.updateuser
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.
    - name: delete-user-id
      description: Delete user by ID
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: onelogin-users.deleteuser
      outputParameters:
      - type: object
        mapping: $.
    - name: get-apps-user
      description: Get apps for a user
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: onelogin-users.getuserapps
      outputParameters:
      - type: object
        mapping: $.
    - name: set-custom-attribute
      description: Set custom attribute
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: onelogin-users.setusercustomattribute
      outputParameters:
      - type: object
        mapping: $.
    - name: lock-user-account
      description: Lock user account
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: onelogin-users.lockuser
      outputParameters:
      - type: object
        mapping: $.
    - name: log-user-out
      description: Log user out
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: onelogin-users.logoutuser
      outputParameters:
      - type: object
        mapping: $.
    - name: set-user-password
      description: Set user password
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: onelogin-users.setuserpassword
      outputParameters:
      - type: object
        mapping: $.
    - name: get-roles-user
      description: Get roles for a user
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: onelogin-users.getuserroles
      outputParameters:
      - type: object
        mapping: $.
    - name: assign-role-user
      description: Assign role to user
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: onelogin-users.assignuserrole
      outputParameters:
      - type: object
        mapping: $.
    - name: remove-role-user
      description: Remove role from user
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: onelogin-users.removeuserrole
      outputParameters:
      - type: object
        mapping: $.
    - name: set-user-state
      description: Set user state
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: onelogin-users.setuserstate
      outputParameters:
      - type: object
        mapping: $.