If your organization defines an OAuth identity provider in its OrgOAuthSettings, users managed by that identity provider are created implicitly when they first log in to the organization. You can also import a user from an OAuth identity provider explicitly if you need the user to exist in the organization before first login, or to assign the user a specific role.

Unlike imports from an LDAP service, imports from an OAuth identity provider do not actually import information from an external database. Instead, the operation creates a mapping between a user defined in your organization and a user defined by your organization's OAuth provider. The vCloud Director database stores these mappings, but does not store any user properties retrieved from the OAuth provider.

Prerequisites

This operation requires the rights included in the predefined Organization Administrator role or an equivalent set of rights.

Verify that your organization has defined an OAuth identity provider in its OrgOAuthSettings.

Procedure
1

Create a User element that identifies a user defined by your organization's OAuth provider.

2

Include the following line in the User or Group element. 

<ProviderType>OAUTH</ProviderType>
3

POST the element to the organization's users URL.

Example: Import a User from an OAuth Identity Provider

This example imports a user from an OAuth identity provider and assigns the user the Defer to Identity Provider role. See Predefined Roles and Their Rights.

Request: 

POST https://vcloud.example.com/api/admin/org/26/users
Content-Type: application/vnd.vmware.admin.user+xml
...
<?xml version="1.0" encoding="UTF-8"?>
<User
   xmlns="http://www.vmware.com/vcloud/v1.5"
   name="[email protected]"
   type="application/vnd.vmware.admin.user+xml">
   <IsEnabled>true</IsEnabled>
   <ProviderType>OAUTH</ProviderType>
   <Role
      href="https://vcloud.example.com/api/admin/org/26/role/d26caa7b-d8b2-395b-9615-4cd1903a65c1" />
</User>

The response is a User element, most of which is not shown in the example. The response includes a link that an administrator can use to edit user metadata, and additional elements, such as IsDefaultCached and StoredVmQuota, inherited from organization defaults. It also includes a NameInSource element, which contains the user's name in the encoding used by the identity provider.

Response: 

201 Created
Content-Type: application/vnd.vmware.admin.user+xml
...
<User
   xmlns="http://www.vmware.com/vcloud/v1.5"
   name="[email protected]"
   id="urn:vcloud:user:85"
   type="application/vnd.vmware.admin.user+xml"
   href="https://vcloud.example.com/api/admin/user/85">
   <Link
      rel="edit"
      type="application/vnd.vmware.admin.user+xml"
      href="https://vcloud.example.com/api/admin/user/85" />
   <FullName>Imported User Full Name</FullName>
   <EmailAddress>[email protected]</EmailAddress>
   <IsEnabled>true</IsEnabled>
   <ProviderType>OAUTH</ProviderType>
   <NameInSource>\F4\D3\42\8E\6A\BC\D3</NameInSource>
   <IsAlertEnabled>false</IsAlertEnabled>
   <IsDefaultCached>false</IsDefaultCached>
   <StoredVmQuota>0</StoredVmQuota>
   <DeployedVmQuota>0</DeployedVmQuota>
   <Role
      type="application/vnd.vmware.admin.role+xml"
      name="Defer to Identity Provider"
      href="https://vcloud.example.com/api/admin/org/26/role/d26caa7b-d8b2-395b-9615-4cd1903a65c1" />
   <GroupReferences />
</User>