# Actions
<a name="API_Operations"></a>

The following actions are supported:
+  [CreateGroup](API_CreateGroup.md) 
+  [CreateGroupMembership](API_CreateGroupMembership.md) 
+  [CreateUser](API_CreateUser.md) 
+  [DeleteGroup](API_DeleteGroup.md) 
+  [DeleteGroupMembership](API_DeleteGroupMembership.md) 
+  [DeleteUser](API_DeleteUser.md) 
+  [DescribeGroup](API_DescribeGroup.md) 
+  [DescribeGroupMembership](API_DescribeGroupMembership.md) 
+  [DescribeUser](API_DescribeUser.md) 
+  [GetGroupId](API_GetGroupId.md) 
+  [GetGroupMembershipId](API_GetGroupMembershipId.md) 
+  [GetUserId](API_GetUserId.md) 
+  [IsMemberInGroups](API_IsMemberInGroups.md) 
+  [ListGroupMemberships](API_ListGroupMemberships.md) 
+  [ListGroupMembershipsForMember](API_ListGroupMembershipsForMember.md) 
+  [ListGroups](API_ListGroups.md) 
+  [ListUsers](API_ListUsers.md) 
+  [UpdateGroup](API_UpdateGroup.md) 
+  [UpdateUser](API_UpdateUser.md) 

# CreateGroup
<a name="API_CreateGroup"></a>

Creates a group within the specified identity store.

## Request Syntax
<a name="API_CreateGroup_RequestSyntax"></a>

```
{
   "Description": "string",
   "DisplayName": "string",
   "IdentityStoreId": "string"
}
```

## Request Parameters
<a name="API_CreateGroup_RequestParameters"></a>

For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).

The request accepts the following data in JSON format.

 ** [Description](#API_CreateGroup_RequestSyntax) **   <a name="singlesignon-CreateGroup-request-Description"></a>
A string containing the description of the group.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 1024.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  　]+`   
Required: No

 ** [DisplayName](#API_CreateGroup_RequestSyntax) **   <a name="singlesignon-CreateGroup-request-DisplayName"></a>
A string containing the name of the group. This value is commonly displayed when the group is referenced. `Administrator` and `AWSAdministrators` are reserved names and can't be used for users or groups.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 1024.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  ]+`   
Required: No

 ** [IdentityStoreId](#API_CreateGroup_RequestSyntax) **   <a name="singlesignon-CreateGroup-request-IdentityStoreId"></a>
The globally unique identifier for the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`   
Required: Yes

## Response Syntax
<a name="API_CreateGroup_ResponseSyntax"></a>

```
{
   "GroupId": "string",
   "IdentityStoreId": "string"
}
```

## Response Elements
<a name="API_CreateGroup_ResponseElements"></a>

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [GroupId](#API_CreateGroup_ResponseSyntax) **   <a name="singlesignon-CreateGroup-response-GroupId"></a>
The identifier of the newly created group in the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 47.  
Pattern: `([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}` 

 ** [IdentityStoreId](#API_CreateGroup_ResponseSyntax) **   <a name="singlesignon-CreateGroup-response-IdentityStoreId"></a>
The globally unique identifier for the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}` 

## Errors
<a name="API_CreateGroup_Errors"></a>

For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
You do not have sufficient access to perform this action.    
 ** Reason **   
Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** ConflictException **   
This request cannot be completed for one of the following reasons:  
+ Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.
+ The requested resource was being concurrently modified by another request.  
 ** Reason **   
Indicates the reason for a conflict error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** InternalServerException **   
The request processing has failed because of an unknown error, exception or failure with an internal server.    
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
Indicates that a requested resource is not found.    
 ** Reason **   
Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** ResourceId **   
The identifier for a resource in the identity store that can be used as `UserId` or `GroupId`. The format for `ResourceId` is either `UUID` or `1234567890-UUID`, where `UUID` is a randomly generated value for each resource when it is created and `1234567890` represents the ` IdentityStoreId` string value. In the case that the identity store is migrated from a legacy SSO identity store, the `ResourceId` for that identity store will be in the format of `UUID`. Otherwise, it will be in the `1234567890-UUID` format.  
 ** ResourceType **   
An enum object indicating the type of resource in the identity store service. Valid values include USER, GROUP, and IDENTITY\$1STORE.
HTTP Status Code: 400

 ** ServiceQuotaExceededException **   
The request would cause the number of users or groups in the identity store to exceed the maximum allowed.    
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** ThrottlingException **   
Indicates that the principal has crossed the throttling limits of the API operations.    
 ** Reason **   
Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 400

 ** ValidationException **   
The request failed because it contains a syntax error.    
 ** Reason **   
Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

## Examples
<a name="API_CreateGroup_Examples"></a>

### Example
<a name="API_CreateGroup_Example_1"></a>

This example creates a new group called Developers in the specified identity store.

#### Sample Request
<a name="API_CreateGroup_Example_1_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "DisplayName": "Developers",
    "Description": "Group that contains all developers"
}
```

#### Sample Response
<a name="API_CreateGroup_Example_1_Response"></a>

```
{
    "GroupId": "1a2b3c4d-5e6f-7g8h-9i0j-1k2l3m4n5o6p",
    "IdentityStoreId": "d-1234567890"
}
```

## See Also
<a name="API_CreateGroup_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/identitystore-2020-06-15/CreateGroup) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/identitystore-2020-06-15/CreateGroup) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/identitystore-2020-06-15/CreateGroup) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/identitystore-2020-06-15/CreateGroup) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/identitystore-2020-06-15/CreateGroup) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/identitystore-2020-06-15/CreateGroup) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/identitystore-2020-06-15/CreateGroup) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/identitystore-2020-06-15/CreateGroup) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/identitystore-2020-06-15/CreateGroup) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/identitystore-2020-06-15/CreateGroup) 

# CreateGroupMembership
<a name="API_CreateGroupMembership"></a>

Creates a relationship between a member and a group. The following identifiers must be specified: `GroupId`, `IdentityStoreId`, and `MemberId`.

## Request Syntax
<a name="API_CreateGroupMembership_RequestSyntax"></a>

```
{
   "GroupId": "string",
   "IdentityStoreId": "string",
   "MemberId": { ... }
}
```

## Request Parameters
<a name="API_CreateGroupMembership_RequestParameters"></a>

For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).

The request accepts the following data in JSON format.

 ** [GroupId](#API_CreateGroupMembership_RequestSyntax) **   <a name="singlesignon-CreateGroupMembership-request-GroupId"></a>
The identifier for a group in the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 47.  
Pattern: `([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}`   
Required: Yes

 ** [IdentityStoreId](#API_CreateGroupMembership_RequestSyntax) **   <a name="singlesignon-CreateGroupMembership-request-IdentityStoreId"></a>
The globally unique identifier for the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`   
Required: Yes

 ** [MemberId](#API_CreateGroupMembership_RequestSyntax) **   <a name="singlesignon-CreateGroupMembership-request-MemberId"></a>
An object that contains the identifier of a group member. Setting the `UserID` field to the specific identifier for a user indicates that the user is a member of the group.  
Type: [MemberId](API_MemberId.md) object  
 **Note: **This object is a Union. Only one member of this object can be specified or returned.  
Required: Yes

## Response Syntax
<a name="API_CreateGroupMembership_ResponseSyntax"></a>

```
{
   "IdentityStoreId": "string",
   "MembershipId": "string"
}
```

## Response Elements
<a name="API_CreateGroupMembership_ResponseElements"></a>

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [IdentityStoreId](#API_CreateGroupMembership_ResponseSyntax) **   <a name="singlesignon-CreateGroupMembership-response-IdentityStoreId"></a>
The globally unique identifier for the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}` 

 ** [MembershipId](#API_CreateGroupMembership_ResponseSyntax) **   <a name="singlesignon-CreateGroupMembership-response-MembershipId"></a>
The identifier for a newly created `GroupMembership` in an identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 47.  
Pattern: `([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}` 

## Errors
<a name="API_CreateGroupMembership_Errors"></a>

For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
You do not have sufficient access to perform this action.    
 ** Reason **   
Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** ConflictException **   
This request cannot be completed for one of the following reasons:  
+ Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.
+ The requested resource was being concurrently modified by another request.  
 ** Reason **   
Indicates the reason for a conflict error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** InternalServerException **   
The request processing has failed because of an unknown error, exception or failure with an internal server.    
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
Indicates that a requested resource is not found.    
 ** Reason **   
Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** ResourceId **   
The identifier for a resource in the identity store that can be used as `UserId` or `GroupId`. The format for `ResourceId` is either `UUID` or `1234567890-UUID`, where `UUID` is a randomly generated value for each resource when it is created and `1234567890` represents the ` IdentityStoreId` string value. In the case that the identity store is migrated from a legacy SSO identity store, the `ResourceId` for that identity store will be in the format of `UUID`. Otherwise, it will be in the `1234567890-UUID` format.  
 ** ResourceType **   
An enum object indicating the type of resource in the identity store service. Valid values include USER, GROUP, and IDENTITY\$1STORE.
HTTP Status Code: 400

 ** ServiceQuotaExceededException **   
The request would cause the number of users or groups in the identity store to exceed the maximum allowed.    
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** ThrottlingException **   
Indicates that the principal has crossed the throttling limits of the API operations.    
 ** Reason **   
Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 400

 ** ValidationException **   
The request failed because it contains a syntax error.    
 ** Reason **   
Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

## Examples
<a name="API_CreateGroupMembership_Examples"></a>

### Example
<a name="API_CreateGroupMembership_Example_1"></a>

This example adds the specified user as a member of the specified group.

#### Sample Request
<a name="API_CreateGroupMembership_Example_1_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "GroupId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
    "MemberId": {
        "UserId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
    }
}
```

#### Sample Response
<a name="API_CreateGroupMembership_Example_1_Response"></a>

```
{
    "MembershipId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE33333",
    "IdentityStoreId": "d-1234567890"
}
```

## See Also
<a name="API_CreateGroupMembership_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/identitystore-2020-06-15/CreateGroupMembership) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/identitystore-2020-06-15/CreateGroupMembership) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/identitystore-2020-06-15/CreateGroupMembership) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/identitystore-2020-06-15/CreateGroupMembership) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/identitystore-2020-06-15/CreateGroupMembership) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/identitystore-2020-06-15/CreateGroupMembership) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/identitystore-2020-06-15/CreateGroupMembership) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/identitystore-2020-06-15/CreateGroupMembership) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/identitystore-2020-06-15/CreateGroupMembership) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/identitystore-2020-06-15/CreateGroupMembership) 

# CreateUser
<a name="API_CreateUser"></a>

Creates a user within the specified identity store.

## Request Syntax
<a name="API_CreateUser_RequestSyntax"></a>

```
{
   "Addresses": [ 
      { 
         "Country": "string",
         "Formatted": "string",
         "Locality": "string",
         "PostalCode": "string",
         "Primary": boolean,
         "Region": "string",
         "StreetAddress": "string",
         "Type": "string"
      }
   ],
   "Birthdate": "string",
   "DisplayName": "string",
   "Emails": [ 
      { 
         "Primary": boolean,
         "Type": "string",
         "Value": "string"
      }
   ],
   "Extensions": { 
      "string" : JSON value 
   },
   "IdentityStoreId": "string",
   "Locale": "string",
   "Name": { 
      "FamilyName": "string",
      "Formatted": "string",
      "GivenName": "string",
      "HonorificPrefix": "string",
      "HonorificSuffix": "string",
      "MiddleName": "string"
   },
   "NickName": "string",
   "PhoneNumbers": [ 
      { 
         "Primary": boolean,
         "Type": "string",
         "Value": "string"
      }
   ],
   "Photos": [ 
      { 
         "Display": "string",
         "Primary": boolean,
         "Type": "string",
         "Value": "string"
      }
   ],
   "PreferredLanguage": "string",
   "ProfileUrl": "string",
   "Roles": [ 
      { 
         "Primary": boolean,
         "Type": "string",
         "Value": "string"
      }
   ],
   "Timezone": "string",
   "Title": "string",
   "UserName": "string",
   "UserType": "string",
   "Website": "string"
}
```

## Request Parameters
<a name="API_CreateUser_RequestParameters"></a>

For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).

The request accepts the following data in JSON format.

 ** [Addresses](#API_CreateUser_RequestSyntax) **   <a name="singlesignon-CreateUser-request-Addresses"></a>
A list of `Address` objects containing addresses associated with the user.  
Type: Array of [Address](API_Address.md) objects  
Array Members: Fixed number of 1 item.  
Required: No

 ** [Birthdate](#API_CreateUser_RequestSyntax) **   <a name="singlesignon-CreateUser-request-Birthdate"></a>
The user's birthdate in YYYY-MM-DD format. This field supports standard date format for storing personal information.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 1024.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  　]+`   
Required: No

 ** [DisplayName](#API_CreateUser_RequestSyntax) **   <a name="singlesignon-CreateUser-request-DisplayName"></a>
A string containing the name of the user. This value is typically formatted for display when the user is referenced. For example, "John Doe." When used in IAM Identity Center, this parameter is required.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 1024.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  　]+`   
Required: No

 ** [Emails](#API_CreateUser_RequestSyntax) **   <a name="singlesignon-CreateUser-request-Emails"></a>
A list of `Email` objects containing email addresses associated with the user.  
Type: Array of [Email](API_Email.md) objects  
Array Members: Fixed number of 1 item.  
Required: No

 ** [Extensions](#API_CreateUser_RequestSyntax) **   <a name="singlesignon-CreateUser-request-Extensions"></a>
A map with additional attribute extensions for the user. Each map key corresponds to an extension name, while map values represent extension data in `Document` type (not supported by Java V1, Go V1 and older versions of the AWS CLI). `aws:identitystore:enterprise` is the only supported extension name.  
Type: String to JSON value map  
Map Entries: Maximum number of 10 items.  
Key Length Constraints: Minimum length of 1. Maximum length of 50.  
Key Pattern: `aws:identitystore:[a-z]{1,20}`   
Required: No

 ** [IdentityStoreId](#API_CreateUser_RequestSyntax) **   <a name="singlesignon-CreateUser-request-IdentityStoreId"></a>
The globally unique identifier for the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`   
Required: Yes

 ** [Locale](#API_CreateUser_RequestSyntax) **   <a name="singlesignon-CreateUser-request-Locale"></a>
A string containing the geographical region or location of the user.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 1024.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  　]+`   
Required: No

 ** [Name](#API_CreateUser_RequestSyntax) **   <a name="singlesignon-CreateUser-request-Name"></a>
An object containing the name of the user. When used in IAM Identity Center, this parameter is required.  
Type: [Name](API_Name.md) object  
Required: No

 ** [NickName](#API_CreateUser_RequestSyntax) **   <a name="singlesignon-CreateUser-request-NickName"></a>
A string containing an alternate name for the user.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 1024.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  　]+`   
Required: No

 ** [PhoneNumbers](#API_CreateUser_RequestSyntax) **   <a name="singlesignon-CreateUser-request-PhoneNumbers"></a>
A list of `PhoneNumber` objects containing phone numbers associated with the user.  
Type: Array of [PhoneNumber](API_PhoneNumber.md) objects  
Array Members: Fixed number of 1 item.  
Required: No

 ** [Photos](#API_CreateUser_RequestSyntax) **   <a name="singlesignon-CreateUser-request-Photos"></a>
A list of photos associated with the user. You can add up to 3 photos per user. Each photo can include a value, type, display name, and primary designation.  
Type: Array of [Photo](API_Photo.md) objects  
Array Members: Minimum number of 1 item. Maximum number of 3 items.  
Required: No

 ** [PreferredLanguage](#API_CreateUser_RequestSyntax) **   <a name="singlesignon-CreateUser-request-PreferredLanguage"></a>
A string containing the preferred language of the user. For example, "American English" or "en-us."  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 1024.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  　]+`   
Required: No

 ** [ProfileUrl](#API_CreateUser_RequestSyntax) **   <a name="singlesignon-CreateUser-request-ProfileUrl"></a>
A string containing a URL that might be associated with the user.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 1024.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  　]+`   
Required: No

 ** [Roles](#API_CreateUser_RequestSyntax) **   <a name="singlesignon-CreateUser-request-Roles"></a>
A list of `Role` objects containing roles associated with the user.  
Type: Array of [Role](API_Role.md) objects  
Array Members: Fixed number of 1 item.  
Required: No

 ** [Timezone](#API_CreateUser_RequestSyntax) **   <a name="singlesignon-CreateUser-request-Timezone"></a>
A string containing the time zone of the user.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 1024.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  　]+`   
Required: No

 ** [Title](#API_CreateUser_RequestSyntax) **   <a name="singlesignon-CreateUser-request-Title"></a>
A string containing the title of the user. Possible values are left unspecified. The value can vary based on your specific use case.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 1024.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  　]+`   
Required: No

 ** [UserName](#API_CreateUser_RequestSyntax) **   <a name="singlesignon-CreateUser-request-UserName"></a>
A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store. `Administrator` and `AWSAdministrators` are reserved names and can't be used for users or groups.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 128.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}]+`   
Required: No

 ** [UserType](#API_CreateUser_RequestSyntax) **   <a name="singlesignon-CreateUser-request-UserType"></a>
A string indicating the type of user. Possible values are left unspecified. The value can vary based on your specific use case.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 1024.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  　]+`   
Required: No

 ** [Website](#API_CreateUser_RequestSyntax) **   <a name="singlesignon-CreateUser-request-Website"></a>
The user's personal website or blog URL. This field allows users to provide a link to their personal or professional website.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 1024.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  　]+`   
Required: No

## Response Syntax
<a name="API_CreateUser_ResponseSyntax"></a>

```
{
   "IdentityStoreId": "string",
   "UserId": "string"
}
```

## Response Elements
<a name="API_CreateUser_ResponseElements"></a>

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [IdentityStoreId](#API_CreateUser_ResponseSyntax) **   <a name="singlesignon-CreateUser-response-IdentityStoreId"></a>
The globally unique identifier for the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}` 

 ** [UserId](#API_CreateUser_ResponseSyntax) **   <a name="singlesignon-CreateUser-response-UserId"></a>
The identifier of the newly created user in the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 47.  
Pattern: `([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}` 

## Errors
<a name="API_CreateUser_Errors"></a>

For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
You do not have sufficient access to perform this action.    
 ** Reason **   
Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** ConflictException **   
This request cannot be completed for one of the following reasons:  
+ Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.
+ The requested resource was being concurrently modified by another request.  
 ** Reason **   
Indicates the reason for a conflict error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** InternalServerException **   
The request processing has failed because of an unknown error, exception or failure with an internal server.    
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
Indicates that a requested resource is not found.    
 ** Reason **   
Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** ResourceId **   
The identifier for a resource in the identity store that can be used as `UserId` or `GroupId`. The format for `ResourceId` is either `UUID` or `1234567890-UUID`, where `UUID` is a randomly generated value for each resource when it is created and `1234567890` represents the ` IdentityStoreId` string value. In the case that the identity store is migrated from a legacy SSO identity store, the `ResourceId` for that identity store will be in the format of `UUID`. Otherwise, it will be in the `1234567890-UUID` format.  
 ** ResourceType **   
An enum object indicating the type of resource in the identity store service. Valid values include USER, GROUP, and IDENTITY\$1STORE.
HTTP Status Code: 400

 ** ServiceQuotaExceededException **   
The request would cause the number of users or groups in the identity store to exceed the maximum allowed.    
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** ThrottlingException **   
Indicates that the principal has crossed the throttling limits of the API operations.    
 ** Reason **   
Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 400

 ** ValidationException **   
The request failed because it contains a syntax error.    
 ** Reason **   
Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

## Examples
<a name="API_CreateUser_Examples"></a>

### Example
<a name="API_CreateUser_Example_1"></a>

This example creates a new user in the specified identity store.

#### Sample Request
<a name="API_CreateUser_Example_1_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "UserName": "johndoe",
    "Name": {
        "Formatted": "John Steve Doe",
        "FamilyName": "Doe",
        "GivenName": "John",
        "MiddleName": "Steve",
        "HonorificPrefix": "Mr",
        "HonorificSuffix": "Jr"
    },
    "DisplayName": "John Doe",
    "NickName": "Johny",
    "ProfileUrl": "www.amazondomains.com",
    "Emails": [
        {
            "Value": "johndoe@example.com",
            "Type": "work",
            "Primary": true
        }
    ],
    "Addresses": [
        {
            "StreetAddress": "100 Universal City Plaza",
            "Locality": "Any Town",
            "Region": "WA",
            "PostalCode": "12345",
            "Country": "USA",
            "Formatted": "100 Universal City Plaza Any Town USA",
            "Type": "home",
            "Primary": true
        }
    ],
    "PhoneNumbers": [
        {
            "Value": "832-555-0100",
            "Type": "work",
            "Primary": true
        }
    ],
    "UserType": "temp",
    "Title": "Contractor",
    "PreferredLanguage": "en-us",
    "Locale": "NA",
    "Timezone": "pdt",
    "Extensions": {
        "aws:identitystore:enterprise": {
            "employeeNumber": "701984",
            "costCenter": "4130",
            "organization": "Universal Studios",
            "division": "Theme Park",
            "department": "Tour Operations",
            "manager": {
                "value": "a1b2c3d4-5678-90ab-cdef-EXAMPLE44444"
            }
        }
    }
}
```

#### Sample Response
<a name="API_CreateUser_Example_1_Response"></a>

```
{
    "UserId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
    "IdentityStoreId": "d-1234567890"
}
```

## See Also
<a name="API_CreateUser_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/identitystore-2020-06-15/CreateUser) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/identitystore-2020-06-15/CreateUser) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/identitystore-2020-06-15/CreateUser) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/identitystore-2020-06-15/CreateUser) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/identitystore-2020-06-15/CreateUser) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/identitystore-2020-06-15/CreateUser) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/identitystore-2020-06-15/CreateUser) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/identitystore-2020-06-15/CreateUser) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/identitystore-2020-06-15/CreateUser) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/identitystore-2020-06-15/CreateUser) 

# DeleteGroup
<a name="API_DeleteGroup"></a>

Delete a group within an identity store given `GroupId`.

## Request Syntax
<a name="API_DeleteGroup_RequestSyntax"></a>

```
{
   "GroupId": "string",
   "IdentityStoreId": "string"
}
```

## Request Parameters
<a name="API_DeleteGroup_RequestParameters"></a>

For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).

The request accepts the following data in JSON format.

 ** [GroupId](#API_DeleteGroup_RequestSyntax) **   <a name="singlesignon-DeleteGroup-request-GroupId"></a>
The identifier for a group in the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 47.  
Pattern: `([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}`   
Required: Yes

 ** [IdentityStoreId](#API_DeleteGroup_RequestSyntax) **   <a name="singlesignon-DeleteGroup-request-IdentityStoreId"></a>
The globally unique identifier for the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`   
Required: Yes

## Response Elements
<a name="API_DeleteGroup_ResponseElements"></a>

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors
<a name="API_DeleteGroup_Errors"></a>

For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
You do not have sufficient access to perform this action.    
 ** Reason **   
Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** ConflictException **   
This request cannot be completed for one of the following reasons:  
+ Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.
+ The requested resource was being concurrently modified by another request.  
 ** Reason **   
Indicates the reason for a conflict error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** InternalServerException **   
The request processing has failed because of an unknown error, exception or failure with an internal server.    
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
Indicates that a requested resource is not found.    
 ** Reason **   
Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** ResourceId **   
The identifier for a resource in the identity store that can be used as `UserId` or `GroupId`. The format for `ResourceId` is either `UUID` or `1234567890-UUID`, where `UUID` is a randomly generated value for each resource when it is created and `1234567890` represents the ` IdentityStoreId` string value. In the case that the identity store is migrated from a legacy SSO identity store, the `ResourceId` for that identity store will be in the format of `UUID`. Otherwise, it will be in the `1234567890-UUID` format.  
 ** ResourceType **   
An enum object indicating the type of resource in the identity store service. Valid values include USER, GROUP, and IDENTITY\$1STORE.
HTTP Status Code: 400

 ** ThrottlingException **   
Indicates that the principal has crossed the throttling limits of the API operations.    
 ** Reason **   
Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 400

 ** ValidationException **   
The request failed because it contains a syntax error.    
 ** Reason **   
Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

## Examples
<a name="API_DeleteGroup_Examples"></a>

### Example
<a name="API_DeleteGroup_Example_1"></a>

This example removes the group from the specified identity store.

#### Sample Request
<a name="API_DeleteGroup_Example_1_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "GroupId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222"
}
```

#### Sample Response
<a name="API_DeleteGroup_Example_1_Response"></a>

```
No response
```

## See Also
<a name="API_DeleteGroup_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/identitystore-2020-06-15/DeleteGroup) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/identitystore-2020-06-15/DeleteGroup) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/identitystore-2020-06-15/DeleteGroup) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/identitystore-2020-06-15/DeleteGroup) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/identitystore-2020-06-15/DeleteGroup) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/identitystore-2020-06-15/DeleteGroup) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/identitystore-2020-06-15/DeleteGroup) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/identitystore-2020-06-15/DeleteGroup) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/identitystore-2020-06-15/DeleteGroup) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/identitystore-2020-06-15/DeleteGroup) 

# DeleteGroupMembership
<a name="API_DeleteGroupMembership"></a>

Delete a membership within a group given `MembershipId`.

## Request Syntax
<a name="API_DeleteGroupMembership_RequestSyntax"></a>

```
{
   "IdentityStoreId": "string",
   "MembershipId": "string"
}
```

## Request Parameters
<a name="API_DeleteGroupMembership_RequestParameters"></a>

For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).

The request accepts the following data in JSON format.

 ** [IdentityStoreId](#API_DeleteGroupMembership_RequestSyntax) **   <a name="singlesignon-DeleteGroupMembership-request-IdentityStoreId"></a>
The globally unique identifier for the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`   
Required: Yes

 ** [MembershipId](#API_DeleteGroupMembership_RequestSyntax) **   <a name="singlesignon-DeleteGroupMembership-request-MembershipId"></a>
The identifier for a `GroupMembership` in an identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 47.  
Pattern: `([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}`   
Required: Yes

## Response Elements
<a name="API_DeleteGroupMembership_ResponseElements"></a>

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors
<a name="API_DeleteGroupMembership_Errors"></a>

For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
You do not have sufficient access to perform this action.    
 ** Reason **   
Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** ConflictException **   
This request cannot be completed for one of the following reasons:  
+ Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.
+ The requested resource was being concurrently modified by another request.  
 ** Reason **   
Indicates the reason for a conflict error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** InternalServerException **   
The request processing has failed because of an unknown error, exception or failure with an internal server.    
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
Indicates that a requested resource is not found.    
 ** Reason **   
Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** ResourceId **   
The identifier for a resource in the identity store that can be used as `UserId` or `GroupId`. The format for `ResourceId` is either `UUID` or `1234567890-UUID`, where `UUID` is a randomly generated value for each resource when it is created and `1234567890` represents the ` IdentityStoreId` string value. In the case that the identity store is migrated from a legacy SSO identity store, the `ResourceId` for that identity store will be in the format of `UUID`. Otherwise, it will be in the `1234567890-UUID` format.  
 ** ResourceType **   
An enum object indicating the type of resource in the identity store service. Valid values include USER, GROUP, and IDENTITY\$1STORE.
HTTP Status Code: 400

 ** ThrottlingException **   
Indicates that the principal has crossed the throttling limits of the API operations.    
 ** Reason **   
Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 400

 ** ValidationException **   
The request failed because it contains a syntax error.    
 ** Reason **   
Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

## Examples
<a name="API_DeleteGroupMembership_Examples"></a>

### Example
<a name="API_DeleteGroupMembership_Example_1"></a>

This example removes the specified user from the group.

#### Sample Request
<a name="API_DeleteGroupMembership_Example_1_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "MembershipId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222"
}
```

#### Sample Response
<a name="API_DeleteGroupMembership_Example_1_Response"></a>

```
No response
```

## See Also
<a name="API_DeleteGroupMembership_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/identitystore-2020-06-15/DeleteGroupMembership) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/identitystore-2020-06-15/DeleteGroupMembership) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/identitystore-2020-06-15/DeleteGroupMembership) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/identitystore-2020-06-15/DeleteGroupMembership) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/identitystore-2020-06-15/DeleteGroupMembership) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/identitystore-2020-06-15/DeleteGroupMembership) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/identitystore-2020-06-15/DeleteGroupMembership) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/identitystore-2020-06-15/DeleteGroupMembership) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/identitystore-2020-06-15/DeleteGroupMembership) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/identitystore-2020-06-15/DeleteGroupMembership) 

# DeleteUser
<a name="API_DeleteUser"></a>

Deletes a user within an identity store given `UserId`.

## Request Syntax
<a name="API_DeleteUser_RequestSyntax"></a>

```
{
   "IdentityStoreId": "string",
   "UserId": "string"
}
```

## Request Parameters
<a name="API_DeleteUser_RequestParameters"></a>

For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).

The request accepts the following data in JSON format.

 ** [IdentityStoreId](#API_DeleteUser_RequestSyntax) **   <a name="singlesignon-DeleteUser-request-IdentityStoreId"></a>
The globally unique identifier for the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`   
Required: Yes

 ** [UserId](#API_DeleteUser_RequestSyntax) **   <a name="singlesignon-DeleteUser-request-UserId"></a>
The identifier for a user in the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 47.  
Pattern: `([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}`   
Required: Yes

## Response Elements
<a name="API_DeleteUser_ResponseElements"></a>

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors
<a name="API_DeleteUser_Errors"></a>

For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
You do not have sufficient access to perform this action.    
 ** Reason **   
Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** ConflictException **   
This request cannot be completed for one of the following reasons:  
+ Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.
+ The requested resource was being concurrently modified by another request.  
 ** Reason **   
Indicates the reason for a conflict error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** InternalServerException **   
The request processing has failed because of an unknown error, exception or failure with an internal server.    
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
Indicates that a requested resource is not found.    
 ** Reason **   
Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** ResourceId **   
The identifier for a resource in the identity store that can be used as `UserId` or `GroupId`. The format for `ResourceId` is either `UUID` or `1234567890-UUID`, where `UUID` is a randomly generated value for each resource when it is created and `1234567890` represents the ` IdentityStoreId` string value. In the case that the identity store is migrated from a legacy SSO identity store, the `ResourceId` for that identity store will be in the format of `UUID`. Otherwise, it will be in the `1234567890-UUID` format.  
 ** ResourceType **   
An enum object indicating the type of resource in the identity store service. Valid values include USER, GROUP, and IDENTITY\$1STORE.
HTTP Status Code: 400

 ** ThrottlingException **   
Indicates that the principal has crossed the throttling limits of the API operations.    
 ** Reason **   
Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 400

 ** ValidationException **   
The request failed because it contains a syntax error.    
 ** Reason **   
Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

## Examples
<a name="API_DeleteUser_Examples"></a>

### Example
<a name="API_DeleteUser_Example_1"></a>

This example removes the specified user from the identity store.

#### Sample Request
<a name="API_DeleteUser_Example_1_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "UserId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
}
```

#### Sample Response
<a name="API_DeleteUser_Example_1_Response"></a>

```
No response
```

## See Also
<a name="API_DeleteUser_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/identitystore-2020-06-15/DeleteUser) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/identitystore-2020-06-15/DeleteUser) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/identitystore-2020-06-15/DeleteUser) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/identitystore-2020-06-15/DeleteUser) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/identitystore-2020-06-15/DeleteUser) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/identitystore-2020-06-15/DeleteUser) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/identitystore-2020-06-15/DeleteUser) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/identitystore-2020-06-15/DeleteUser) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/identitystore-2020-06-15/DeleteUser) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/identitystore-2020-06-15/DeleteUser) 

# DescribeGroup
<a name="API_DescribeGroup"></a>

Retrieves the group metadata and attributes from `GroupId` in an identity store.

**Note**  
If you have access to a member account, you can use this API operation from the member account. For more information, see [Limiting access to the identity store from member accounts](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html#limiting-access-from-member-accounts) in the * AWS IAM Identity Center User Guide*.

## Request Syntax
<a name="API_DescribeGroup_RequestSyntax"></a>

```
{
   "GroupId": "string",
   "IdentityStoreId": "string"
}
```

## Request Parameters
<a name="API_DescribeGroup_RequestParameters"></a>

For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).

The request accepts the following data in JSON format.

 ** [GroupId](#API_DescribeGroup_RequestSyntax) **   <a name="singlesignon-DescribeGroup-request-GroupId"></a>
The identifier for a group in the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 47.  
Pattern: `([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}`   
Required: Yes

 ** [IdentityStoreId](#API_DescribeGroup_RequestSyntax) **   <a name="singlesignon-DescribeGroup-request-IdentityStoreId"></a>
The globally unique identifier for the identity store, such as `d-1234567890`. In this example, `d-` is a fixed prefix, and `1234567890` is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`   
Required: Yes

## Response Syntax
<a name="API_DescribeGroup_ResponseSyntax"></a>

```
{
   "CreatedAt": number,
   "CreatedBy": "string",
   "Description": "string",
   "DisplayName": "string",
   "ExternalIds": [ 
      { 
         "Id": "string",
         "Issuer": "string"
      }
   ],
   "GroupId": "string",
   "IdentityStoreId": "string",
   "UpdatedAt": number,
   "UpdatedBy": "string"
}
```

## Response Elements
<a name="API_DescribeGroup_ResponseElements"></a>

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [CreatedAt](#API_DescribeGroup_ResponseSyntax) **   <a name="singlesignon-DescribeGroup-response-CreatedAt"></a>
The date and time the group was created.  
Type: Timestamp

 ** [CreatedBy](#API_DescribeGroup_ResponseSyntax) **   <a name="singlesignon-DescribeGroup-response-CreatedBy"></a>
The identifier of the user or system that created the group.  
Type: String

 ** [Description](#API_DescribeGroup_ResponseSyntax) **   <a name="singlesignon-DescribeGroup-response-Description"></a>
A string containing a description of the group.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 1024.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  　]+` 

 ** [DisplayName](#API_DescribeGroup_ResponseSyntax) **   <a name="singlesignon-DescribeGroup-response-DisplayName"></a>
The group’s display name value. The length limit is 1,024 characters. This value can consist of letters, accented characters, symbols, numbers, punctuation, tab, new line, carriage return, space, and nonbreaking space in this attribute. This value is specified at the time that the group is created and stored as an attribute of the group object in the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 1024.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  ]+` 

 ** [ExternalIds](#API_DescribeGroup_ResponseSyntax) **   <a name="singlesignon-DescribeGroup-response-ExternalIds"></a>
A list of `ExternalId` objects that contains the identifiers issued to this resource by an external identity provider.  
Type: Array of [ExternalId](API_ExternalId.md) objects  
Array Members: Minimum number of 1 item. Maximum number of 10 items.

 ** [GroupId](#API_DescribeGroup_ResponseSyntax) **   <a name="singlesignon-DescribeGroup-response-GroupId"></a>
The identifier for a group in the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 47.  
Pattern: `([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}` 

 ** [IdentityStoreId](#API_DescribeGroup_ResponseSyntax) **   <a name="singlesignon-DescribeGroup-response-IdentityStoreId"></a>
The globally unique identifier for the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}` 

 ** [UpdatedAt](#API_DescribeGroup_ResponseSyntax) **   <a name="singlesignon-DescribeGroup-response-UpdatedAt"></a>
The date and time the group was last updated.  
Type: Timestamp

 ** [UpdatedBy](#API_DescribeGroup_ResponseSyntax) **   <a name="singlesignon-DescribeGroup-response-UpdatedBy"></a>
The identifier of the user or system that last updated the group.  
Type: String

## Errors
<a name="API_DescribeGroup_Errors"></a>

For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
You do not have sufficient access to perform this action.    
 ** Reason **   
Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** InternalServerException **   
The request processing has failed because of an unknown error, exception or failure with an internal server.    
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
Indicates that a requested resource is not found.    
 ** Reason **   
Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** ResourceId **   
The identifier for a resource in the identity store that can be used as `UserId` or `GroupId`. The format for `ResourceId` is either `UUID` or `1234567890-UUID`, where `UUID` is a randomly generated value for each resource when it is created and `1234567890` represents the ` IdentityStoreId` string value. In the case that the identity store is migrated from a legacy SSO identity store, the `ResourceId` for that identity store will be in the format of `UUID`. Otherwise, it will be in the `1234567890-UUID` format.  
 ** ResourceType **   
An enum object indicating the type of resource in the identity store service. Valid values include USER, GROUP, and IDENTITY\$1STORE.
HTTP Status Code: 400

 ** ThrottlingException **   
Indicates that the principal has crossed the throttling limits of the API operations.    
 ** Reason **   
Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 400

 ** ValidationException **   
The request failed because it contains a syntax error.    
 ** Reason **   
Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

## Examples
<a name="API_DescribeGroup_Examples"></a>

### Example
<a name="API_DescribeGroup_Example_1"></a>

This example retrieves the group name and description for a group called Developers.

#### Sample Request
<a name="API_DescribeGroup_Example_1_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "GroupId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222"
}
```

#### Sample Response
<a name="API_DescribeGroup_Example_1_Response"></a>

```
{
    "GroupId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
    "DisplayName": "Developers",
    "Description": "Group that contains all developers",
    "IdentityStoreId": "d-1234567890"
}
```

## See Also
<a name="API_DescribeGroup_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/identitystore-2020-06-15/DescribeGroup) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/identitystore-2020-06-15/DescribeGroup) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/identitystore-2020-06-15/DescribeGroup) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/identitystore-2020-06-15/DescribeGroup) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/identitystore-2020-06-15/DescribeGroup) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/identitystore-2020-06-15/DescribeGroup) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/identitystore-2020-06-15/DescribeGroup) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/identitystore-2020-06-15/DescribeGroup) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/identitystore-2020-06-15/DescribeGroup) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/identitystore-2020-06-15/DescribeGroup) 

# DescribeGroupMembership
<a name="API_DescribeGroupMembership"></a>

Retrieves membership metadata and attributes from `MembershipId` in an identity store.

**Note**  
If you have access to a member account, you can use this API operation from the member account. For more information, see [Limiting access to the identity store from member accounts](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html#limiting-access-from-member-accounts) in the * AWS IAM Identity Center User Guide*.

## Request Syntax
<a name="API_DescribeGroupMembership_RequestSyntax"></a>

```
{
   "IdentityStoreId": "string",
   "MembershipId": "string"
}
```

## Request Parameters
<a name="API_DescribeGroupMembership_RequestParameters"></a>

For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).

The request accepts the following data in JSON format.

 ** [IdentityStoreId](#API_DescribeGroupMembership_RequestSyntax) **   <a name="singlesignon-DescribeGroupMembership-request-IdentityStoreId"></a>
The globally unique identifier for the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`   
Required: Yes

 ** [MembershipId](#API_DescribeGroupMembership_RequestSyntax) **   <a name="singlesignon-DescribeGroupMembership-request-MembershipId"></a>
The identifier for a `GroupMembership` in an identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 47.  
Pattern: `([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}`   
Required: Yes

## Response Syntax
<a name="API_DescribeGroupMembership_ResponseSyntax"></a>

```
{
   "CreatedAt": number,
   "CreatedBy": "string",
   "GroupId": "string",
   "IdentityStoreId": "string",
   "MemberId": { ... },
   "MembershipId": "string",
   "UpdatedAt": number,
   "UpdatedBy": "string"
}
```

## Response Elements
<a name="API_DescribeGroupMembership_ResponseElements"></a>

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [CreatedAt](#API_DescribeGroupMembership_ResponseSyntax) **   <a name="singlesignon-DescribeGroupMembership-response-CreatedAt"></a>
The date and time the group membership was created.  
Type: Timestamp

 ** [CreatedBy](#API_DescribeGroupMembership_ResponseSyntax) **   <a name="singlesignon-DescribeGroupMembership-response-CreatedBy"></a>
The identifier of the user or system that created the group membership.  
Type: String

 ** [GroupId](#API_DescribeGroupMembership_ResponseSyntax) **   <a name="singlesignon-DescribeGroupMembership-response-GroupId"></a>
The identifier for a group in the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 47.  
Pattern: `([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}` 

 ** [IdentityStoreId](#API_DescribeGroupMembership_ResponseSyntax) **   <a name="singlesignon-DescribeGroupMembership-response-IdentityStoreId"></a>
The globally unique identifier for the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}` 

 ** [MemberId](#API_DescribeGroupMembership_ResponseSyntax) **   <a name="singlesignon-DescribeGroupMembership-response-MemberId"></a>
An object containing the identifier of a group member.  
Type: [MemberId](API_MemberId.md) object  
 **Note: **This object is a Union. Only one member of this object can be specified or returned.

 ** [MembershipId](#API_DescribeGroupMembership_ResponseSyntax) **   <a name="singlesignon-DescribeGroupMembership-response-MembershipId"></a>
The identifier for a `GroupMembership` in an identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 47.  
Pattern: `([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}` 

 ** [UpdatedAt](#API_DescribeGroupMembership_ResponseSyntax) **   <a name="singlesignon-DescribeGroupMembership-response-UpdatedAt"></a>
The date and time the group membership was last updated.  
Type: Timestamp

 ** [UpdatedBy](#API_DescribeGroupMembership_ResponseSyntax) **   <a name="singlesignon-DescribeGroupMembership-response-UpdatedBy"></a>
The identifier of the user or system that last updated the group membership.  
Type: String

## Errors
<a name="API_DescribeGroupMembership_Errors"></a>

For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
You do not have sufficient access to perform this action.    
 ** Reason **   
Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** InternalServerException **   
The request processing has failed because of an unknown error, exception or failure with an internal server.    
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
Indicates that a requested resource is not found.    
 ** Reason **   
Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** ResourceId **   
The identifier for a resource in the identity store that can be used as `UserId` or `GroupId`. The format for `ResourceId` is either `UUID` or `1234567890-UUID`, where `UUID` is a randomly generated value for each resource when it is created and `1234567890` represents the ` IdentityStoreId` string value. In the case that the identity store is migrated from a legacy SSO identity store, the `ResourceId` for that identity store will be in the format of `UUID`. Otherwise, it will be in the `1234567890-UUID` format.  
 ** ResourceType **   
An enum object indicating the type of resource in the identity store service. Valid values include USER, GROUP, and IDENTITY\$1STORE.
HTTP Status Code: 400

 ** ThrottlingException **   
Indicates that the principal has crossed the throttling limits of the API operations.    
 ** Reason **   
Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 400

 ** ValidationException **   
The request failed because it contains a syntax error.    
 ** Reason **   
Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

## Examples
<a name="API_DescribeGroupMembership_Examples"></a>

### Example
<a name="API_DescribeGroupMembership_Example_1"></a>

This example retrieves the member ID for the user and group ID for the group for the specified membership.

#### Sample Request
<a name="API_DescribeGroupMembership_Example_1_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "MembershipId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222"
}
```

#### Sample Response
<a name="API_DescribeGroupMembership_Example_1_Response"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "MembershipId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE33333",
    "GroupId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
    "MemberId": {
        "UserId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
      }    
}
```

## See Also
<a name="API_DescribeGroupMembership_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/identitystore-2020-06-15/DescribeGroupMembership) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/identitystore-2020-06-15/DescribeGroupMembership) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/identitystore-2020-06-15/DescribeGroupMembership) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/identitystore-2020-06-15/DescribeGroupMembership) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/identitystore-2020-06-15/DescribeGroupMembership) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/identitystore-2020-06-15/DescribeGroupMembership) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/identitystore-2020-06-15/DescribeGroupMembership) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/identitystore-2020-06-15/DescribeGroupMembership) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/identitystore-2020-06-15/DescribeGroupMembership) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/identitystore-2020-06-15/DescribeGroupMembership) 

# DescribeUser
<a name="API_DescribeUser"></a>

Retrieves the user metadata and attributes from the `UserId` in an identity store.

**Note**  
If you have access to a member account, you can use this API operation from the member account. For more information, see [Limiting access to the identity store from member accounts](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html#limiting-access-from-member-accounts) in the * AWS IAM Identity Center User Guide*.

## Request Syntax
<a name="API_DescribeUser_RequestSyntax"></a>

```
{
   "Extensions": [ "string" ],
   "IdentityStoreId": "string",
   "UserId": "string"
}
```

## Request Parameters
<a name="API_DescribeUser_RequestParameters"></a>

For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).

The request accepts the following data in JSON format.

 ** [Extensions](#API_DescribeUser_RequestSyntax) **   <a name="singlesignon-DescribeUser-request-Extensions"></a>
A collection of extension names indicating what extensions the service should retrieve alongside other user attributes. `aws:identitystore:enterprise` is the only supported extension name.  
Type: Array of strings  
Array Members: Minimum number of 1 item. Maximum number of 10 items.  
Length Constraints: Minimum length of 1. Maximum length of 50.  
Pattern: `aws:identitystore:[a-z]{1,20}`   
Required: No

 ** [IdentityStoreId](#API_DescribeUser_RequestSyntax) **   <a name="singlesignon-DescribeUser-request-IdentityStoreId"></a>
The globally unique identifier for the identity store, such as `d-1234567890`. In this example, `d-` is a fixed prefix, and `1234567890` is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`   
Required: Yes

 ** [UserId](#API_DescribeUser_RequestSyntax) **   <a name="singlesignon-DescribeUser-request-UserId"></a>
The identifier for a user in the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 47.  
Pattern: `([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}`   
Required: Yes

## Response Syntax
<a name="API_DescribeUser_ResponseSyntax"></a>

```
{
   "Addresses": [ 
      { 
         "Country": "string",
         "Formatted": "string",
         "Locality": "string",
         "PostalCode": "string",
         "Primary": boolean,
         "Region": "string",
         "StreetAddress": "string",
         "Type": "string"
      }
   ],
   "Birthdate": "string",
   "CreatedAt": number,
   "CreatedBy": "string",
   "DisplayName": "string",
   "Emails": [ 
      { 
         "Primary": boolean,
         "Type": "string",
         "Value": "string"
      }
   ],
   "Extensions": { 
      "string" : JSON value 
   },
   "ExternalIds": [ 
      { 
         "Id": "string",
         "Issuer": "string"
      }
   ],
   "IdentityStoreId": "string",
   "Locale": "string",
   "Name": { 
      "FamilyName": "string",
      "Formatted": "string",
      "GivenName": "string",
      "HonorificPrefix": "string",
      "HonorificSuffix": "string",
      "MiddleName": "string"
   },
   "NickName": "string",
   "PhoneNumbers": [ 
      { 
         "Primary": boolean,
         "Type": "string",
         "Value": "string"
      }
   ],
   "Photos": [ 
      { 
         "Display": "string",
         "Primary": boolean,
         "Type": "string",
         "Value": "string"
      }
   ],
   "PreferredLanguage": "string",
   "ProfileUrl": "string",
   "Roles": [ 
      { 
         "Primary": boolean,
         "Type": "string",
         "Value": "string"
      }
   ],
   "Timezone": "string",
   "Title": "string",
   "UpdatedAt": number,
   "UpdatedBy": "string",
   "UserId": "string",
   "UserName": "string",
   "UserStatus": "string",
   "UserType": "string",
   "Website": "string"
}
```

## Response Elements
<a name="API_DescribeUser_ResponseElements"></a>

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [Addresses](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-Addresses"></a>
The physical address of the user.  
Type: Array of [Address](API_Address.md) objects  
Array Members: Fixed number of 1 item.

 ** [Birthdate](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-Birthdate"></a>
The user's birthdate in YYYY-MM-DD format. This field returns the stored birthdate information for the user.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 1024.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  　]+` 

 ** [CreatedAt](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-CreatedAt"></a>
The date and time the user was created.  
Type: Timestamp

 ** [CreatedBy](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-CreatedBy"></a>
The identifier of the user or system that created the user.  
Type: String

 ** [DisplayName](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-DisplayName"></a>
The display name of the user.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 1024.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  　]+` 

 ** [Emails](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-Emails"></a>
The email address of the user.  
Type: Array of [Email](API_Email.md) objects  
Array Members: Fixed number of 1 item.

 ** [Extensions](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-Extensions"></a>
A map of explicitly requested attribute extensions associated with the user. Not populated if the user has no requested extensions.  
Type: String to JSON value map  
Map Entries: Maximum number of 10 items.  
Key Length Constraints: Minimum length of 1. Maximum length of 50.  
Key Pattern: `aws:identitystore:[a-z]{1,20}` 

 ** [ExternalIds](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-ExternalIds"></a>
A list of `ExternalId` objects that contains the identifiers issued to this resource by an external identity provider.  
Type: Array of [ExternalId](API_ExternalId.md) objects  
Array Members: Minimum number of 1 item. Maximum number of 10 items.

 ** [IdentityStoreId](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-IdentityStoreId"></a>
The globally unique identifier for the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}` 

 ** [Locale](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-Locale"></a>
A string containing the geographical region or location of the user.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 1024.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  　]+` 

 ** [Name](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-Name"></a>
The name of the user.  
Type: [Name](API_Name.md) object

 ** [NickName](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-NickName"></a>
An alternative descriptive name for the user.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 1024.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  　]+` 

 ** [PhoneNumbers](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-PhoneNumbers"></a>
A list of `PhoneNumber` objects associated with a user.  
Type: Array of [PhoneNumber](API_PhoneNumber.md) objects  
Array Members: Fixed number of 1 item.

 ** [Photos](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-Photos"></a>
A list of photos associated with the user. Returns up to 3 photos with their associated metadata including type, display name, and primary designation.  
Type: Array of [Photo](API_Photo.md) objects  
Array Members: Minimum number of 1 item. Maximum number of 3 items.

 ** [PreferredLanguage](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-PreferredLanguage"></a>
The preferred language of the user.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 1024.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  　]+` 

 ** [ProfileUrl](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-ProfileUrl"></a>
A URL link for the user's profile.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 1024.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  　]+` 

 ** [Roles](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-Roles"></a>
The roles of the user.  
Type: Array of [Role](API_Role.md) objects  
Array Members: Fixed number of 1 item.

 ** [Timezone](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-Timezone"></a>
The time zone for a user.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 1024.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  　]+` 

 ** [Title](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-Title"></a>
A string containing the title of the user.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 1024.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  　]+` 

 ** [UpdatedAt](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-UpdatedAt"></a>
The date and time the user was last updated.  
Type: Timestamp

 ** [UpdatedBy](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-UpdatedBy"></a>
The identifier of the user or system that last updated the user.  
Type: String

 ** [UserId](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-UserId"></a>
The identifier for a user in the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 47.  
Pattern: `([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}` 

 ** [UserName](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-UserName"></a>
A unique string used to identify the user. The length limit is 128 characters. This value can consist of letters, accented characters, symbols, numbers, and punctuation. This value is specified at the time the user is created and stored as an attribute of the user object in the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 128.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}]+` 

 ** [UserStatus](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-UserStatus"></a>
The current status of the user account.  
Type: String  
Valid Values: `ENABLED | DISABLED` 

 ** [UserType](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-UserType"></a>
A string indicating the type of user.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 1024.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  　]+` 

 ** [Website](#API_DescribeUser_ResponseSyntax) **   <a name="singlesignon-DescribeUser-response-Website"></a>
The user's personal website or blog URL. Returns the stored website information for the user.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 1024.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\t\n\r  　]+` 

## Errors
<a name="API_DescribeUser_Errors"></a>

For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
You do not have sufficient access to perform this action.    
 ** Reason **   
Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** InternalServerException **   
The request processing has failed because of an unknown error, exception or failure with an internal server.    
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
Indicates that a requested resource is not found.    
 ** Reason **   
Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** ResourceId **   
The identifier for a resource in the identity store that can be used as `UserId` or `GroupId`. The format for `ResourceId` is either `UUID` or `1234567890-UUID`, where `UUID` is a randomly generated value for each resource when it is created and `1234567890` represents the ` IdentityStoreId` string value. In the case that the identity store is migrated from a legacy SSO identity store, the `ResourceId` for that identity store will be in the format of `UUID`. Otherwise, it will be in the `1234567890-UUID` format.  
 ** ResourceType **   
An enum object indicating the type of resource in the identity store service. Valid values include USER, GROUP, and IDENTITY\$1STORE.
HTTP Status Code: 400

 ** ThrottlingException **   
Indicates that the principal has crossed the throttling limits of the API operations.    
 ** Reason **   
Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 400

 ** ValidationException **   
The request failed because it contains a syntax error.    
 ** Reason **   
Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

## Examples
<a name="API_DescribeUser_Examples"></a>

### Example 1
<a name="API_DescribeUser_Example_1"></a>

This example retrieves only the core information about a user called John Doe.

#### Sample Request
<a name="API_DescribeUser_Example_1_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "UserId": "1a2b3c4d-5e6f-7g8h-9i0j-1k2l3m4n5o6p"
}
```

#### Sample Response
<a name="API_DescribeUser_Example_1_Response"></a>

```
 {
    "UserName": "johndoe",
    "UserId": "1a2b3c4d-5e6f-7g8h-9i0j-1k2l3m4n5o6p",
    "Name": {
        "Formatted": "John Doe",
        "FamilyName": "Doe",
        "GivenName": "John",
    },
    "DisplayName": "John Doe",
    "Emails": [
        {
            "Value": "johndoe@example.com",
            "Type": "work",
            "Primary": true
        }
    ],
    "Addresses": [
        {
            "StreetAddress": "123 Main St",
            "Locality": "Any Town",
            "Region": "ST",
            "PostalCode": "12345",
            "Country": "USA",
            "Formatted": "123 Main St, Anytown, ST 12345, USA",
            "Type": "home"
        }
    ],
    "PhoneNumbers": [
        {
            "Value": "+1 (832) 555-0100",
            "Type": "work",
            "Primary": true
        }
    ],
    "IdentityStoreId": "d-1234567890"
}
```

### Example 2
<a name="API_DescribeUser_Example_2"></a>

This example retrieves both core and enterprise information about a user called John Doe.

#### Sample Request
<a name="API_DescribeUser_Example_2_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "UserId": "1a2b3c4d-5e6f-7g8h-9i0j-1k2l3m4n5o6p",
    "Extensions": ["aws:identitystore:enterprise"]
}
```

#### Sample Response
<a name="API_DescribeUser_Example_2_Response"></a>

```
 {
    "UserName": "johndoe",
    "UserId": "1a2b3c4d-5e6f-7g8h-9i0j-1k2l3m4n5o6p",
    "Name": {
        "Formatted": "John Doe",
        "FamilyName": "Doe",
        "GivenName": "John",
    },
    "DisplayName": "John Doe",
    "Emails": [
        {
            "Value": "johndoe@example.com",
            "Type": "work",
            "Primary": true
        }
    ],
    "Addresses": [
        {
            "StreetAddress": "123 Main St",
            "Locality": "Any Town",
            "Region": "ST",
            "PostalCode": "12345",
            "Country": "USA",
            "Formatted": "123 Main St, Anytown, ST 12345, USA",
            "Type": "home"
        }
    ],
    "PhoneNumbers": [
        {
            "Value": "+1 (832) 555-0100",
            "Type": "work",
            "Primary": true
        }
    ],
    "IdentityStoreId": "d-1234567890",
    "Extensions": {
        "aws:identitystore:enterprise": {
            "employeeNumber": "701984",
            "costCenter": "4130",
            "organization": "Universal Studios",
            "division": "Theme Park",
            "department": "Tour Operations",
            "manager": {
                "value": "a1b2c3d4-5678-90ab-cdef-EXAMPLE44444"
            }
        }
    }
}
```

## See Also
<a name="API_DescribeUser_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/identitystore-2020-06-15/DescribeUser) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/identitystore-2020-06-15/DescribeUser) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/identitystore-2020-06-15/DescribeUser) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/identitystore-2020-06-15/DescribeUser) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/identitystore-2020-06-15/DescribeUser) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/identitystore-2020-06-15/DescribeUser) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/identitystore-2020-06-15/DescribeUser) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/identitystore-2020-06-15/DescribeUser) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/identitystore-2020-06-15/DescribeUser) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/identitystore-2020-06-15/DescribeUser) 

# GetGroupId
<a name="API_GetGroupId"></a>

Retrieves `GroupId` in an identity store.

**Note**  
If you have access to a member account, you can use this API operation from the member account. For more information, see [Limiting access to the identity store from member accounts](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html#limiting-access-from-member-accounts) in the * AWS IAM Identity Center User Guide*.

## Request Syntax
<a name="API_GetGroupId_RequestSyntax"></a>

```
{
   "AlternateIdentifier": { ... },
   "IdentityStoreId": "string"
}
```

## Request Parameters
<a name="API_GetGroupId_RequestParameters"></a>

For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).

The request accepts the following data in JSON format.

 ** [AlternateIdentifier](#API_GetGroupId_RequestSyntax) **   <a name="singlesignon-GetGroupId-request-AlternateIdentifier"></a>
A unique identifier for a user or group that is not the primary identifier. This value can be an identifier from an external identity provider (IdP) that is associated with the user, the group, or a unique attribute. For the unique attribute, the only valid path is ` displayName`.  
Type: [AlternateIdentifier](API_AlternateIdentifier.md) object  
 **Note: **This object is a Union. Only one member of this object can be specified or returned.  
Required: Yes

 ** [IdentityStoreId](#API_GetGroupId_RequestSyntax) **   <a name="singlesignon-GetGroupId-request-IdentityStoreId"></a>
The globally unique identifier for the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`   
Required: Yes

## Response Syntax
<a name="API_GetGroupId_ResponseSyntax"></a>

```
{
   "GroupId": "string",
   "IdentityStoreId": "string"
}
```

## Response Elements
<a name="API_GetGroupId_ResponseElements"></a>

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [GroupId](#API_GetGroupId_ResponseSyntax) **   <a name="singlesignon-GetGroupId-response-GroupId"></a>
The identifier for a group in the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 47.  
Pattern: `([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}` 

 ** [IdentityStoreId](#API_GetGroupId_ResponseSyntax) **   <a name="singlesignon-GetGroupId-response-IdentityStoreId"></a>
The globally unique identifier for the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}` 

## Errors
<a name="API_GetGroupId_Errors"></a>

For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
You do not have sufficient access to perform this action.    
 ** Reason **   
Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** InternalServerException **   
The request processing has failed because of an unknown error, exception or failure with an internal server.    
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
Indicates that a requested resource is not found.    
 ** Reason **   
Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** ResourceId **   
The identifier for a resource in the identity store that can be used as `UserId` or `GroupId`. The format for `ResourceId` is either `UUID` or `1234567890-UUID`, where `UUID` is a randomly generated value for each resource when it is created and `1234567890` represents the ` IdentityStoreId` string value. In the case that the identity store is migrated from a legacy SSO identity store, the `ResourceId` for that identity store will be in the format of `UUID`. Otherwise, it will be in the `1234567890-UUID` format.  
 ** ResourceType **   
An enum object indicating the type of resource in the identity store service. Valid values include USER, GROUP, and IDENTITY\$1STORE.
HTTP Status Code: 400

 ** ThrottlingException **   
Indicates that the principal has crossed the throttling limits of the API operations.    
 ** Reason **   
Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 400

 ** ValidationException **   
The request failed because it contains a syntax error.    
 ** Reason **   
Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

## Examples
<a name="API_GetGroupId_Examples"></a>

### Example
<a name="API_GetGroupId_Example_1"></a>

This example retrieves the group ID for the Developers group using the display name.

#### Sample Request
<a name="API_GetGroupId_Example_1_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "AlternateIdentifier": {
        "UniqueAttribute": {
            "AttributePath": "displayName",
            "AttributeValue": "Developers"
        }
    }
}
```

#### Sample Response
<a name="API_GetGroupId_Example_1_Response"></a>

```
{
    "GroupId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
    "IdentityStoreId": "d-1234567890"
}
```

## See Also
<a name="API_GetGroupId_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/identitystore-2020-06-15/GetGroupId) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/identitystore-2020-06-15/GetGroupId) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/identitystore-2020-06-15/GetGroupId) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/identitystore-2020-06-15/GetGroupId) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/identitystore-2020-06-15/GetGroupId) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/identitystore-2020-06-15/GetGroupId) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/identitystore-2020-06-15/GetGroupId) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/identitystore-2020-06-15/GetGroupId) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/identitystore-2020-06-15/GetGroupId) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/identitystore-2020-06-15/GetGroupId) 

# GetGroupMembershipId
<a name="API_GetGroupMembershipId"></a>

Retrieves the `MembershipId` in an identity store.

**Note**  
If you have access to a member account, you can use this API operation from the member account. For more information, see [Limiting access to the identity store from member accounts](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html#limiting-access-from-member-accounts) in the * AWS IAM Identity Center User Guide*.

## Request Syntax
<a name="API_GetGroupMembershipId_RequestSyntax"></a>

```
{
   "GroupId": "string",
   "IdentityStoreId": "string",
   "MemberId": { ... }
}
```

## Request Parameters
<a name="API_GetGroupMembershipId_RequestParameters"></a>

For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).

The request accepts the following data in JSON format.

 ** [GroupId](#API_GetGroupMembershipId_RequestSyntax) **   <a name="singlesignon-GetGroupMembershipId-request-GroupId"></a>
The identifier for a group in the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 47.  
Pattern: `([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}`   
Required: Yes

 ** [IdentityStoreId](#API_GetGroupMembershipId_RequestSyntax) **   <a name="singlesignon-GetGroupMembershipId-request-IdentityStoreId"></a>
The globally unique identifier for the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`   
Required: Yes

 ** [MemberId](#API_GetGroupMembershipId_RequestSyntax) **   <a name="singlesignon-GetGroupMembershipId-request-MemberId"></a>
An object that contains the identifier of a group member. Setting the `UserID` field to the specific identifier for a user indicates that the user is a member of the group.  
Type: [MemberId](API_MemberId.md) object  
 **Note: **This object is a Union. Only one member of this object can be specified or returned.  
Required: Yes

## Response Syntax
<a name="API_GetGroupMembershipId_ResponseSyntax"></a>

```
{
   "IdentityStoreId": "string",
   "MembershipId": "string"
}
```

## Response Elements
<a name="API_GetGroupMembershipId_ResponseElements"></a>

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [IdentityStoreId](#API_GetGroupMembershipId_ResponseSyntax) **   <a name="singlesignon-GetGroupMembershipId-response-IdentityStoreId"></a>
The globally unique identifier for the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}` 

 ** [MembershipId](#API_GetGroupMembershipId_ResponseSyntax) **   <a name="singlesignon-GetGroupMembershipId-response-MembershipId"></a>
The identifier for a `GroupMembership` in an identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 47.  
Pattern: `([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}` 

## Errors
<a name="API_GetGroupMembershipId_Errors"></a>

For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
You do not have sufficient access to perform this action.    
 ** Reason **   
Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** InternalServerException **   
The request processing has failed because of an unknown error, exception or failure with an internal server.    
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
Indicates that a requested resource is not found.    
 ** Reason **   
Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** ResourceId **   
The identifier for a resource in the identity store that can be used as `UserId` or `GroupId`. The format for `ResourceId` is either `UUID` or `1234567890-UUID`, where `UUID` is a randomly generated value for each resource when it is created and `1234567890` represents the ` IdentityStoreId` string value. In the case that the identity store is migrated from a legacy SSO identity store, the `ResourceId` for that identity store will be in the format of `UUID`. Otherwise, it will be in the `1234567890-UUID` format.  
 ** ResourceType **   
An enum object indicating the type of resource in the identity store service. Valid values include USER, GROUP, and IDENTITY\$1STORE.
HTTP Status Code: 400

 ** ThrottlingException **   
Indicates that the principal has crossed the throttling limits of the API operations.    
 ** Reason **   
Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 400

 ** ValidationException **   
The request failed because it contains a syntax error.    
 ** Reason **   
Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

## Examples
<a name="API_GetGroupMembershipId_Examples"></a>

### Example
<a name="API_GetGroupMembershipId_Example_1"></a>

This example retrieves the membership ID using the group ID and member ID.

#### Sample Request
<a name="API_GetGroupMembershipId_Example_1_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "GroupId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
    "MemberId": {
        "UserId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
    }
}
```

#### Sample Response
<a name="API_GetGroupMembershipId_Example_1_Response"></a>

```
{
    "MembershipId": "74b864b8-7061-70d4-0d6f-22c89feaacbb",
    "IdentityStoreId": "d-1234567890"
}
```

## See Also
<a name="API_GetGroupMembershipId_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/identitystore-2020-06-15/GetGroupMembershipId) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/identitystore-2020-06-15/GetGroupMembershipId) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/identitystore-2020-06-15/GetGroupMembershipId) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/identitystore-2020-06-15/GetGroupMembershipId) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/identitystore-2020-06-15/GetGroupMembershipId) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/identitystore-2020-06-15/GetGroupMembershipId) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/identitystore-2020-06-15/GetGroupMembershipId) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/identitystore-2020-06-15/GetGroupMembershipId) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/identitystore-2020-06-15/GetGroupMembershipId) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/identitystore-2020-06-15/GetGroupMembershipId) 

# GetUserId
<a name="API_GetUserId"></a>

Retrieves the `UserId` in an identity store.

**Note**  
If you have access to a member account, you can use this API operation from the member account. For more information, see [Limiting access to the identity store from member accounts](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html#limiting-access-from-member-accounts) in the * AWS IAM Identity Center User Guide*.

## Request Syntax
<a name="API_GetUserId_RequestSyntax"></a>

```
{
   "AlternateIdentifier": { ... },
   "IdentityStoreId": "string"
}
```

## Request Parameters
<a name="API_GetUserId_RequestParameters"></a>

For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).

The request accepts the following data in JSON format.

 ** [AlternateIdentifier](#API_GetUserId_RequestSyntax) **   <a name="singlesignon-GetUserId-request-AlternateIdentifier"></a>
A unique identifier for a user or group that is not the primary identifier. This value can be an identifier from an external identity provider (IdP) that is associated with the user, the group, or a unique attribute. For the unique attribute, the only valid paths are ` userName` and `emails.value`.  
Type: [AlternateIdentifier](API_AlternateIdentifier.md) object  
 **Note: **This object is a Union. Only one member of this object can be specified or returned.  
Required: Yes

 ** [IdentityStoreId](#API_GetUserId_RequestSyntax) **   <a name="singlesignon-GetUserId-request-IdentityStoreId"></a>
The globally unique identifier for the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`   
Required: Yes

## Response Syntax
<a name="API_GetUserId_ResponseSyntax"></a>

```
{
   "IdentityStoreId": "string",
   "UserId": "string"
}
```

## Response Elements
<a name="API_GetUserId_ResponseElements"></a>

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [IdentityStoreId](#API_GetUserId_ResponseSyntax) **   <a name="singlesignon-GetUserId-response-IdentityStoreId"></a>
The globally unique identifier for the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}` 

 ** [UserId](#API_GetUserId_ResponseSyntax) **   <a name="singlesignon-GetUserId-response-UserId"></a>
The identifier for a user in the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 47.  
Pattern: `([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}` 

## Errors
<a name="API_GetUserId_Errors"></a>

For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
You do not have sufficient access to perform this action.    
 ** Reason **   
Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** InternalServerException **   
The request processing has failed because of an unknown error, exception or failure with an internal server.    
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
Indicates that a requested resource is not found.    
 ** Reason **   
Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** ResourceId **   
The identifier for a resource in the identity store that can be used as `UserId` or `GroupId`. The format for `ResourceId` is either `UUID` or `1234567890-UUID`, where `UUID` is a randomly generated value for each resource when it is created and `1234567890` represents the ` IdentityStoreId` string value. In the case that the identity store is migrated from a legacy SSO identity store, the `ResourceId` for that identity store will be in the format of `UUID`. Otherwise, it will be in the `1234567890-UUID` format.  
 ** ResourceType **   
An enum object indicating the type of resource in the identity store service. Valid values include USER, GROUP, and IDENTITY\$1STORE.
HTTP Status Code: 400

 ** ThrottlingException **   
Indicates that the principal has crossed the throttling limits of the API operations.    
 ** Reason **   
Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 400

 ** ValidationException **   
The request failed because it contains a syntax error.    
 ** Reason **   
Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

## Examples
<a name="API_GetUserId_Examples"></a>

### Example
<a name="API_GetUserId_Example_1"></a>

This example retrieves the user ID based on the user name.

#### Sample Request
<a name="API_GetUserId_Example_1_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "AlternateIdentifier": {
        "UniqueAttribute": {
            "AttributePath": "userName",
            "AttributeValue": "johndoe"
        }
    }
}
```

#### Sample Response
<a name="API_GetUserId_Example_1_Response"></a>

```
{
    "UserId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
    "IdentityStoreId": "d-1234567890"
}
```

## See Also
<a name="API_GetUserId_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/identitystore-2020-06-15/GetUserId) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/identitystore-2020-06-15/GetUserId) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/identitystore-2020-06-15/GetUserId) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/identitystore-2020-06-15/GetUserId) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/identitystore-2020-06-15/GetUserId) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/identitystore-2020-06-15/GetUserId) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/identitystore-2020-06-15/GetUserId) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/identitystore-2020-06-15/GetUserId) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/identitystore-2020-06-15/GetUserId) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/identitystore-2020-06-15/GetUserId) 

# IsMemberInGroups
<a name="API_IsMemberInGroups"></a>

Checks the user's membership in all requested groups and returns if the member exists in all queried groups.

**Note**  
If you have access to a member account, you can use this API operation from the member account. For more information, see [Limiting access to the identity store from member accounts](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html#limiting-access-from-member-accounts) in the * AWS IAM Identity Center User Guide*.

## Request Syntax
<a name="API_IsMemberInGroups_RequestSyntax"></a>

```
{
   "GroupIds": [ "string" ],
   "IdentityStoreId": "string",
   "MemberId": { ... }
}
```

## Request Parameters
<a name="API_IsMemberInGroups_RequestParameters"></a>

For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).

The request accepts the following data in JSON format.

 ** [GroupIds](#API_IsMemberInGroups_RequestSyntax) **   <a name="singlesignon-IsMemberInGroups-request-GroupIds"></a>
A list of identifiers for groups in the identity store.  
Type: Array of strings  
Array Members: Minimum number of 1 item. Maximum number of 100 items.  
Length Constraints: Minimum length of 1. Maximum length of 47.  
Pattern: `([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}`   
Required: Yes

 ** [IdentityStoreId](#API_IsMemberInGroups_RequestSyntax) **   <a name="singlesignon-IsMemberInGroups-request-IdentityStoreId"></a>
The globally unique identifier for the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`   
Required: Yes

 ** [MemberId](#API_IsMemberInGroups_RequestSyntax) **   <a name="singlesignon-IsMemberInGroups-request-MemberId"></a>
An object containing the identifier of a group member.  
Type: [MemberId](API_MemberId.md) object  
 **Note: **This object is a Union. Only one member of this object can be specified or returned.  
Required: Yes

## Response Syntax
<a name="API_IsMemberInGroups_ResponseSyntax"></a>

```
{
   "Results": [ 
      { 
         "GroupId": "string",
         "MemberId": { ... },
         "MembershipExists": boolean
      }
   ]
}
```

## Response Elements
<a name="API_IsMemberInGroups_ResponseElements"></a>

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [Results](#API_IsMemberInGroups_ResponseSyntax) **   <a name="singlesignon-IsMemberInGroups-response-Results"></a>
A list containing the results of membership existence checks.  
Type: Array of [GroupMembershipExistenceResult](API_GroupMembershipExistenceResult.md) objects

## Errors
<a name="API_IsMemberInGroups_Errors"></a>

For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
You do not have sufficient access to perform this action.    
 ** Reason **   
Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** InternalServerException **   
The request processing has failed because of an unknown error, exception or failure with an internal server.    
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
Indicates that a requested resource is not found.    
 ** Reason **   
Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** ResourceId **   
The identifier for a resource in the identity store that can be used as `UserId` or `GroupId`. The format for `ResourceId` is either `UUID` or `1234567890-UUID`, where `UUID` is a randomly generated value for each resource when it is created and `1234567890` represents the ` IdentityStoreId` string value. In the case that the identity store is migrated from a legacy SSO identity store, the `ResourceId` for that identity store will be in the format of `UUID`. Otherwise, it will be in the `1234567890-UUID` format.  
 ** ResourceType **   
An enum object indicating the type of resource in the identity store service. Valid values include USER, GROUP, and IDENTITY\$1STORE.
HTTP Status Code: 400

 ** ThrottlingException **   
Indicates that the principal has crossed the throttling limits of the API operations.    
 ** Reason **   
Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 400

 ** ValidationException **   
The request failed because it contains a syntax error.    
 ** Reason **   
Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

## Examples
<a name="API_IsMemberInGroups_Examples"></a>

### Example
<a name="API_IsMemberInGroups_Example_1"></a>

This example indicates that the specified user is a member of the specified group.

#### Sample Request
<a name="API_IsMemberInGroups_Example_1_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "MemberId": {
        "UserId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
    },
    "GroupIds": [
        "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222"
    ]
}
```

#### Sample Response
<a name="API_IsMemberInGroups_Example_1_Response"></a>

```
{
    "Results": [
        {
            "GroupId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
            "MemberId": {
                "UserId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
            },
            "MembershipExists": true
        }
    ]
}
```

## See Also
<a name="API_IsMemberInGroups_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/identitystore-2020-06-15/IsMemberInGroups) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/identitystore-2020-06-15/IsMemberInGroups) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/identitystore-2020-06-15/IsMemberInGroups) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/identitystore-2020-06-15/IsMemberInGroups) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/identitystore-2020-06-15/IsMemberInGroups) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/identitystore-2020-06-15/IsMemberInGroups) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/identitystore-2020-06-15/IsMemberInGroups) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/identitystore-2020-06-15/IsMemberInGroups) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/identitystore-2020-06-15/IsMemberInGroups) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/identitystore-2020-06-15/IsMemberInGroups) 

# ListGroupMemberships
<a name="API_ListGroupMemberships"></a>

For the specified group in the specified identity store, returns the list of all ` GroupMembership` objects and returns results in paginated form.

**Note**  
If you have access to a member account, you can use this API operation from the member account. For more information, see [Limiting access to the identity store from member accounts](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html#limiting-access-from-member-accounts) in the * AWS IAM Identity Center User Guide*.

## Request Syntax
<a name="API_ListGroupMemberships_RequestSyntax"></a>

```
{
   "GroupId": "string",
   "IdentityStoreId": "string",
   "MaxResults": number,
   "NextToken": "string"
}
```

## Request Parameters
<a name="API_ListGroupMemberships_RequestParameters"></a>

For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).

The request accepts the following data in JSON format.

 ** [GroupId](#API_ListGroupMemberships_RequestSyntax) **   <a name="singlesignon-ListGroupMemberships-request-GroupId"></a>
The identifier for a group in the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 47.  
Pattern: `([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}`   
Required: Yes

 ** [IdentityStoreId](#API_ListGroupMemberships_RequestSyntax) **   <a name="singlesignon-ListGroupMemberships-request-IdentityStoreId"></a>
The globally unique identifier for the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`   
Required: Yes

 ** [MaxResults](#API_ListGroupMemberships_RequestSyntax) **   <a name="singlesignon-ListGroupMemberships-request-MaxResults"></a>
The maximum number of results to be returned per request. This parameter is used in all ` List` requests to specify how many results to return in one page.  
Type: Integer  
Valid Range: Minimum value of 1. Maximum value of 100.  
Required: No

 ** [NextToken](#API_ListGroupMemberships_RequestSyntax) **   <a name="singlesignon-ListGroupMemberships-request-NextToken"></a>
The pagination token used for the `ListUsers`, `ListGroups` and ` ListGroupMemberships` API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 65535.  
Pattern: `[-a-zA-Z0-9+=/:_]*`   
Required: No

## Response Syntax
<a name="API_ListGroupMemberships_ResponseSyntax"></a>

```
{
   "GroupMemberships": [ 
      { 
         "CreatedAt": number,
         "CreatedBy": "string",
         "GroupId": "string",
         "IdentityStoreId": "string",
         "MemberId": { ... },
         "MembershipId": "string",
         "UpdatedAt": number,
         "UpdatedBy": "string"
      }
   ],
   "NextToken": "string"
}
```

## Response Elements
<a name="API_ListGroupMemberships_ResponseElements"></a>

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [GroupMemberships](#API_ListGroupMemberships_ResponseSyntax) **   <a name="singlesignon-ListGroupMemberships-response-GroupMemberships"></a>
A list of `GroupMembership` objects in the group.  
Type: Array of [GroupMembership](API_GroupMembership.md) objects

 ** [NextToken](#API_ListGroupMemberships_ResponseSyntax) **   <a name="singlesignon-ListGroupMemberships-response-NextToken"></a>
The pagination token used for the `ListUsers`, `ListGroups`, and ` ListGroupMemberships` API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 65535.  
Pattern: `[-a-zA-Z0-9+=/:_]*` 

## Errors
<a name="API_ListGroupMemberships_Errors"></a>

For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
You do not have sufficient access to perform this action.    
 ** Reason **   
Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** InternalServerException **   
The request processing has failed because of an unknown error, exception or failure with an internal server.    
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
Indicates that a requested resource is not found.    
 ** Reason **   
Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** ResourceId **   
The identifier for a resource in the identity store that can be used as `UserId` or `GroupId`. The format for `ResourceId` is either `UUID` or `1234567890-UUID`, where `UUID` is a randomly generated value for each resource when it is created and `1234567890` represents the ` IdentityStoreId` string value. In the case that the identity store is migrated from a legacy SSO identity store, the `ResourceId` for that identity store will be in the format of `UUID`. Otherwise, it will be in the `1234567890-UUID` format.  
 ** ResourceType **   
An enum object indicating the type of resource in the identity store service. Valid values include USER, GROUP, and IDENTITY\$1STORE.
HTTP Status Code: 400

 ** ThrottlingException **   
Indicates that the principal has crossed the throttling limits of the API operations.    
 ** Reason **   
Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 400

 ** ValidationException **   
The request failed because it contains a syntax error.    
 ** Reason **   
Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

## Examples
<a name="API_ListGroupMemberships_Examples"></a>

### Example
<a name="API_ListGroupMemberships_Example_1"></a>

This example lists the two users who are members of the specified group.

#### Sample Request
<a name="API_ListGroupMemberships_Example_1_Request"></a>

```
{
    "IdentityStoreId": "d-9067f85685",
    "GroupId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
    "MaxResults": 100, 
    "NextToken": ""
}
```

#### Sample Response
<a name="API_ListGroupMemberships_Example_1_Response"></a>

```
{
    "GroupMemberships": [
        {
            "IdentityStoreId": "d-1234567890",
            "MembershipId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE33333",
            "GroupId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
            "MemberId": {
                "UserId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
            }
        },
        {
            "IdentityStoreId": "d-1234567890",
            "MembershipId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE33333",
            "GroupId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
            "MemberId": {
                "UserId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
              }
        }
    ]
}
```

## See Also
<a name="API_ListGroupMemberships_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/identitystore-2020-06-15/ListGroupMemberships) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/identitystore-2020-06-15/ListGroupMemberships) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/identitystore-2020-06-15/ListGroupMemberships) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/identitystore-2020-06-15/ListGroupMemberships) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/identitystore-2020-06-15/ListGroupMemberships) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/identitystore-2020-06-15/ListGroupMemberships) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/identitystore-2020-06-15/ListGroupMemberships) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/identitystore-2020-06-15/ListGroupMemberships) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/identitystore-2020-06-15/ListGroupMemberships) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/identitystore-2020-06-15/ListGroupMemberships) 

# ListGroupMembershipsForMember
<a name="API_ListGroupMembershipsForMember"></a>

For the specified member in the specified identity store, returns the list of all ` GroupMembership` objects and returns results in paginated form.

**Note**  
If you have access to a member account, you can use this API operation from the member account. For more information, see [Limiting access to the identity store from member accounts](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html#limiting-access-from-member-accounts) in the * AWS IAM Identity Center User Guide*.

## Request Syntax
<a name="API_ListGroupMembershipsForMember_RequestSyntax"></a>

```
{
   "IdentityStoreId": "string",
   "MaxResults": number,
   "MemberId": { ... },
   "NextToken": "string"
}
```

## Request Parameters
<a name="API_ListGroupMembershipsForMember_RequestParameters"></a>

For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).

The request accepts the following data in JSON format.

 ** [IdentityStoreId](#API_ListGroupMembershipsForMember_RequestSyntax) **   <a name="singlesignon-ListGroupMembershipsForMember-request-IdentityStoreId"></a>
The globally unique identifier for the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`   
Required: Yes

 ** [MaxResults](#API_ListGroupMembershipsForMember_RequestSyntax) **   <a name="singlesignon-ListGroupMembershipsForMember-request-MaxResults"></a>
The maximum number of results to be returned per request. This parameter is used in the ` ListUsers` and `ListGroups` requests to specify how many results to return in one page. The length limit is 50 characters.  
Type: Integer  
Valid Range: Minimum value of 1. Maximum value of 100.  
Required: No

 ** [MemberId](#API_ListGroupMembershipsForMember_RequestSyntax) **   <a name="singlesignon-ListGroupMembershipsForMember-request-MemberId"></a>
An object that contains the identifier of a group member. Setting the `UserID` field to the specific identifier for a user indicates that the user is a member of the group.  
Type: [MemberId](API_MemberId.md) object  
 **Note: **This object is a Union. Only one member of this object can be specified or returned.  
Required: Yes

 ** [NextToken](#API_ListGroupMembershipsForMember_RequestSyntax) **   <a name="singlesignon-ListGroupMembershipsForMember-request-NextToken"></a>
The pagination token used for the `ListUsers`, `ListGroups`, and ` ListGroupMemberships` API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 65535.  
Pattern: `[-a-zA-Z0-9+=/:_]*`   
Required: No

## Response Syntax
<a name="API_ListGroupMembershipsForMember_ResponseSyntax"></a>

```
{
   "GroupMemberships": [ 
      { 
         "CreatedAt": number,
         "CreatedBy": "string",
         "GroupId": "string",
         "IdentityStoreId": "string",
         "MemberId": { ... },
         "MembershipId": "string",
         "UpdatedAt": number,
         "UpdatedBy": "string"
      }
   ],
   "NextToken": "string"
}
```

## Response Elements
<a name="API_ListGroupMembershipsForMember_ResponseElements"></a>

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [GroupMemberships](#API_ListGroupMembershipsForMember_ResponseSyntax) **   <a name="singlesignon-ListGroupMembershipsForMember-response-GroupMemberships"></a>
A list of `GroupMembership` objects in the group for a specified member.  
Type: Array of [GroupMembership](API_GroupMembership.md) objects

 ** [NextToken](#API_ListGroupMembershipsForMember_ResponseSyntax) **   <a name="singlesignon-ListGroupMembershipsForMember-response-NextToken"></a>
The pagination token used for the `ListUsers`, `ListGroups`, and ` ListGroupMemberships` API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.   
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 65535.  
Pattern: `[-a-zA-Z0-9+=/:_]*` 

## Errors
<a name="API_ListGroupMembershipsForMember_Errors"></a>

For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
You do not have sufficient access to perform this action.    
 ** Reason **   
Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** InternalServerException **   
The request processing has failed because of an unknown error, exception or failure with an internal server.    
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
Indicates that a requested resource is not found.    
 ** Reason **   
Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** ResourceId **   
The identifier for a resource in the identity store that can be used as `UserId` or `GroupId`. The format for `ResourceId` is either `UUID` or `1234567890-UUID`, where `UUID` is a randomly generated value for each resource when it is created and `1234567890` represents the ` IdentityStoreId` string value. In the case that the identity store is migrated from a legacy SSO identity store, the `ResourceId` for that identity store will be in the format of `UUID`. Otherwise, it will be in the `1234567890-UUID` format.  
 ** ResourceType **   
An enum object indicating the type of resource in the identity store service. Valid values include USER, GROUP, and IDENTITY\$1STORE.
HTTP Status Code: 400

 ** ThrottlingException **   
Indicates that the principal has crossed the throttling limits of the API operations.    
 ** Reason **   
Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 400

 ** ValidationException **   
The request failed because it contains a syntax error.    
 ** Reason **   
Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

## Examples
<a name="API_ListGroupMembershipsForMember_Examples"></a>

### Example
<a name="API_ListGroupMembershipsForMember_Example_1"></a>

This example lists the two group memberships for the specified user.

#### Sample Request
<a name="API_ListGroupMembershipsForMember_Example_1_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "MemberId": {
        "UserId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
    },
    "MaxResults": 100,
    "NextToken": ""
}
```

#### Sample Response
<a name="API_ListGroupMembershipsForMember_Example_1_Response"></a>

```
{ 
     "GroupMemberships": [
        {
            "IdentityStoreId": "d-1234567890",
            "MembershipId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE33333",
            "GroupId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
            "MemberId": {
                "UserId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
            }
        },
        {
            "IdentityStoreId": "d-1234567890",
            "MembershipId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE33333",
            "GroupId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
            "MemberId": {
                "UserId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111"
            }
        }
    ]
}
```

## See Also
<a name="API_ListGroupMembershipsForMember_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/identitystore-2020-06-15/ListGroupMembershipsForMember) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/identitystore-2020-06-15/ListGroupMembershipsForMember) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/identitystore-2020-06-15/ListGroupMembershipsForMember) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/identitystore-2020-06-15/ListGroupMembershipsForMember) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/identitystore-2020-06-15/ListGroupMembershipsForMember) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/identitystore-2020-06-15/ListGroupMembershipsForMember) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/identitystore-2020-06-15/ListGroupMembershipsForMember) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/identitystore-2020-06-15/ListGroupMembershipsForMember) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/identitystore-2020-06-15/ListGroupMembershipsForMember) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/identitystore-2020-06-15/ListGroupMembershipsForMember) 

# ListGroups
<a name="API_ListGroups"></a>

Lists all groups in the identity store. Returns a paginated list of complete `Group` objects. Filtering for a `Group` by the `DisplayName` attribute is deprecated. Instead, use the `GetGroupId` API action.

**Note**  
If you have access to a member account, you can use this API operation from the member account. For more information, see [Limiting access to the identity store from member accounts](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html#limiting-access-from-member-accounts) in the * AWS IAM Identity Center User Guide*.

## Request Syntax
<a name="API_ListGroups_RequestSyntax"></a>

```
{
   "Filters": [ 
      { 
         "AttributePath": "string",
         "AttributeValue": "string"
      }
   ],
   "IdentityStoreId": "string",
   "MaxResults": number,
   "NextToken": "string"
}
```

## Request Parameters
<a name="API_ListGroups_RequestParameters"></a>

For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).

The request accepts the following data in JSON format.

 ** [Filters](#API_ListGroups_RequestSyntax) **   <a name="singlesignon-ListGroups-request-Filters"></a>
 *This parameter has been deprecated.*   
A list of `Filter` objects, which is used in the `ListUsers` and ` ListGroups` requests.  
Type: Array of [Filter](API_Filter.md) objects  
Array Members: Minimum number of 0 items. Maximum number of 1 item.  
Required: No

 ** [IdentityStoreId](#API_ListGroups_RequestSyntax) **   <a name="singlesignon-ListGroups-request-IdentityStoreId"></a>
The globally unique identifier for the identity store, such as `d-1234567890`. In this example, `d-` is a fixed prefix, and `1234567890` is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`   
Required: Yes

 ** [MaxResults](#API_ListGroups_RequestSyntax) **   <a name="singlesignon-ListGroups-request-MaxResults"></a>
The maximum number of results to be returned per request. This parameter is used in the ` ListUsers` and `ListGroups` requests to specify how many results to return in one page. The length limit is 50 characters.  
Type: Integer  
Valid Range: Minimum value of 1. Maximum value of 100.  
Required: No

 ** [NextToken](#API_ListGroups_RequestSyntax) **   <a name="singlesignon-ListGroups-request-NextToken"></a>
The pagination token used for the `ListUsers` and `ListGroups` API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 65535.  
Pattern: `[-a-zA-Z0-9+=/:_]*`   
Required: No

## Response Syntax
<a name="API_ListGroups_ResponseSyntax"></a>

```
{
   "Groups": [ 
      { 
         "CreatedAt": number,
         "CreatedBy": "string",
         "Description": "string",
         "DisplayName": "string",
         "ExternalIds": [ 
            { 
               "Id": "string",
               "Issuer": "string"
            }
         ],
         "GroupId": "string",
         "IdentityStoreId": "string",
         "UpdatedAt": number,
         "UpdatedBy": "string"
      }
   ],
   "NextToken": "string"
}
```

## Response Elements
<a name="API_ListGroups_ResponseElements"></a>

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [Groups](#API_ListGroups_ResponseSyntax) **   <a name="singlesignon-ListGroups-response-Groups"></a>
A list of `Group` objects in the identity store.  
Type: Array of [Group](API_Group.md) objects

 ** [NextToken](#API_ListGroups_ResponseSyntax) **   <a name="singlesignon-ListGroups-response-NextToken"></a>
The pagination token used for the `ListUsers` and `ListGroups` API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 65535.  
Pattern: `[-a-zA-Z0-9+=/:_]*` 

## Errors
<a name="API_ListGroups_Errors"></a>

For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
You do not have sufficient access to perform this action.    
 ** Reason **   
Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** InternalServerException **   
The request processing has failed because of an unknown error, exception or failure with an internal server.    
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
Indicates that a requested resource is not found.    
 ** Reason **   
Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** ResourceId **   
The identifier for a resource in the identity store that can be used as `UserId` or `GroupId`. The format for `ResourceId` is either `UUID` or `1234567890-UUID`, where `UUID` is a randomly generated value for each resource when it is created and `1234567890` represents the ` IdentityStoreId` string value. In the case that the identity store is migrated from a legacy SSO identity store, the `ResourceId` for that identity store will be in the format of `UUID`. Otherwise, it will be in the `1234567890-UUID` format.  
 ** ResourceType **   
An enum object indicating the type of resource in the identity store service. Valid values include USER, GROUP, and IDENTITY\$1STORE.
HTTP Status Code: 400

 ** ThrottlingException **   
Indicates that the principal has crossed the throttling limits of the API operations.    
 ** Reason **   
Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 400

 ** ValidationException **   
The request failed because it contains a syntax error.    
 ** Reason **   
Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

## Examples
<a name="API_ListGroups_Examples"></a>

### Example
<a name="API_ListGroups_Example_1"></a>

This example lists the two groups in the specified identity store.

#### Sample Request
<a name="API_ListGroups_Example_1_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "MaxResults": 100,
    "NextToken": "",
}
```

#### Sample Response
<a name="API_ListGroups_Example_1_Response"></a>

```
{
    "Groups": [
        {
            "GroupId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
            "DisplayName": "Developers",
            "Description": "Group that contains all developers",
            "IdentityStoreId": "d-1234567890"
        },
        {
            "GroupId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
            "DisplayName": "Engineers",
            "Description": "Group that contains all engineers",
            "IdentityStoreId": "d-1234567890"
        }
    ]
}
```

## See Also
<a name="API_ListGroups_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/identitystore-2020-06-15/ListGroups) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/identitystore-2020-06-15/ListGroups) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/identitystore-2020-06-15/ListGroups) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/identitystore-2020-06-15/ListGroups) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/identitystore-2020-06-15/ListGroups) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/identitystore-2020-06-15/ListGroups) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/identitystore-2020-06-15/ListGroups) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/identitystore-2020-06-15/ListGroups) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/identitystore-2020-06-15/ListGroups) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/identitystore-2020-06-15/ListGroups) 

# ListUsers
<a name="API_ListUsers"></a>

Lists all users in the identity store. Returns a paginated list of complete `User` objects. Filtering for a `User` by the `UserName` attribute is deprecated. Instead, use the `GetUserId` API action.

**Note**  
If you have access to a member account, you can use this API operation from the member account. For more information, see [Limiting access to the identity store from member accounts](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html#limiting-access-from-member-accounts) in the * AWS IAM Identity Center User Guide*.

## Request Syntax
<a name="API_ListUsers_RequestSyntax"></a>

```
{
   "Extensions": [ "string" ],
   "Filters": [ 
      { 
         "AttributePath": "string",
         "AttributeValue": "string"
      }
   ],
   "IdentityStoreId": "string",
   "MaxResults": number,
   "NextToken": "string"
}
```

## Request Parameters
<a name="API_ListUsers_RequestParameters"></a>

For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).

The request accepts the following data in JSON format.

 ** [Extensions](#API_ListUsers_RequestSyntax) **   <a name="singlesignon-ListUsers-request-Extensions"></a>
A collection of extension names indicating what extensions the service should retrieve alongside other user attributes. `aws:identitystore:enterprise` is the only supported extension name.  
Type: Array of strings  
Array Members: Minimum number of 1 item. Maximum number of 10 items.  
Length Constraints: Minimum length of 1. Maximum length of 50.  
Pattern: `aws:identitystore:[a-z]{1,20}`   
Required: No

 ** [Filters](#API_ListUsers_RequestSyntax) **   <a name="singlesignon-ListUsers-request-Filters"></a>
 *This parameter has been deprecated.*   
A list of `Filter` objects, which is used in the `ListUsers` and ` ListGroups` requests.   
Type: Array of [Filter](API_Filter.md) objects  
Array Members: Minimum number of 0 items. Maximum number of 1 item.  
Required: No

 ** [IdentityStoreId](#API_ListUsers_RequestSyntax) **   <a name="singlesignon-ListUsers-request-IdentityStoreId"></a>
The globally unique identifier for the identity store, such as `d-1234567890`. In this example, `d-` is a fixed prefix, and `1234567890` is a randomly generated string that contains numbers and lower case letters. This value is generated at the time that a new identity store is created.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`   
Required: Yes

 ** [MaxResults](#API_ListUsers_RequestSyntax) **   <a name="singlesignon-ListUsers-request-MaxResults"></a>
The maximum number of results to be returned per request. This parameter is used in the ` ListUsers` and `ListGroups` requests to specify how many results to return in one page. The length limit is 50 characters.  
Type: Integer  
Valid Range: Minimum value of 1. Maximum value of 100.  
Required: No

 ** [NextToken](#API_ListUsers_RequestSyntax) **   <a name="singlesignon-ListUsers-request-NextToken"></a>
The pagination token used for the `ListUsers` and `ListGroups` API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 65535.  
Pattern: `[-a-zA-Z0-9+=/:_]*`   
Required: No

## Response Syntax
<a name="API_ListUsers_ResponseSyntax"></a>

```
{
   "NextToken": "string",
   "Users": [ 
      { 
         "Addresses": [ 
            { 
               "Country": "string",
               "Formatted": "string",
               "Locality": "string",
               "PostalCode": "string",
               "Primary": boolean,
               "Region": "string",
               "StreetAddress": "string",
               "Type": "string"
            }
         ],
         "Birthdate": "string",
         "CreatedAt": number,
         "CreatedBy": "string",
         "DisplayName": "string",
         "Emails": [ 
            { 
               "Primary": boolean,
               "Type": "string",
               "Value": "string"
            }
         ],
         "Extensions": { 
            "string" : JSON value 
         },
         "ExternalIds": [ 
            { 
               "Id": "string",
               "Issuer": "string"
            }
         ],
         "IdentityStoreId": "string",
         "Locale": "string",
         "Name": { 
            "FamilyName": "string",
            "Formatted": "string",
            "GivenName": "string",
            "HonorificPrefix": "string",
            "HonorificSuffix": "string",
            "MiddleName": "string"
         },
         "NickName": "string",
         "PhoneNumbers": [ 
            { 
               "Primary": boolean,
               "Type": "string",
               "Value": "string"
            }
         ],
         "Photos": [ 
            { 
               "Display": "string",
               "Primary": boolean,
               "Type": "string",
               "Value": "string"
            }
         ],
         "PreferredLanguage": "string",
         "ProfileUrl": "string",
         "Roles": [ 
            { 
               "Primary": boolean,
               "Type": "string",
               "Value": "string"
            }
         ],
         "Timezone": "string",
         "Title": "string",
         "UpdatedAt": number,
         "UpdatedBy": "string",
         "UserId": "string",
         "UserName": "string",
         "UserStatus": "string",
         "UserType": "string",
         "Website": "string"
      }
   ]
}
```

## Response Elements
<a name="API_ListUsers_ResponseElements"></a>

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

 ** [NextToken](#API_ListUsers_ResponseSyntax) **   <a name="singlesignon-ListUsers-response-NextToken"></a>
The pagination token used for the `ListUsers` and `ListGroups` API operations. This value is generated by the identity store service. It is returned in the API response if the total results are more than the size of one page. This token is also returned when it is used in the API request to search for the next page.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 65535.  
Pattern: `[-a-zA-Z0-9+=/:_]*` 

 ** [Users](#API_ListUsers_ResponseSyntax) **   <a name="singlesignon-ListUsers-response-Users"></a>
A list of `User` objects in the identity store.  
Type: Array of [User](API_User.md) objects

## Errors
<a name="API_ListUsers_Errors"></a>

For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
You do not have sufficient access to perform this action.    
 ** Reason **   
Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** InternalServerException **   
The request processing has failed because of an unknown error, exception or failure with an internal server.    
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
Indicates that a requested resource is not found.    
 ** Reason **   
Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** ResourceId **   
The identifier for a resource in the identity store that can be used as `UserId` or `GroupId`. The format for `ResourceId` is either `UUID` or `1234567890-UUID`, where `UUID` is a randomly generated value for each resource when it is created and `1234567890` represents the ` IdentityStoreId` string value. In the case that the identity store is migrated from a legacy SSO identity store, the `ResourceId` for that identity store will be in the format of `UUID`. Otherwise, it will be in the `1234567890-UUID` format.  
 ** ResourceType **   
An enum object indicating the type of resource in the identity store service. Valid values include USER, GROUP, and IDENTITY\$1STORE.
HTTP Status Code: 400

 ** ThrottlingException **   
Indicates that the principal has crossed the throttling limits of the API operations.    
 ** Reason **   
Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 400

 ** ValidationException **   
The request failed because it contains a syntax error.    
 ** Reason **   
Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

## Examples
<a name="API_ListUsers_Examples"></a>

### Example 1
<a name="API_ListUsers_Example_1"></a>

This example lists the users in the specified identity store.

#### Sample Request
<a name="API_ListUsers_Example_1_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "MaxResults": 100,
    "NextToken": ""
}
```

#### Sample Response
<a name="API_ListUsers_Example_1_Response"></a>

```
{
        "Users": [
        {
            "UserName": "john_doe",
            "UserId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
            "Name": {
                "FamilyName": "Doe",
                "GivenName": "John"
            }
         },
        {
            "UserName": "mary_major",
            "UserId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE222222",
            "Name": {
                "FamilyName": "Major",
                "GivenName": "Mary"
            }    
         }
      ],
      "NextToken": "EXAMPLE-TOKEN"
}
```

### Example 2
<a name="API_ListUsers_Example_2"></a>

This example lists users with extensions in the specified identity store.

#### Sample Request
<a name="API_ListUsers_Example_2_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "Extensions": ["aws:identitystore:enterprise"]
    "MaxResults": 100,
    "NextToken": ""
}
```

#### Sample Response
<a name="API_ListUsers_Example_2_Response"></a>

```
{
        "Users": [
        {
            "UserName": "john_doe",
            "UserId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
            "Name": {
                "FamilyName": "Doe",
                "GivenName": "John"
            },
            "Extensions": {
                "aws:identitystore:enterprise": {
                    "employeeNumber": "701984",
                    "costCenter": "4130",
                    "organization": "Universal Studios",
                    "division": "Theme Park",
                    "department": "Tour Operations",
                    "manager": {
                        "value": "a1b2c3d4-5678-90ab-cdef-EXAMPLE44444"
                    }
                }
            }
        },
        {
            "UserName": "mary_major",
            "UserId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE222222",
            "Name": {
                "FamilyName": "Major",
                "GivenName": "Mary"
            }
        }
      ],
      "NextToken": "EXAMPLE-TOKEN"
}
```

## See Also
<a name="API_ListUsers_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/identitystore-2020-06-15/ListUsers) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/identitystore-2020-06-15/ListUsers) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/identitystore-2020-06-15/ListUsers) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/identitystore-2020-06-15/ListUsers) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/identitystore-2020-06-15/ListUsers) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/identitystore-2020-06-15/ListUsers) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/identitystore-2020-06-15/ListUsers) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/identitystore-2020-06-15/ListUsers) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/identitystore-2020-06-15/ListUsers) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/identitystore-2020-06-15/ListUsers) 

# UpdateGroup
<a name="API_UpdateGroup"></a>

Updates the specified group metadata and attributes in the specified identity store.

## Request Syntax
<a name="API_UpdateGroup_RequestSyntax"></a>

```
{
   "GroupId": "string",
   "IdentityStoreId": "string",
   "Operations": [ 
      { 
         "AttributePath": "string",
         "AttributeValue": JSON value
      }
   ]
}
```

## Request Parameters
<a name="API_UpdateGroup_RequestParameters"></a>

For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).

The request accepts the following data in JSON format.

 ** [GroupId](#API_UpdateGroup_RequestSyntax) **   <a name="singlesignon-UpdateGroup-request-GroupId"></a>
The identifier for a group in the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 47.  
Pattern: `([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}`   
Required: Yes

 ** [IdentityStoreId](#API_UpdateGroup_RequestSyntax) **   <a name="singlesignon-UpdateGroup-request-IdentityStoreId"></a>
The globally unique identifier for the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`   
Required: Yes

 ** [Operations](#API_UpdateGroup_RequestSyntax) **   <a name="singlesignon-UpdateGroup-request-Operations"></a>
A list of `AttributeOperation` objects to apply to the requested group. These operations might add, replace, or remove an attribute. For more information on the attributes that can be added, replaced, or removed, see [Group](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_Group.html).  
Type: Array of [AttributeOperation](API_AttributeOperation.md) objects  
Array Members: Minimum number of 1 item. Maximum number of 100 items.  
Required: Yes

## Response Elements
<a name="API_UpdateGroup_ResponseElements"></a>

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors
<a name="API_UpdateGroup_Errors"></a>

For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
You do not have sufficient access to perform this action.    
 ** Reason **   
Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** ConflictException **   
This request cannot be completed for one of the following reasons:  
+ Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.
+ The requested resource was being concurrently modified by another request.  
 ** Reason **   
Indicates the reason for a conflict error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** InternalServerException **   
The request processing has failed because of an unknown error, exception or failure with an internal server.    
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
Indicates that a requested resource is not found.    
 ** Reason **   
Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** ResourceId **   
The identifier for a resource in the identity store that can be used as `UserId` or `GroupId`. The format for `ResourceId` is either `UUID` or `1234567890-UUID`, where `UUID` is a randomly generated value for each resource when it is created and `1234567890` represents the ` IdentityStoreId` string value. In the case that the identity store is migrated from a legacy SSO identity store, the `ResourceId` for that identity store will be in the format of `UUID`. Otherwise, it will be in the `1234567890-UUID` format.  
 ** ResourceType **   
An enum object indicating the type of resource in the identity store service. Valid values include USER, GROUP, and IDENTITY\$1STORE.
HTTP Status Code: 400

 ** ServiceQuotaExceededException **   
The request would cause the number of users or groups in the identity store to exceed the maximum allowed.    
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** ThrottlingException **   
Indicates that the principal has crossed the throttling limits of the API operations.    
 ** Reason **   
Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 400

 ** ValidationException **   
The request failed because it contains a syntax error.    
 ** Reason **   
Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

## Examples
<a name="API_UpdateGroup_Examples"></a>

### Example 1
<a name="API_UpdateGroup_Example_1"></a>

This example updates the display name of the specified group to "Engineers". 

#### Sample Request
<a name="API_UpdateGroup_Example_1_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "GroupId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
    "Operations": [
        {
            "AttributePath": "displayName",
            "AttributeValue": "Engineers"
        }
    ]
}
```

#### Sample Response
<a name="API_UpdateGroup_Example_1_Response"></a>

```
No response
```

### Example 2
<a name="API_UpdateGroup_Example_2"></a>

This example updates the description of the specified group to "Contains all engineers". 

#### Sample Request
<a name="API_UpdateGroup_Example_2_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "GroupId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
    "Operations": [
        {
            "AttributePath": "description",
            "AttributeValue": "Contains all engineers"
        }
    ]
}
```

#### Sample Response
<a name="API_UpdateGroup_Example_2_Response"></a>

```
No response
```

### Example 3
<a name="API_UpdateGroup_Example_3"></a>

This example removes the description from the specified group. 

#### Sample Request
<a name="API_UpdateGroup_Example_3_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "GroupId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222",
    "Operations": [
        {
            "AttributePath": "description",
        }
    ]
}
```

#### Sample Response
<a name="API_UpdateGroup_Example_3_Response"></a>

```
No response
```

## See Also
<a name="API_UpdateGroup_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/identitystore-2020-06-15/UpdateGroup) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/identitystore-2020-06-15/UpdateGroup) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/identitystore-2020-06-15/UpdateGroup) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/identitystore-2020-06-15/UpdateGroup) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/identitystore-2020-06-15/UpdateGroup) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/identitystore-2020-06-15/UpdateGroup) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/identitystore-2020-06-15/UpdateGroup) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/identitystore-2020-06-15/UpdateGroup) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/identitystore-2020-06-15/UpdateGroup) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/identitystore-2020-06-15/UpdateGroup) 

# UpdateUser
<a name="API_UpdateUser"></a>

Updates the specified user metadata and attributes in the specified identity store.

## Request Syntax
<a name="API_UpdateUser_RequestSyntax"></a>

```
{
   "IdentityStoreId": "string",
   "Operations": [ 
      { 
         "AttributePath": "string",
         "AttributeValue": JSON value
      }
   ],
   "UserId": "string"
}
```

## Request Parameters
<a name="API_UpdateUser_RequestParameters"></a>

For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).

The request accepts the following data in JSON format.

 ** [IdentityStoreId](#API_UpdateUser_RequestSyntax) **   <a name="singlesignon-UpdateUser-request-IdentityStoreId"></a>
The globally unique identifier for the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 36.  
Pattern: `d-[0-9a-f]{10}$|^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`   
Required: Yes

 ** [Operations](#API_UpdateUser_RequestSyntax) **   <a name="singlesignon-UpdateUser-request-Operations"></a>
A list of `AttributeOperation` objects to apply to the requested user. These operations might add, replace, or remove an attribute. For more information on the attributes that can be added, replaced, or removed, see [User](https://docs.aws.amazon.com/singlesignon/latest/IdentityStoreAPIReference/API_User.html).  
Type: Array of [AttributeOperation](API_AttributeOperation.md) objects  
Array Members: Minimum number of 1 item. Maximum number of 100 items.  
Required: Yes

 ** [UserId](#API_UpdateUser_RequestSyntax) **   <a name="singlesignon-UpdateUser-request-UserId"></a>
The identifier for a user in the identity store.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 47.  
Pattern: `([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}`   
Required: Yes

## Response Elements
<a name="API_UpdateUser_ResponseElements"></a>

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

## Errors
<a name="API_UpdateUser_Errors"></a>

For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** AccessDeniedException **   
You do not have sufficient access to perform this action.    
 ** Reason **   
Indicates the reason for an access denial when returned by KMS while accessing a Customer Managed KMS key. For non-KMS access-denied errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** ConflictException **   
This request cannot be completed for one of the following reasons:  
+ Performing the requested operation would violate an existing uniqueness claim in the identity store. Resolve the conflict before retrying this request.
+ The requested resource was being concurrently modified by another request.  
 ** Reason **   
Indicates the reason for a conflict error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** InternalServerException **   
The request processing has failed because of an unknown error, exception or failure with an internal server.    
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 500

 ** ResourceNotFoundException **   
Indicates that a requested resource is not found.    
 ** Reason **   
Indicates the reason for a resource not found error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** ResourceId **   
The identifier for a resource in the identity store that can be used as `UserId` or `GroupId`. The format for `ResourceId` is either `UUID` or `1234567890-UUID`, where `UUID` is a randomly generated value for each resource when it is created and `1234567890` represents the ` IdentityStoreId` string value. In the case that the identity store is migrated from a legacy SSO identity store, the `ResourceId` for that identity store will be in the format of `UUID`. Otherwise, it will be in the `1234567890-UUID` format.  
 ** ResourceType **   
An enum object indicating the type of resource in the identity store service. Valid values include USER, GROUP, and IDENTITY\$1STORE.
HTTP Status Code: 400

 ** ServiceQuotaExceededException **   
The request would cause the number of users or groups in the identity store to exceed the maximum allowed.    
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

 ** ThrottlingException **   
Indicates that the principal has crossed the throttling limits of the API operations.    
 ** Reason **   
Indicates the reason for the throttling error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.  
 ** RetryAfterSeconds **   
The number of seconds to wait before retrying the next request.
HTTP Status Code: 400

 ** ValidationException **   
The request failed because it contains a syntax error.    
 ** Reason **   
Indicates the reason for the validation error when the service is unable to access a Customer Managed KMS key. For non-KMS permission errors, this field is not included.  
 ** RequestId **   
The identifier for each request. This value is a globally unique ID that is generated by the identity store service for each sent request, and is then returned inside the exception if the request fails.
HTTP Status Code: 400

## Examples
<a name="API_UpdateUser_Examples"></a>

### Example 1
<a name="API_UpdateUser_Example_1"></a>

This example updates the specified user's nickname to Johnny and the user name to John Doe.

#### Sample Request
<a name="API_UpdateUser_Example_1_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "UserId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
    "Operations": [
        {
            "AttributePath": "nickName",
            "AttributeValue": "Johnny"
        },
        {
            "AttributePath": "userName",
            "AttributeValue": "John Doe"
        }
    ]
}
```

#### Sample Response
<a name="API_UpdateUser_Example_1_Response"></a>

```
No response
```

### Example 2
<a name="API_UpdateUser_Example_2"></a>

This example updates the family name of the specified user to Smith. 

#### Sample Request
<a name="API_UpdateUser_Example_2_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "UserId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
    "Operations": [
        {
            "AttributePath": "name.familyName",
            "AttributeValue": "Smith"
        }
    ]
}
```

#### Sample Response
<a name="API_UpdateUser_Example_2_Response"></a>

```
No response
```

### Example 3
<a name="API_UpdateUser_Example_3"></a>

This example updates the phone number for the specified user. 

#### Sample Request
<a name="API_UpdateUser_Example_3_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "UserId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
    "Operations": [
        {
            "AttributePath": "phoneNumbers",
            "AttributeValue": [
            {
                "Value": "832-555-0100",
                "Type": "home",
                "Primary": true
            }
          ]
        }
    ]
}
```

#### Sample Response
<a name="API_UpdateUser_Example_3_Response"></a>

```
No response
```

### Example 4
<a name="API_UpdateUser_Example_4"></a>

This example replaces all attributes in `aws:identitystore:enterprise` extension for the specified user.

#### Sample Request
<a name="API_UpdateUser_Example_4_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "UserId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
    "Operations": [
        {
            "AttributePath": "aws:identitystore:enterprise",
            "AttributeValue": {
                "employeeNumber": "701984",
                "costCenter": "4130"
            }
        }
    ]
}
```

#### Sample Response
<a name="API_UpdateUser_Example_4_Response"></a>

```
No response
```

### Example 5
<a name="API_UpdateUser_Example_5"></a>

This example replaces only `department` in `aws:identitystore:enterprise` extension for the specified user.

#### Sample Request
<a name="API_UpdateUser_Example_5_Request"></a>

```
{
    "IdentityStoreId": "d-1234567890",
    "UserId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
    "Operations": [
        {
            "AttributePath": "aws:identitystore:enterprise.department",
            "AttributeValue": "Park Admissions"
        }
    ]
}
```

#### Sample Response
<a name="API_UpdateUser_Example_5_Response"></a>

```
No response
```

## See Also
<a name="API_UpdateUser_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/identitystore-2020-06-15/UpdateUser) 
+  [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/identitystore-2020-06-15/UpdateUser) 
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/identitystore-2020-06-15/UpdateUser) 
+  [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/identitystore-2020-06-15/UpdateUser) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/identitystore-2020-06-15/UpdateUser) 
+  [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/identitystore-2020-06-15/UpdateUser) 
+  [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/identitystore-2020-06-15/UpdateUser) 
+  [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/identitystore-2020-06-15/UpdateUser) 
+  [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/identitystore-2020-06-15/UpdateUser) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/identitystore-2020-06-15/UpdateUser)