OCI IAM - OCI Command line - Uploading API Keys to User in Default and Custom Domain

In our previous post, we explored how to create users in both the Default domain and a custom domain using the OCI Command Line Interface (CLI). In this article, we will cover another common requirement: uploading an API key to a user (Default and Custom Domain).

While API keys can typically be created and managed through the OCI Console, there are scenarios where CLI becomes essential, such as during API key rotation. In such cases, a new key must be generated and uploaded to the user. Now, imagine performing this task for 100 users. it quickly becomes a time-consuming and error-prone process.

Moreover, API key rotation is often a recurring task in enterprise environments. Fortunately, OCI CLI makes this process simple, efficient, and easily automatable.

In this post we will create a ssh key and upload to a user located in Default and Custom domain.

Creation of SSH Key

For key creation we execute openssl command.

[kmkittu200@19aecd02d604 .oci]$ openssl genrsa   -out "$HOME/.oci/private_key.pem" 2048

Generating RSA private key, 2048 bit long modulus (2 primes)

********************************+++++

**************************************************************************************************************+++++

e is 65537 (0x010001)

[kmkittu200@19aecd02d604 .oci]$ ls -lrt

total 4

-rw-------. 1 kmkittu200 oci 1675  01:42 private_key.pem

 

[kmkittu200@19aecd02d604 .oci]$ openssl rsa -pubout -in "$HOME/.oci/private_key.pem"  -out "$HOME/.oci/public_key.pem"

writing RSA key

[kmkittu200@19aecd02d604 .oci]$ ls -lrt

total 8

-rw-------. 1 kmkittu200 oci 1675 01:42 private_key.pem

-rw-r--r--. 1 kmkittu200 oci  451  01:44 public_key.pem

Upload SSH Key to OCI user (Default domain) as API Key

$ oci iam user api-key upload -i

> oci iam user api-key upload --user-id ocid1.user.oc1..aaaaaaaaavicnqssyaeq6qjljebqygcgckiwscwz2kmcdgrzkf2lnmgr46qa --key-file oci_api_key_public.pem

User-id -> User OCID
key -> Provide public key name, if required provide along with location.

 Output                                                                                                                                                    

{

  "data": {

    "fingerprint": "86:76:fc:18:1f:a6:60:a9:a0:0f:68:d1:7a:77:fa:8c",

    "inactive-status": null,

    "key-id": "ocid1.tenancy.oc1..aaaaaaaap2v6pumkwkwwnvplozuv6gvwvbsy352iluostn2wtpf5kfu7cyva/ocid1.user.oc1..aaaaaaaaavicnqssyaeq6qjljebqygcgckiwscwz2kmcdgrzkf2lnmgr46qa/86:76:fc:18:1f:a6:60:a9:a0:0f:68:d1:7a:77:fa:8c",

    "key-value": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvMNfT24DJmkSH9Q/WgI\n3/bmGDUFg825nAkI0YAhkDjuFHPaZqvhDfmq89Z/ok3DknEnZTHcicydOGiP1YLy\nRU5xEKzOIlgQloaOMe9oSRu9piN8yJI9JMKynp9tXJTK89m8b0x86FL3+Gfvdt5/\nn6SbnSiEem+Pv5z3HfXcXcPD4KOyI4C+vizSi25kSc4E3KOunKXoB+VdgtyNryi1\nd1mQVtNlT+59PPOiA0eC0HlR+NWphTlZmk3D0dU6xw2Xaul+imvAH+8s3EfesOMY\n3ieDCcd8IVLNWVKovgzvKhy5++gVVDAIG9fwmUMNBszcRsuTsPkSWaAahxwI5tuy\noQIDAQAB\n-----END PUBLIC KEY-----",

    "lifecycle-state": "ACTIVE",

    "time-created": "2025-05-25T00:02:53.523000+00:00",

    "user-id": "ocid1.user.oc1..aaaaaaaaavicnqssyaeq6qjljebqygcgckiwscwz2kmcdgrzkf2lnmgr46qa"

  },

  "etag": "e8e38da1396b46a5bd53141183b7135b"

}

 

Upload SSH Key to OCI user - Custom domain as API Key

For Custom domain the command is different to upload API key.

oci identity-domains api-key create \

  --endpoint "$DOMAIN_ENDPOINT" \

  --domain-ocid "$DOMAIN_OCID" \

  --key "$(cat $PUBLIC_KEY_PATH)" \

  --fingerprint "$FINGERPRINT" \

  --schemas '["urn:ietf:params:scim:schemas:oracle:idcs:ApiKey"]' \

  --user "$(echo "{\"value\":\"$GID\"}")"

 

Endpoint – Domain Regional URL

Domain-ocid – OCID of custom domain.

We can collect both the endpoint and Domain-ocid from the domain details page.

Key – we need to provide content of public key file (not the file name)

Fingerprint – fingerprint of the ssh key that has been created. It can be collected by executing command

openssl rsa -pubin -in <public key file path>" -outform DER 2>/dev/null | openssl dgst -sha1 -binary | xxd -p | tr -d '\n' | sed 's/\(..\)/\1:/g; s/:$//')

Example

openssl rsa -pubin -in "$PUBLIC_KEY_PATH" -outform DER 2>/dev/null | openssl dgst -sha1 -binary | xxd -p | tr -d '\n' | sed 's/\(..\)/\1:/g; s/:$//')

56:e0:85:57:83:ef:ff:bf:5c:6c:78:f7:c2:1e:19:e6

 

GID can be collected using below command.

oci identity-domains user get \

>   --endpoint "<Domain end point>" \

>   --user-id "<user OCID>" \

>   --query 'data.id' \

>   --raw-output

Example

$ oci identity-domains user get \

>   --endpoint "https://idcs-53b3e3f1482c4403b98adde9ce8d09c0.us-ashburn-idcs-1.identity.us-ashburn-1.oci.oraclecloud.com:443" \

>   --user-id "ocid1.user.oc1..aaaaaaaaxvbsoj2bnr4yupvjieyz2c4cm3z2ilnytrxieo5ildb62yazxj5q" \

>   --query 'data.id' \

>   --raw-output

1497be19efd44c42b08a6a6807987a6c

 

Example – Upload API key to user in custom domain

oci identity-domains api-key create \

  --endpoint https://idcs-53b3e3f1482c4403b98adde9ce8d09c0.us-ashburn-idcs-1.identity.us-ashburn-1.oci.oraclecloud.com:443 \

  --domain-ocid ocid1.domain.oc1..aaaaaaaa27q3n53jny3fgg4ddco3al2uwidthqrf7uhkmfgeopohfjrru6oq \

  --key "$(cat public_key.pem)" \

  --fingerprint "89:96:e2:b2:c2:08:f7:a4:6a:08:77:4a:e7:fb:0e:58:cf:5e:f4:ad" \

  --schemas '["urn:ietf:params:scim:schemas:oracle:idcs:ApiKey"]' \

  --user "$(echo "{\"value\":\"1497be19efd44c42b08a6a6807987a6c\"}")"

 

 

$ oci identity-domains api-key create   --endpoint https://idcs-53b3e3f1482c4403b98adde9ce8d09c0.us-ashburn-idcs-1.identity.us-ashburn-1.oci.oraclecloud.com:443   --domain-ocid ocid1.domain.oc1..aaaaaaaa27q3n53jny3fgg4ddco3al2uwidthqrf7uhkmfgeopohfjrru6oq   --key "$(cat public_key.pem)"   --fingerprint "89:96:e2:b2:c2:08:f7:a4:6a:08:77:4a:e7:fb:0e:58:cf:5e:f4:ad"   --schemas '["urn:ietf:params:scim:schemas:oracle:idcs:ApiKey"]'   --user "$(echo "{\"value\":\"ocid1.user.oc1..aaaaaaaaxvbsoj2bnr4yupvjieyz2c4cm3z2ilnytrxieo5ildb62yazxj5q\"}")"

ServiceError:

{

[kmkittu200@4c64238e14dc .oci]$ oci identity-domains user get \

>   --endpoint "https://idcs-53b3e3f1482c4403b98adde9ce8d09c0.us-ashburn-idcs-1.identity.us-ashburn-1.oci.oraclecloud.com:443" \

>   --user-id "ocid1.user.oc1..aaaaaaaaxvbsoj2bnr4yupvjieyz2c4cm3z2ilnytrxieo5ildb62yazxj5q" \

>   --query 'data.id' \

>   --raw-output

1497be19efd44c42b08a6a6807987a6c

[kmkittu200@4c64238e14dc .oci]$ oci identity-domains api-key create \

>   --endpoint https://idcs-53b3e3f1482c4403b98adde9ce8d09c0.us-ashburn-idcs-1.identity.us-ashburn-1.oci.oraclecloud.com:443 \

>   --domain-ocid ocid1.domain.oc1..aaaaaaaa27q3n53jny3fgg4ddco3al2uwidthqrf7uhkmfgeopohfjrru6oq \

>   --key "$(cat public_key.pem)" \

>   --fingerprint "89:96:e2:b2:c2:08:f7:a4:6a:08:77:4a:e7:fb:0e:58:cf:5e:f4:ad" \

>   --schemas '["urn:ietf:params:scim:schemas:oracle:idcs:ApiKey"]' \

>   --user "$(echo "{\"value\":\"1497be19efd44c42b08a6a6807987a6c\"}")"

{

  "data": {

    "compartment-ocid": "ocid1.tenancy.oc1..aaaaaaaacq5gprsqz26em4koaokcntrpey4adi7mzzgve53cm44ozbxa4z4a",

    "delete-in-progress": null,

    "description": null,

    "domain-ocid": "ocid1.domain.oc1..aaaaaaaa27q3n53jny3fgg4ddco3al2uwidthqrf7uhkmfgeopohfjrru6oq",

    "fingerprint": "ad:77:ed:e0:8f:a9:85:cb:f2:26:be:4f:49:a5:ea:7b",

    "id": "785dfb86065940b38949b29bb7c40ee3",

    "idcs-created-by": {

      "display": "Krishnakumar kunka mohanram",

      "ocid": "ocid1.user.oc1..aaaaaaaalgnnlyvdwgzj75nydtw7fng3ol7ihb2gbb3shrcqmz44eykfjrwa",

      "ref": "https://idcs-53b3e3f1482c4403b98adde9ce8d09c0.us-ashburn-idcs-1.identity.us-ashburn-1.oci.oraclecloud.com:443/admin/v1/Users/b355b255db43422d8646f94c35691d14",

      "type": "User",

      "value": "b355b255db43422d8646f94c35691d14"

    },

    "idcs-last-modified-by": {

      "display": "Krishnakumar kunka mohanram",

      "ocid": "ocid1.user.oc1..aaaaaaaalgnnlyvdwgzj75nydtw7fng3ol7ihb2gbb3shrcqmz44eykfjrwa",

      "ref": "https://idcs-53b3e3f1482c4403b98adde9ce8d09c0.us-ashburn-idcs-1.identity.us-ashburn-1.oci.oraclecloud.com:443/admin/v1/Users/b355b255db43422d8646f94c35691d14",

      "type": "User",

      "value": "b355b255db43422d8646f94c35691d14"

    },

    "idcs-last-upgraded-in-release": null,

    "idcs-prevented-operations": null,

    "key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubtIqQfXFqCsi93SEFUi\nFK1aMzw5W6vk6zR3Douka+L8VKEtK968J+Wa/0FJxVtz/Q0uTBI7h1JaYsEahnF4\nzY4ideWFmTdzge0jALDJJ0DVRk/jx3t2H55OAWbIq/oTgN6FmwUK8GgT8XLouPns\nZ+WrwYd1i6PE23WQeF6Qny736XG5gsjDxZxB7k5lj4BHDe8fqchClsN/e2Y3wV6c\nc52vo0/EOy9wyl5mLEuhCDKS+93NL1lw0BnApYJ05kXk8rdFECwRYSZpYiapOj4X\nlUhVv8lISVtxe9Zqiu9zUlK6VSlyfbkJlbT8mqUQCNOEOfAsdU0X1s6VgagvO5oB\nHQIDAQAB\n-----END PUBLIC KEY-----",

    "meta": {

      "created": "2025-07-20T02:53:46.957Z",

      "last-modified": "2025-07-20T02:53:46.957Z",

      "location": "https://idcs-53b3e3f1482c4403b98adde9ce8d09c0.us-ashburn-idcs-1.identity.us-ashburn-1.oci.oraclecloud.com:443/admin/v1/ApiKeys/785dfb86065940b38949b29bb7c40ee3",

      "resource-type": "ApiKey",

      "version": "4c76dc3ed3eb4110be1a60de719b8d5c"

    },

    "ocid": "ocid1.credential.oc1..aaaaaaaa6e742z5axbbcjpast7xwp2ervjknxydz6fexdvb5izubve2nqqpq",

    "schemas": [

      "urn:ietf:params:scim:schemas:oracle:idcs:apikey"

    ],

    "tags": null,

    "tenancy-ocid": "ocid1.tenancy.oc1..aaaaaaaacq5gprsqz26em4koaokcntrpey4adi7mzzgve53cm44ozbxa4z4a",

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-self-change-user": null,

    "user": {

      "display": "customuser",

      "name": "customeruser@example.com",

      "ocid": "ocid1.user.oc1..aaaaaaaaxvbsoj2bnr4yupvjieyz2c4cm3z2ilnytrxieo5ildb62yazxj5q",

      "ref": "https://idcs-53b3e3f1482c4403b98adde9ce8d09c0.us-ashburn-idcs-1.identity.us-ashburn-1.oci.oraclecloud.com:443/admin/v1/Users/1497be19efd44c42b08a6a6807987a6c",

      "value": "1497be19efd44c42b08a6a6807987a6c"

    }

  },

  "etag": "4c76dc3ed3eb4110be1a60de719b8d5c",

  "opc-total-items": "1"

}

[kmkittu200@4c64238e14dc .oci]$

  

OCI IAM – OCI Command Line - User Creation (Default and Custom Domain)

One of the major pillars of Oracle Cloud Infrastructure is Identity Management (IAM). It defines the user access, roles and privileges on OCI resources. It must be robust and adhere the security standards. OCI IAM includes Domains, Network sources, Policies and compartments. One of the important resources in IAM is Users.

In this article we are going to discuss how to create OCI users through command line and how to upload API keys through command line.

We may get doubt that why do we need command line when we have GUI option? Its commonly asked valid question. When we perform via GUI, we need to go to portal, complete the authentication and click the icons and links to create user and upload keys. But when it is done through OCI CLI, it has been automated and can be executed quickly and also can be used for creating multiple users. In GUI we need to repeat same steps for every user which might be a time consuming one.

This article talks about user creation through command line. In OCI IAM comes with domains. Every tenancy will have default domain and option to add more domains. User creation through oci command line differs between default and customer created domains. We discuss in detail with example.

User creation in default domain

$ oci iam user create -i à Try with -i option, it will give all the available options with create command.

> oci iam user create --name ociuser --description "user for oci workloads" --email ociuser@gmail.com                                                

{

  "data": {

    "capabilities": {

      "can-use-api-keys": true,

      "can-use-auth-tokens": true,

      "can-use-console-password": true,

      "can-use-customer-secret-keys": true,

      "can-use-db-credentials": true,

      "can-use-o-auth2-client-credentials": true,

      "can-use-smtp-credentials": true

    },

    "compartment-id": "ocid1.tenancy.oc1..aaaaaaaap2v6pumkwkwwnvploza",

    "db-user-name": null,

    "defined-tags": {

      "Oracle-Tags": {

        "CreatedBy": "default/kmkittu2005@gmail.com",

        "CreatedOn": "2025-05-24T23:59:54.038Z"

      }

    },

    "description": "user for oci workloads",

    "email": "ociuser@gmail.com",

    "email-verified": false,

    "external-identifier": "6f54261a6a0843eea50f54a7e2367a66",

    "freeform-tags": {},

    "id": "ocid1.user.oc1..aaaaaaaaavicnqssyaeq6qjljebqygcgcki",

    "identity-provider-id": null,

    "inactive-status": null,

    "is-mfa-activated": false,

    "last-successful-login-time": null,

    "lifecycle-state": "ACTIVE",

    "name": "ociuser",

    "previous-successful-login-time": null,

    "time-created": "2025-05-24T23:59:54.110000+00:00"

  },

  "etag": "94b7ae93e56640ce848be8cb3c66ed55"

}

kmkittu200@codeeditor:~ (us-phoenix-1)$

User creation in Custom domain

Now lets try to create a user in custom domain. Here the command is different, we can’t use oci iam command. We should use oci identity-domains  command.

We already have a domain called ‘test’. Lets create user in test domain.

Syntax:
oci identity-domains user create

--domain-ocid  <domain ocid>

--user-name <username>

--display-name <user display name>

--schemas '["urn:ietf:params:scim:schemas:core:2.0:User"]' à default value

--name '{"givenName":"<first-name>","familyName":"<last-name>"}'

--emails '[{"value":"ociuser@gmail.com",”type:<type of workload>,"primary":true}]'

--endpoint <Regional endpoint>

 

Domain-ocid can be collected from domain details page.

Username – the actual username

Display name – the user name displayed in the banner. Its for our understanding.

Schemas – This parameter is part of the SCIM (System for Cross-domain Identity Management) standard. It tells the Identity Domain API what kind of resource you're creating and which schema it follows. The default value denotes that we are creating SCIM User object using the core user schema defined by SCIM 2.0. SCIM compliance is mandatory, since OCI Identity Domains are based on IDCS (Oracle Identity Cloud Service) which is SCIM-compliant.

Name – Having first and last name values.
emails – it needs not only email and also requires type of email (“work”,”home” or “other”). We can define multiple emails for the user. We need to specify which email id is primary.
endpoint – its regional endpoint of domain. It can be collected from domain details page.

 

Example:

$ oci identity-domains user create \

> --domain-ocid ocid1.domain.oc1..aaaaaaaabn6436zhyo34dfj4ttgyscssk2joc3w37ghdtbpa625pclq4behq \

> --user-name "ociuser.test " \

> --display-name "ociuser test" \

> --schemas '["urn:ietf:params:scim:schemas:core:2.0:User"]' \

> --name '{"givenName":"ociuser","familyName":"test"}' \

> --emails '[{"value":"ociuser@gmail.com","type":"work","primary":true}]' \

> --endpoint https://idcs-7b841dd4db2147d389ea8ca2d93be8f3.us-phoenix-idcs-3.identity.us-phoenix-1.oci.oraclecloud.com:443

{

  "data": {

    "active": true,

    "addresses": null,

    "compartment-ocid": "ocid1.tenancy.oc1..aaaaaaaap2v6pumkwkwwnvplozuv6gvwvbsy352iluostn2wtpf5kfu7cyva",

    "delete-in-progress": null,

    "description": null,

    "display-name": "ociuser test",

    "domain-ocid": "ocid1.domain.oc1..aaaaaaaabn6436zhyo34dfj4ttgyscssk2joc3w37ghdtbpa625pclq4behq",

    "emails": [

      {

        "pending-verification-data": null,

        "primary": false,

        "secondary": false,

        "type": "recovery",

        "value": "ociuser@gmail.com",

        "verified": false

      },

      {

        "pending-verification-data": null,

        "primary": true,

        "secondary": false,

        "type": "work",

        "value": "ociuser@gmail.com",

        "verified": false

      }

    ],

    "entitlements": null,

    "external-id": null,

    "groups": null,

    "id": "d36b61edced74a92af6783cde547d5e7",

    "idcs-created-by": {

      "display": "Krishnakumar Mohanram",

      "ocid": "ocid1.user.oc1..aaaaaaaanswicp4lg4zx3qnql3yoiyhu6r",

      "ref": "https://idcs-7b841dd4db2147d389ea8ca2d93be8f3.us-phoenix-idcs-3.identity.us-phoenix-1.oci.oraclecloud.com:443/admin/v1/Users/6a6d4c9e3d914a71a6d4095076554a99",

      "type": "User",

      "value": "6a6d4c9e3d914a71a6d4095076554a99"

    },

    "idcs-last-modified-by": {

      "display": "Krishnakumar Mohanram",

      "ocid": "ocid1.user.oc1..aaaaaaaanswicp4lg4zx3qnql3yoiyhu6raa",

      "ref": "https://idcs-7b841dd4db2147d389ea8ca2d93be8f3.us-phoenix-idcs-3.identity.us-phoenix-1.oci.oraclecloud.com:443/admin/v1/Users/6a6d4c9e3d914a71a6d4095076554a99",

      "type": "User",

      "value": "6a6d4c9e3d914a71a6d4095076554a99"

    },

    "idcs-last-upgraded-in-release": null,

    "idcs-prevented-operations": null,

    "ims": null,

    "locale": null,

    "meta": {

      "created": "2025-05-25T00:13:59.366Z",

      "last-modified": "2025-05-25T00:13:59.366Z",

      "location": "https://idcs-7b841dd4db2147d389ea8ca2d93be8f3.us-phoenix-idcs-3.identity.us-phoenix-1.oci.oraclecloud.com:443/admin/v1/Users/d36b61edced74a92af6783cde547d5e7",

      "resource-type": "User",

      "version": "6eda118f39504260bd5ad4f307e93c59"

    },

    "name": {

      "family-name": "test",

      "formatted": "ociuser test",

      "given-name": "ociuser",

      "honorific-prefix": null,

      "honorific-suffix": null,

      "middle-name": null

    },

    "nick-name": null,

    "ocid": "ocid1.user.oc1..aaaaaaaas3gmm2a444r7l6rnavvp5rrq",

    "password": null,

    "phone-numbers": null,

    "photos": null,

    "preferred-language": null,

    "profile-url": null,

    "roles": null,

    "schemas": [

      "urn:ietf:params:scim:schemas:core:2.0:User",

      "urn:ietf:params:scim:schemas:oracle:idcs:extension:userState:User",

      "urn:ietf:params:scim:schemas:oracle:idcs:extension:OCITags",

      "urn:ietf:params:scim:schemas:oracle:idcs:extension:user:User"

    ],

    "tags": null,

    "tenancy-ocid": "ocid1.tenancy.oc1..aaaaaaaap2v6pumkwabcs",

    "timezone": null,

    "title": null,

    "urn-ietf-params-scim-schemas-extension-enterprise2-0-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-adaptive-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-capabilities-user": {

      "can-use-api-keys": true,

      "can-use-auth-tokens": true,

      "can-use-console": null,

      "can-use-console-password": true,

      "can-use-customer-secret-keys": true,

      "can-use-db-credentials": true,

      "can-use-o-auth2-client-credentials": true,

      "can-use-smtp-credentials": true

    },

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-db-credentials-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-db-user-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-kerberos-user-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-mfa-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-oci-tags": {

      "defined-tags": [

        {

          "key": "CreatedBy",

          "namespace": "Oracle-Tags",

          "value": "default/kmkittu2005@gmail.com"

        },

        {

          "key": "CreatedOn",

          "namespace": "Oracle-Tags",

          "value": "2025-05-25T00:13:59.282Z"

        }

      ],

      "freeform-tags": null,

      "tag-slug": null

    },

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-password-state-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-passwordless-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-posix-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-security-questions-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-self-change-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-self-registration-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-sff-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-social-account-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-terms-of-use-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-user-credentials-user": null,

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-user-state-user": {

      "last-failed-login-date": null,

      "last-successful-login-date": null,

      "locked": {

        "expired": null,

        "lock-date": null,

        "on": false,

        "reason": null

      },

      "login-attempts": null,

      "max-concurrent-sessions": null,

      "previous-successful-login-date": null,

      "recovery-attempts": null,

      "recovery-enroll-attempts": null,

      "recovery-locked": null

    },

    "urn-ietf-params-scim-schemas-oracle-idcs-extension-user-user": {

      "account-recovery-required": null,

      "accounts": null,

      "app-roles": null,

      "applicable-authentication-target-app": null,

      "bypass-notification": null,

      "creation-mechanism": null,

      "delegated-authentication-target-app": null,

      "do-not-show-getting-started": null,

      "grants": null,

      "group-membership-last-modified": null,

      "idcs-app-roles-limited-to-groups": null,

      "is-account-recovery-enrolled": null,

      "is-authentication-delegated": null,

      "is-federated-user": false,

      "is-group-membership-normalized": null,

      "is-group-membership-synced-to-users-groups": null,

      "notification-email-template-id": null,

      "preferred-ui-landing-page": "MyApps",

      "provider": null,

      "service-user": null,

      "status": null,

      "support-accounts": null,

      "synced-from-app": null,

      "user-flow-controlled-by-external-client": null,

      "user-token": null

    },

    "user-name": "ociuser.test",

    "user-type": null,

    "x509-certificates": null

  },

  "etag": "6eda118f39504260bd5ad4f307e93c59",

  "opc-next-page": "MQ==",

  "opc-total-items": "1"

}

kmkittu200@codeeditor:~ (us-phoenix-1)$