How to get the list of inactive users in an apigee organization

Hi All,

We need to identify the list of inactive users in an organization who have not logged into the apigee edge MUI from some duration like past 6 months. We are not able to find any such management api call to get the data.

How can we achieve this ?

Is there any Management API call available that can be used ?

We need this data to delete the inactive users in apigee edge.

Thanks

1 5 1,333
5 REPLIES 5

I'm not aware of any management API that would give you this information. I recommend filing a support ticket to get this data.

Not applicable

@Neetu Garg Have you found the solution for it? If so can you pls share here as we also have the same requirement. Your answer will be helpful. Thanks in advance.

Could you please try out below API call

https://docs.apigee.com/management/apis/get/audits/users/%7Buser_email%7D

This API is released for use in Edge for the Private Cloud only and requires System Admin credentials.

The best approach would be to setup a machine user with the necessary permissions to periodically remove users' roles from your org(s) automatically after 90 days of inactivity. This will require a bit of scripting, as we do not have such a feature available out of the box. There are three stages to fully automate this:


1. Get a list of users for a role:
https://apidocs.apigee.com/management/apis/get/organizations/%7Borg_name%7D/userroles/%7Brole_name%7...

For each role in your org that you assign to your users, this API will give the list of users assigned to that role. For example, you might have a 'businessuser' role. You could use this API to find all the users currently with the businessuser role in your org.

2. To check for inactivity, please look at the Audit API:
https://apidocs.apigee.com/management/apis/get/audits/users/%7Buser_email%7D

This API takes a username, startDate, and endDate. You could use it to get the user's activity for the last 90 days. Be careful with this as it will include activity for all orgs they are assigned to. Please check the org before deleting.

An example output is:
<AuditRecord>
<ClientIP>*.*.*.*</ClientIP>
<Id>3d624b7d-734a-4005-b568-d488916d22d7</Id>
<Operation>DELETE</Operation>
<Organization>orgname</Organization>
<RequestUri>/v1/organizations/orgname/environments/prod/apis/apiname/revisions/5/debugsessions/......</RequestUri>
<ResponseCode>200</ResponseCode>
<TimeStamp>1540252653291</TimeStamp>
<Type>Audit</Type>
<User>markeccles@google.com</User>
<X-Forwarded-For>*.*.*.*,*.*.*.*</X-Forwarded-For>
</AuditRecord>

If the user was inactive, then the API simply returns an empty XML response like <AuditRecords/>

3. The API to remove a role is this one:
https://apidocs.apigee.com/management/apis/delete/organizations/%7Borg_name%7D/userroles/%7Brole_nam...

The API to view the audit logs is limited to private cloud.Do we have API with same functionality for public cloud @Dino @Anil Sagar @ Google