Providing you are a LUSID user with sufficient privileges, you can set up a new account for a personal user in conjunction with the person for whom the account is intended. Note every user automatically gets a unique ID.
Note: If you are the LUSID domain owner, you are automatically assigned the built-in
lusid-administrator
role, which has all the permissions necessary to perform the operations in this article.
Once created, you should assign appropriate roles to the user to grant permissions to use LUSID in keeping with their professional responsibilities.
Using the LUSID web app
Sign in to the LUSID web app using the credentials of a LUSID administrator.
From the left-hand menu, select Identity and Access > Users:
On the Users dashboard, click the Create user button:
Specify an Account type of Personal, enter a valid Email address for that person (this will be their LUSID username; it must be unique within your LUSID domain) and optionally choose a role using the Add roles button (you can also do this later):
Click the Save button to send an email to complete the sign up process.
Using the Identity API
Call the CreateUser API, passing in your API access token and specifying account characteristics. Note
login
andemailAddress
must reference the same, valid email address (this will be their LUSID username), and it must be unique within your LUSID domain. For example:curl -X POST "https://<your-domain>.lusid.com/identity/api/users" -H "Authorization: Bearer <your-access-token>" -H "Content-Type: application/json" -d '{"emailAddress":"john.doe@acme.com","firstName":"John","lastName":"Doe","login":"john.doe@acme.com","roles":[],"type":"Personal"}'
The response contains an automatically-generated id that uniquely identifies the user:
{ "id": "00ubs2thwmMfDLhVN2p7", "emailAddress": "john.doe@acme.com", "login": "john.doe@acme.com", "firstName": "John", "lastName": "Doe", "roles": [], "type": "Personal", "status": "PROVISIONED", "external": false, ... }
An email is automatically sent to complete the sign up process.
Completing the sign up process
The person for whom the account is intended must complete the sign up process by clicking the link in the email. If they don’t receive the email, you can send it again. This person must specify a LUSID password, and set up at least one MFA factor.
Note a LUSID password must conform to the following specification:
At least 12 characters
A lowercase letter
An uppercase letter
A number
A symbol
No parts of your username.
Note you can reset a user's password and force them to choose a new one.