Username to renew two-factor authentication secret for.
Configuration options for the new two-factor authentication setup.
No Additional PropertiesRepresents number of allowed digits in the OTP.
Value must be greater or equal to 6 and lesser or equal to 8
Time duration in seconds specifying OTP expiration time from its creation time.
Value must be greater or equal to 5
UserRenew2faSecretResult return fields.
No Additional PropertiesThis is the API identifier for the user. Use this ID for user.update and user.delete API calls. This ID also appears in the users array for each group entry in group.query results.
NOTE: For users from a directory service, the id is calculated by adding 100000000 to the uid. This ensures consistent API results. You cannot change directory service accounts through TrueNAS.
A non-negative integer used to identify a system user. TrueNAS uses this value for permission checks and many other system purposes.
A string used to identify a user. Local accounts must use characters from the POSIX portable filename character set.
Must be at least 1 characters long
Hashed password for local accounts. This value is null for accounts provided by directory services.
NT hash of the local account password for smb users. This value is null for accounts provided by directory services or non-SMB accounts.
The local file system path for the user account's home directory.
Typically, this is required only if the account has shell access (local or SSH) to TrueNAS.
This is not required for accounts used only for SMB share access.
Must be at least 1 characters long
Available choices can be retrieved with user.shell_choices.
Must be at least 1 characters long
Comment field to provide additional information about the user account. Typically, this is the full name of the user or a short description of a service account. There are no character set restrictions for this field. This field is for information only.
If true, the user account is an internal system account for the TrueNAS server. Typically, one should create dedicated user accounts for access to the TrueNAS server webui and shares.
The user account may be used to access SMB shares. If set to true then TrueNAS stores an NT hash of the user account's password for local accounts. This feature is unavailable for local accounts when General Purpose OS STIG compatibility mode is enabled. If set to true the user is automatically added to the builtin_users group.
Specifies the subuid mapping for this user. If DIRECT then the UID will be directly mapped to all containers. Alternatively, the target UID may be explicitly specified. If null, then the UID will not be mapped.
NOTE: This field will be ignored for users that have been assigned TrueNAS roles.
Value must be greater or equal to 1 and lesser or equal to 4294967294
The primary group of the user account.
Array of additional groups to which the user belongs. NOTE: Groups are identified by their group entry id, not their Unix group ID (gid).
If set to true password authentication for the user account is disabled.
NOTE: Users with password authentication disabled may still authenticate to the TrueNAS server by other methods, such as SSH key-based authentication.
NOTE: Password authentication is required for smb users.
Allow the user to authenticate to the TrueNAS SSH server using a password.
WARNING: The established best practice is to use only key-based authentication for SSH servers.
SSH public keys corresponding to private keys that authenticate this user to the TrueNAS SSH server.
If set to true the account is locked. The account cannot be used to authenticate to the TrueNAS server.
An array of commands the user may execute with elevated privileges. User is prompted for password when executing any command from the array.
No Additional ItemsMust be at least 1 characters long
An array of commands the user may execute with elevated privileges. User is not prompted for password when executing any command from the array.
No Additional ItemsMust be at least 1 characters long
Email address of the user. If the user has the FULL_ADMIN role, they will receive email alerts and notifications.
Must be at least 1 characters long
If true, the account is local to the TrueNAS server. If false, the account is provided by a directory service.
If true, the account is system-provided and most fields related to it may not be changed.
If true, the account has been configured for two-factor authentication. Users are prompted for a second factor when authenticating to the TrueNAS web UI and API. They may also be prompted when signing in to the TrueNAS SSH server using a password (depending on global two-factor authentication settings).
The Security Identifier (SID) of the user if the account an smb account. The SMB server uses this value to check share access and for other purposes.
The date of the last password change for local user accounts.
The age in days of the password for local user accounts.
This contains hashes of the ten most recent passwords used by local user accounts, and is for enforcing password history requirements as defined in system.security.
Password change for local user account is required on next login.
Array of roles assigned to this user's groups. Roles control administrative access to TrueNAS through the web UI and API.
No Additional ItemsArray of API key IDs associated with this user account for programmatic access.
No Additional ItemsNew two-factor authentication configuration with provisioning details.
No Additional PropertiesQR code URI for setting up two-factor authentication in authenticator apps. null if not available.
Whether a two-factor authentication secret has been configured for this user.
Time interval in seconds for OTP validity period.
Number of digits in the generated one-time password codes.