Skip to content
CrowdStrike Developer Center

User Management

The User Management service collection provides operations for managing users, roles, and permissions within your CrowdStrike Falcon environment. Create and delete user accounts, assign and revoke roles, and query user grants across direct and Flight Control (MSSP) contexts. Retrieve available role definitions and aggregate user data for auditing and compliance.

LanguageLast Update
Pythonv1.6.1
PowerShellv2.2.9
Gov0.20.0
TypeScriptv0.6.0
Rustv0.7.0
Rubyv1.2.0

This service collection has code examples posted to the repository.

Table of Contents

Section titled “Table of Contents”
OperationDescription
aggregateUsersV1
aggregate_users		Get user aggregates as specified via json in request body.
GetRoles
get_roles		Get info about a role.
combinedUserRolesV1
get_user_grants_v1		Get user grant(s). This operation lists both direct as well as flight control grants between a User and a Customer.
deprecated
CombinedUserRolesV2
get_user_grants		Get user grant(s). This operation lists both direct as well as flight control grants between a User and a Customer.
entitiesRolesV1
get_roles_mssp_v1		Get info about a role, supports Flight Control.
deprecated
entitiesRolesGETV2
get_roles_mssp		Get info about a role.
userActionV1
user_action		Apply actions to one or more users.
userRolesActionV1
user_roles_action		Grant or Revoke one or more role(s) to a user against a CID.
GrantUserRoleIds
grant_user_role_ids		Assign one or more roles to a user.
RevokeUserRoleIds
revoke_user_role_ids		Revoke one or more roles from a user
GetAvailableRoleIds
get_available_role_ids		Show role IDs for all roles available in your customer account. For more information on each role, provide the role ID to GetRoles.
queriesRolesV1
query_roles		Show role IDs for all roles available in your customer account. Supports Flight Control.
queryUserV1
query_users		List user IDs for all users in your customer account.
GetUserRoleIds
get_user_role_ids		Show role IDs of roles assigned to a user. For more information on each role, provide the role ID to GetRoles.
RetrieveUser
retrieve_user		Get info about a user.
retrieveUsersGETV1
retrieve_users		Get info about users including their name, UID and CID by providing user UUIDs.
CreateUser
create_user		Create a new user. After creating a user, assign one or more roles with GrantUserRoleIds.
createUserV1
create_user_mssp		Create a new user. After creating a user, assign one or more roles with userRolesActionV1. Supports Flight Control.
DeleteUser
delete_user		Delete a user permanently.
deleteUserV1
delete_user_mssp		Delete a user permanently. Supports Flight Control.
UpdateUser
update_user		Modify an existing user’s first or last name
updateUserV1
update_user_mssp		Modify an existing user’s first or last name. Supports Flight Control.
RetrieveEmailsByCID
retrieve_emails_by_cid		List the usernames (usually an email address) for all users in your customer account
RetrieveUserUUIDsByCID
retrieve_user_uuids_by_cid		List user IDs for all users in your customer account. For more information on each user, provide the user ID to RetrieveUser.
RetrieveUserUUID
retrieve_user_uuid		Get a user’s ID by providing a username (usually an email address)

aggregateUsersV1

Section titled “aggregateUsersV1”

Get user aggregates as specified via json in request body.

POST /user-management/aggregates/users/v1
Consumes · Produces application/json
PEP 8 aggregate_users

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodydictionaryFull body payload in JSON format
date_rangesbodylist of dictionariesApplies to date_range aggregations.

Example:
[
  {
    “from”: “2016-05-28T09:00:31Z”,
    “to”: “2016-05-30T09:00:31Z”
  },
  {
    “from”: “2016-06-01T09:00:31Z”,
    “to”: “2016-06-10T09:00:31Z”
  }
]
excludebodystringElements to exclude.
extended_boundsbodydictionaryExtended aggregate boundaries. Contains max and min values as strings.

Example:
  {
    “max”: “string”,
    “min”: “string”
  }
fieldbodystringThe field on which to compute the aggregation.
filterbodystringFQL syntax formatted string to use to filter the results.
frombodyintegerStarting position.
includebodystringElements to include.
intervalbodystringTime interval for date histogram aggregations. Valid values include:
  • year
  • month
  • week
  • day
  • hour
  • minute
max_doc_countbodyintegerOnly return buckets if values are less than or equal to the value here.
min_doc_countbodyintegerOnly return buckets if values are greater than or equal to the value here.
missingbodystringMissing is the value to be used when the aggregation field is missing from the object. In other words, the missing parameter defines how documents that are missing a value should be treated. By default they will be ignored, but it is also possible to treat them as if they had a value.
namebodystringName of the aggregate query, as chosen by the user. Used to identify the results returned to you.
qbodystringFull text search across all metadata fields.
rangesbodylist of dictionariesApplies to range aggregations. Ranges values will depend on field.

For example, if max_severity is used, ranges might look like:
[
  {
    “From”: 0,
    “To”: 70
  },
  {
    “From”: 70,
    “To”: 100
  }
]
sizebodyintegerThe max number of term buckets to be returned.
sub_aggregatesbodylist of dictionariesA nested aggregation, such as:
[
  {
    “name”: “max_first_behavior”,
    “type”: “max”,
    “field”: “first_behavior”
  }
]

There is a maximum of 3 nested aggregations per request.
sortbodystringFQL syntax string to sort bucket results.
  • _count - sort by document count
  • _term - sort by the string value alphabetically
Supports asc and desc using | format.

Example: _count|desc
time_zonebodystringTime zone for bucket results.
typebodystringType of aggregation. Valid values include:
  • date_histogram - Aggregates counts on a specified time interval. Requires use of “interval” field.
  • date_range - Aggregates counts on custom defined date range buckets. Can include multiple ranges. (Similar to time series, but the bucket sizes are variable). Date formats to follow ISO 8601.
  • terms - Buckets alerts by the value of a specified field. For example, if field used is scenario, then alerts will be bucketed by the various alert scenario names.
  • range - Buckets alerts by specified (numeric) ranges of a specified field. For example, if doing a range aggregation on the max_severity field, the alerts will be counted by the specified ranges of severity.
  • cardinality - Returns the count of distinct values in a specified field.
  • max - Returns the maximum value of a specified field.
  • min - Returns the minimum value of a specified field.
  • avg - Returns the average value of the specified field.
  • sum - Returns the total sum of all values for the specified field.
  • percentiles - Returns the following percentiles for the specified field: 1, 5, 25, 50, 75, 95, 99.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


response = falcon.aggregate_users(date_ranges="string",
                                  exclude="string",
                                  extended_bounds={},
                                  field="string",
                                  filter="string",
                                  from=integer,
                                  include="string",
                                  interval="string",
                                  max_doc_count=integer,
                                  min_doc_count=integer,
                                  missing="string",
                                  name="string",
                                  q="string",
                                  ranges=[{"key": "value"}],
                                  size=integer,
                                  sort="string",
                                  sub_aggregates=["string"],
                                  time_zone="string",
                                  type="string")
print(response)

GetRoles

Section titled “GetRoles”

Get info about a role

GET /user-roles/entities/user-roles/v1
Scope User Management: READ Consumes · Produces application/json
PEP 8 get_roles

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsID of a role. Find a role ID from GetAvailableRoleIds or GetUserRoleIds.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_roles(ids=id_list)
print(response)

combinedUserRolesV1

Section titled “combinedUserRolesV1”

Get User Grant(s). This operation lists both direct as well as flight control grants between a User and a Customer.

deprecated This operation has been superseded by the CombinedUserRolesV2 operation and is now deprecated. Developers should move code over to this new operation as soon as time permits.

GET /user-management/combined/user-roles/v1
Scope User Management: READ Consumes · Produces application/json
PEP 8 get_user_grants_v1

Parameters

Section titled “Parameters”
NameTypeData typeDescription
cidquerystringCustomer ID to get grants for. An empty CID value returns Role IDs for the user against the current CID in view.
direct_onlyquerybooleanSpecifies if to request direct only role grants or all role grants between user and CID (specified using cid keyword).
filterquerystringThe filter expression that should be used to limit the results. FQL syntax.
Available values: expires_at, role_id, role_name
limitqueryintegerThe maximum number of records to return.
Default: 100
Maximum: 500
offsetqueryintegerThe integer offset to start retrieving records from.
Default: 0
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.
sortquerystringThe property to sort by. FQL syntax.
Available sort values: cid, expires_at, role_name, type, user_uuid
user_uuidquerystringUser UUID to retrieve available roles for. Must be provides as a keyword, argument or part of the parameters payload.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


response = falcon.get_user_grants_v1(user_uuid="string",
                                     cid="string",
                                     direct_only=boolean,
                                     filter="string",
                                     offset=integer,
                                     limit=integer,
                                     sort="string")
print(response)

CombinedUserRolesV2

Section titled “CombinedUserRolesV2”

Get User Grant(s). This endpoint lists both direct as well as flight control grants between a User and a Customer.

GET /user-management/combined/user-roles/v2
Scope User Management: READ Consumes · Produces application/json
PEP 8 get_user_grants

Parameters

Section titled “Parameters”
NameTypeData typeDescription
cidquerystringCustomer ID to get grants for. An empty CID value returns Role IDs for the user against the current CID in view.
direct_onlyquerybooleanSpecifies if to request direct only role grants or all role grants between user and CID (specified using cid keyword).
filterquerystringThe filter expression that should be used to limit the results. FQL syntax.
Available values: expires_at, role_id, role_name
limitqueryintegerThe maximum number of records to return.
Default: 100
Maximum: 500
offsetqueryintegerThe integer offset to start retrieving records from.
Default: 0
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.
sortquerystringThe property to sort by. FQL syntax.
Available sort values: cid, expires_at, role_name, type, user_uuid
user_uuidquerystringUser UUID to retrieve available roles for. Must be provides as a keyword, argument or part of the parameters payload.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


response = falcon.get_user_grants(user_uuid="string",
                                  cid="string",
                                  direct_only=boolean,
                                  filter="string",
                                  offset=integer,
                                  limit=integer,
                                  sort="string")
print(response)

queriesRolesV1

Section titled “queriesRolesV1”

Show role IDs for all roles available in your customer account. Supports Flight Control.

GET /user-management/queries/roles/v1
Scope User Management: READ Consumes · Produces application/json
PEP 8 query_roles

Parameters

Section titled “Parameters”
NameTypeData typeDescription
actionquerystringActionable purpose of the query. Default value: grant
cidquerystringCustomer ID to get available role IDs for. An empty CID value returns Role IDs for the current CID in view.
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.
user_uuidquerystringUser UUID to retrieve available roles for. An empty user_uuid will return all role IDs available for the customer.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


response = falcon.query_roles(cid="string", user_uuid="string", action="string")
print(response)

queryUserV1

Section titled “queryUserV1”

List user IDs for all users in your customer account.

GET /user-management/queries/users/v1
Scope User Management: READ Consumes · Produces application/json
PEP 8 query_users

Parameters

Section titled “Parameters”
NameTypeData typeDescription
filterquerystringThe filter expression that should be used to limit the results. FQL syntax.
Available values: assigned_cids, cid, direct_assigned_cids, factors, first_name, has_temporary_roles, last_name, name, status, temporarily_assigned_cids, uid, uuid.
limitqueryintegerThe maximum number of records to return.
Default: 100
Maximum: 500
offsetqueryintegerThe integer offset to start retrieving records from.
Default: 0
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.
sortquerystringThe property to sort by. FQL syntax.
Available sort values: cid_name, created_at, first_name, has_temporary_roles, last_login_at, last_name, name, status, temporarily_assigned_cids, uid.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


response = falcon.query_users(filter="string",
                              offset=integer,
                              limit=integer,
                              sort="string")
print(response)

entitiesRolesV1

Section titled “entitiesRolesV1”

DEPRECATED : Please use entitiesRolesGETV2. Get information about a role, supports Flight Control.

deprecated
GET /user-management/entities/roles/v1
Scope User Management: READ Consumes · Produces application/json
PEP 8 get_roles_mssp_v1

Parameters

Section titled “Parameters”
NameTypeData typeDescription
cidquerystringCustomer ID to get available roles for. Providing no value for cid returns results for the current CID in view.
idsquerystring or list of stringsList of role IDs to retrieve. Comma-delimited strings accepted. Must be provided as a keyword, argument or part of the parameters payload. Find a role ID from GetAvailableRoleIds or GetUserRoleIds.
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.get_roles_mssp_v1(cid="string", ids=id_list)
print(response)

entitiesRolesGETV2

Section titled “entitiesRolesGETV2”

Get info about a role.

POST /user-management/entities/roles/GET/v2
Scope User Management: READ Consumes · Produces application/json
PEP 8 get_roles_mssp

Parameters

Section titled “Parameters”
NameTypeData typeDescription
cidquerystringCustomer ID to get available roles for. Providing no value for cid returns results for the current CID in view.
idsbodystring or list of stringsRole IDs to retrieve. Maximum of 5000 Role IDs can be specified per request.
parametersquerydictionaryFull query string parameters payload in JSON format. Not required if using other keywords.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


response = falcon.get_roles_mssp(ids=["string"], cid="string")
print(response)

userActionV1

Section titled “userActionV1”

Apply actions to one or more users.

POST /user-management/entities/user-actions/v1
Scope User Management: WRITE Consumes · Produces application/json
PEP 8 user_action

Parameters

Section titled “Parameters”
NameTypeData typeDescription
action_namebodystringAction to perform.
Allowed values: reset_2fa, reset_password. Must be provided as a keyword or as part of the body payload.
action_valuebodystringValue to provide for action.
bodybodydictionaryFull body payload in JSON format, not required when using other keywords.
idsbodystring or list of stringsUser IDs to apply actions to. Supports comma-delimited strings. Must be provided as a keyword or as part of the body payload.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


action = {
    "action_name": "string",
    "action_value": "string"
}


response = falcon.user_action(action=action, ids=["string"])
print(response)

userRolesActionV1

Section titled “userRolesActionV1”

Grant or Revoke one or more role(s) to a user against a CID.

POST /user-management/entities/user-role-actions/v1
Scope User Management: WRITE Consumes · Produces application/json
PEP 8 user_roles_action

Parameters

Section titled “Parameters”
NameTypeData typeDescription
actionbodystringAction to perform.
Allowed values: grant, revoke. Must be provided as a keyword or as part of the body payload.
bodybodydictionaryFull body payload in JSON format, not required when using other keywords.
cidbodystringCustomer ID of the tenant to take action within. Must be provided as a keyword or as part of the body payload.
role_idsbodystring or list of stringsRole IDs you want to adjust within the user id. Must be provided as a keyword or as part of the body payload.
uuidbodystringUser ID to grant roles access to. Must be provided as a keyword or as part of the body payload.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


response = falcon.user_roles_action(action="string",
                                    cid="string",
                                    expires_at="string",
                                    role_ids=["string"],
                                    uuid="string")
print(response)

GrantUserRoleIds

Section titled “GrantUserRoleIds”

Assign one or more roles to a user

POST /user-roles/entities/user-roles/v1
Scope User Management: WRITE Consumes · Produces application/json
PEP 8 grant_user_role_ids

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodystringRole ID(s) of the role you want to assign.
parametersquerydictionaryFull query string parameters payload in JSON format.
role_idsbodystring or list of stringsRole ID(s) of the role you want to assign. Can also use the keyword roleIds.
user_uuidquerystringID of a user. Find a user’s ID using RetrieveUserUUID.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


response = falcon.grant_user_role_ids(role_ids=["string"], user_uuid="string")
print(response)

RevokeUserRoleIds

Section titled “RevokeUserRoleIds”

Revoke one or more roles from a user

DELETE /user-roles/entities/user-roles/v1
Scope User Management: WRITE Consumes · Produces application/json
PEP 8 revoke_user_role_ids

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsOne or more role IDs to revoke. Find a role’s ID using GetAvailableRoleIds.
parametersquerydictionaryFull query string parameters payload in JSON format.
user_uuidquerystringID of a user. Find a user’s ID using RetrieveUserUUID.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.revoke_user_role_ids(user_uuid="string", ids=id_list)
print(response)

GetAvailableRoleIds

Section titled “GetAvailableRoleIds”

Show role IDs for all roles available in your customer account. For more information on each role, provide the role ID to GetRoles.

GET /user-roles/queries/user-role-ids-by-cid/v1
Scope User Management: READ Consumes · Produces application/json
PEP 8 get_available_role_ids

No keywords or arguments accepted.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


response = falcon.get_available_role_ids()
print(response)

GetUserRoleIds

Section titled “GetUserRoleIds”

Show role IDs of roles assigned to a user. For more information on each role, provide the role ID to GetRoles.

GET /user-roles/queries/user-role-ids-by-user-uuid/v1
Scope User Management: READ Consumes · Produces application/json
PEP 8 get_user_role_ids

Parameters

Section titled “Parameters”
NameTypeData typeDescription
parametersquerydictionaryFull query string parameters payload in JSON format.
user_uuidquerystringID of a user. Find a user’s ID using RetrieveUserUUID.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


response = falcon.get_user_role_ids(user_uuid="string")
print(response)

RetrieveUser

Section titled “RetrieveUser”

Get info about a user

GET /users/entities/users/v1
Scope User Management: READ Consumes · Produces application/json
PEP 8 retrieve_user

Parameters

Section titled “Parameters”
NameTypeData typeDescription
idsquerystring or list of stringsID of a user. Find a user’s ID using RetrieveUserUUID.
parametersquerydictionaryFull query string parameters payload in JSON format.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.retrieve_user(ids=id_list)
print(response)

retrieveUsersGETV1

Section titled “retrieveUsersGETV1”

Get info about users including their name, UID and CID by providing user UUIDs.

POST /user-management/entities/users/GET/v1
Scope User Management: READ Consumes · Produces application/json
PEP 8 retrieve_users

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodydictionaryFull body payload in JSON format.
idsbodystring or list of stringsList of user IDs to retrieve. Find a user’s ID using RetrieveUserUUID. Must be provided as an argument, keyword, or part of the body payload.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


response = falcon.retrieve_users(ids=["string"])
print(response)

CreateUser

Section titled “CreateUser”

Create a new user. After creating a user, assign one or more roles with GrantUserRoleIds.

POST /users/entities/users/v1
Scope User Management: WRITE Consumes · Produces application/json
PEP 8 create_user

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodystringAttributes for this user. uid (required) is the user’s email address, which is their username in Falcon. Optional attributes: firstName, lastName, password. As a best practice, we recommend omitting password. If single sign-on is enabled for your customer account, the password attribute is ignored. If single sign-on is not enabled, we send a user activation request to their email address when you create the user with no password. The user should use the activation email to set their own password.
first_namebodystringFirst name of the user. (Can also use the keyword firstName.)
last_namebodystringLast name of the user. (Can also use the keyword lastName.)
passwordbodystringAssigned password. String.

As a best practice, we recommend ommitting password. If single sign-on is enabled for your customer account, the password attribute is ignored. If single sign-on is not enabled, we send a user activation request to their email address when you create the user with no password. The user should use the activation email to set their own password.
uidbodystringThe user’s email address, which will be the assigned username.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


response = falcon.create_user(first_name="string",
                              last_name="string",
                              password="string",
                              uid="string")
print(response)

createUserV1

Section titled “createUserV1”

Create a new user. Supports Flight Control. After creating a user, assign one or more roles with userRolesActionV1.

POST /user-management/entities/users/v1
Scope User Management: WRITE Consumes · Produces application/json
PEP 8 create_user_mssp

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodystringAttributes for this user. uid (required) is the user’s email address, which is their username in Falcon. Optional attributes: first_name, last_name, password. As a best practice, we recommend omitting password. If single sign-on is enabled for your customer account, the password attribute is ignored. If single sign-on is not enabled, we send a user activation request to their email address when you create the user with no password. The user should use the activation email to set their own password.
first_namebodystringFirst name of the user. (Can also use the keyword firstName.)
last_namebodystringLast name of the user. (Can also use the keyword lastName.)
passwordbodystringAssigned password. String.

As a best practice, we recommend ommitting password. If single sign-on is enabled for your customer account, the password attribute is ignored. If single sign-on is not enabled, we send a user activation request to their email address when you create the user with no password. The user should use the activation email to set their own password.
uidbodystringThe user’s email address, which will be the assigned username. Must be provided as a keyword or as part of the body payload.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


response = falcon.create_user_mssp(cid="string",
                                   first_name="string",
                                   last_name="string",
                                   password="string",
                                   uid="string",
                                   validate_only=boolean)
print(response)

DeleteUser

Section titled “DeleteUser”

Delete a user permanently

DELETE /users/entities/users/v1
Scope User Management: WRITE Consumes · Produces application/json
PEP 8 delete_user

Parameters

Section titled “Parameters”
NameTypeData typeDescription
parametersquerydictionaryFull query string parameters payload in JSON format.
user_uuidquerystringID of a user. Find a user’s ID using RetrieveUserUUID.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


response = falcon.delete_user(user_uuid="string")
print(response)

deleteUserV1

Section titled “deleteUserV1”

Delete a user permanently. Supports Flight Control.

DELETE /user-management/entities/users/v1
Scope User Management: WRITE Consumes · Produces application/json
PEP 8 delete_user_mssp

Parameters

Section titled “Parameters”
NameTypeData typeDescription
parametersquerydictionaryFull query string parameters payload in JSON format, not required if user_uuid keyword is provided.
user_uuidquerystringUser ID of a user to delete. Find a user’s ID using RetrieveUserUUID.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


response = falcon.delete_user_mssp(user_uuid="string")
print(response)

UpdateUser

Section titled “UpdateUser”

Modify an existing user’s first or last name

PATCH /users/entities/users/v1
Scope User Management: WRITE Consumes · Produces application/json
PEP 8 update_user

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodydictionaryFull body payload in JSON format.
first_namebodystringFirst name of the user. (Can also use the keyword firstName.)
last_namebodystringLast name of the user. (Can also use the keyword lastName.)
parametersquerydictionaryFull query string parameters payload in JSON format.
user_uuidquerystringThe user ID to modify.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


response = falcon.update_user(first_name="string",
                              last_name="string",
                              user_uuid="string")
print(response)

updateUserV1

Section titled “updateUserV1”

Modify an existing user’s first or last name. Supports Flight Control.

PATCH /user-management/entities/users/v1
Scope User Management: WRITE Consumes · Produces application/json
PEP 8 update_user_mssp

Parameters

Section titled “Parameters”
NameTypeData typeDescription
bodybodydictionaryFull body payload in JSON format.
first_namebodystringFirst name of the user. (Can also use the keyword firstName.)
last_namebodystringLast name of the user. (Can also use the keyword lastName.)
parametersquerydictionaryFull query string parameters payload in JSON format.
user_uuidquerystringThe user ID to modify. Must be provided as a keyword or as part of the parameters payload.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


response = falcon.update_user_mssp(first_name="string",
                                   last_name="string",
                                   user_uuid="string")
print(response)

RetrieveEmailsByCID

Section titled “RetrieveEmailsByCID”

List the usernames (usually an email address) for all users in your customer account

GET /users/queries/emails-by-cid/v1
Scope User Management: READ Consumes · Produces application/json
PEP 8 retrieve_emails_by_cid

No keywords or arguments accepted.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


response = falcon.retrieve_emails_by_cid()
print(response)

RetrieveUserUUIDsByCID

Section titled “RetrieveUserUUIDsByCID”

List user IDs for all users in your customer account. For more information on each user, provide the user ID to RetrieveUser.

GET /users/queries/user-uuids-by-cid/v1
Scope User Management: READ Consumes · Produces application/json
PEP 8 retrieve_user_uuids_by_cid

No keywords or arguments accepted.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


response = falcon.retrieve_user_uuids_by_cid()
print(response)

RetrieveUserUUID

Section titled “RetrieveUserUUID”

Get a user’s ID by providing a username (usually an email address)

GET /users/queries/user-uuids-by-email/v1
Scope User Management: READ Consumes · Produces application/json
PEP 8 retrieve_user_uuid

Parameters

Section titled “Parameters”
NameTypeData typeDescription
parametersquerydictionaryFull query string parameters payload in JSON format.
uidquerystring or list of stringsList of User names to retrieve.

Code Examples

Section titled “Code Examples”
from falconpy import UserManagement


falcon = UserManagement(client_id=CLIENT_ID,
                        client_secret=CLIENT_SECRET
                        )


id_list = 'ID1,ID2,ID3'  # Can also pass a list here: ['ID1', 'ID2', 'ID3']


response = falcon.retrieve_user_uuid(uid=id_list)
print(response)
© 2026 CrowdStrike, Inc. All rights reserved. Privacy Notice Cookie Notice Terms of Use