# Article Name 3 Ways to Update Users in OneLogin # Article Summary Explore three methods to update users in OneLogin, offering options to manage account changes across your organization at scale # Original HTML URL on Toriihq.com https://www.toriihq.com/articles/how-to-update-user-onelogin # Details Keeping user records in OneLogin current is a constant chore, new hires, role changes, leavers. If profiles, groups, and mappings drift, SSO breaks and access risk rises. This guide shows three practical ways to update users: quick edits in the Admin Portal, bulk changes with CSV import, and automation with the OneLogin Users API. You’ll know when to use each, how they scale, and what to watch for. ## Use OneLogin's UI Here, you’ll use the OneLogin admin UI to update an existing user. This follows the OneLogin Admin Guide for editing users in the console. ### Open the user’s profile - Sign in to the OneLogin Admin portal. - Go to Users, then Users. - Search by name, email, or username. You can also filter by status. - Click the user’s name to open their profile. OneLogin’s Admin Guide: Users describes this page and its tabs. ### Update core profile details - On the Profile tab, review what’s editable. If the user is managed by a directory like AD, many fields are read-only and must be changed in the source directory. The profile shows the Directory status so you know where changes must happen. - Edit standard fields: - First name and Last name - Email and Username - Title, Department, Manager - Phone numbers and Location - Keep in mind: - Changing Username or Email can affect login and SSO mappings. - Required fields must be set before you can save. - If you use User Mappings, changes here can trigger new role or app assignments after you save. OneLogin’s Admin Guide: User Mappings covers this behavior. ### Adjust access with roles and groups - Open the Roles tab to add or remove roles tied to this user. Roles control app access and policies. This aligns with OneLogin’s Admin Guide: Roles. - Use the Groups tab if you organize users with groups for policy or app targeting. See OneLogin’s Admin Guide: Groups for how groups interact with policies and access. ### Assign or remove applications - Go to the Applications tab on the user record. - Add an app to grant access, or remove one to revoke access. - If you normally assign apps by role or mapping, keep it consistent and avoid one-off direct assignments unless needed. OneLogin’s Admin Guide: Applications explains the tradeoffs. ### Review security settings - Open the Security tab to handle sign-in and MFA items: - Send a password reset email or expire the password now, if the user’s password is managed by OneLogin. - Reset or clear MFA devices so the user re-enrolls at next login. - Unlock the user if their account is locked. - Check Policies or Sessions tabs if you need to view active sessions or confirm which policy applies. OneLogin’s Admin Guide: MFA and Security Policies covers these options. ### Save and verify - Click Save User. Watch for a success banner. - If you changed access, confirm the user can see the right apps on their OneLogin portal. - If you updated fields that drive mappings, recheck their Roles and Applications tabs after saving. Mappings are re-evaluated on edit, as noted in OneLogin’s Admin Guide: User Mappings. ### Quick troubleshooting tips - Fields are read-only: The user is directory-managed. Change the data in your directory, then let it sync. - App access looks wrong after save: A mapping or role may have reassigned access. Check the Mappings log on the user or review your mapping rules. - User can’t log in after a username change: Verify the Username matches what your authentication policy expects, and update any downstream apps that rely on it. These steps mirror OneLogin’s Admin Guide topics: Users (Add and Edit Users), Roles, Groups, Applications, User Mappings, and MFA and Security Policies. ## Use Torii Instead of using OneLogin directly, you can leverage Torii [https://www.toriihq.com/], a SaaS Management Platform, to update user in OneLogin. SMPs centralize SaaS subscriptions and integrations in one place, enabling you to programmatically on/offboard users, view subscription details, and more. Compared to the manual approach in OneLogin, Torii lets you automate the flow so the action runs as soon as a trigger occurs. Triggers might include a new hire, an employee offboarding, or a contract renewal. This saves time when the task needs to be repeated often. To update user in OneLogin straight from Torii, follow these steps: ### 1. Sign up for Torii Contact Torii [https://www.toriihq.com/], and request your free two-week proof-of-concept. ### 2. Connect your OneLogin account to Torii Once your account is active, connect OneLogin to Torii (assuming you already have an account). Here are the instructions for the OneLogin integration [https://support.toriihq.com/hc/en-us/articles/5165027185435]. ### 3. Create a Torii workflow for OneLogin Within Torii, create automated workflows to update user in OneLogin. Go to the Workflows tab, define a trigger, then add an action that will update user in OneLogin. From that point on, whenever the trigger is met, OneLogin will be updated. ## Use OneLogin's API Here, you’ll use the OneLogin API to update a user. You’ll get an access token, find the user’s ID, send the update, then confirm it worked. ### Get an OAuth 2.0 access token You need a bearer token before calling any user endpoints. Use the right base URL for your region: api.us.onelogin.com or api.eu.onelogin.com. Your API client must have permission to manage users. Example curl is: - Save the value of accesstoken from the response. You’ll pass it as a Bearer token. ### Find the user ID you want to update If you already have the user ID, skip this. If not, search by a unique field like email, username, or externalid. Example curl is: - From the response’s data array, grab the user’s id. ### Send the update with PUT Send only the fields you want to change. The Users v2 endpoint accepts partial updates. Include customattributes if you need to change custom fields. Example curl is: - Watch the response: - On success, status.type is success and the updated user appears in data[0]. ### Verify the update Confirm the change by fetching the user again. Example curl is: ### Tips for common issues - If you get 401: - Check the token request, expiration, and that you send Authorization: Bearer YOURACCESS_TOKEN. - If you get 404 on update: - The user ID is wrong or the user is deleted. - If you get 422: - A field failed validation. Common cases are duplicate email or username, or an invalid status. - If you get 429: - You hit a rate limit. Read X-RateLimit-Remaining and retry after X-RateLimit-Reset.