admin
This section shows how to access help and provides examples for admin.
admin --help
Usage: admin [OPTIONS] COMMAND [ARGS]...
Users, Roles, Permissions, Groups, SAML and Azure AD management commands.
Options:
--help Show this message and exit.
Commands:
create Create a resource.
delete Delete a resource.
get Display one resource.
list List resources.
set Update fields of a resource.
test Test various configurations and connections.
create
This section lists the create commands.
The following command shows how to access help and provides examples for create.
admin create --help
Usage: admin create [OPTIONS] COMMAND [ARGS]...
Create a resource.
Options:
--help Show this message and exit.
Commands:
entra-id Create Entra ID configuration.
entra-id-import-groups Import Entra ID groups with optional member...
entra-id-import-users Import Entra ID users with role assignments.
groups Create a new group.
roles Create a new role.
saml-mappers Create an attribute mapper for a SAML provider.
saml-providers Create a new SAML SSO provider.
users Create a new user.
create entra-id
The following command shows how to access help and provides examples for create entra-id.
admin create entra-id --help
Usage: admin create entra-id [OPTIONS]
Create Entra ID configuration.
Required Entra ID Setup:
1. Register an application in Entra ID
2. Grant Microsoft Graph API permissions:
- User.Read.All (Application)
- Group.Read.All (Application) - if importing groups
3. Create a client secret for the application
4. Note the Tenant ID, Application (Client) ID, and Client Secret
Examples:
admin create entra-id --tenant-id "12345678-1234-1234-1234-123456789012" --client-id "87654321-4321-4321-4321-210987654321" --client-secret "your-secret-here"
Options:
-t, --tenant-id TEXT Entra ID Tenant ID [required]
-c, --client-id TEXT Entra ID Application (Client) ID [required]
-s, --client-secret TEXT Entra ID Application Client Secret [required]
--enabled / --disabled Enable/disable configuration
--help Show this message and exit.
create entra-id-import-users
The following command shows how to access help and provides examples for create entra-id-import-users.
admin create entra-id-import-users --help
Usage: admin create entra-id-import-users [OPTIONS]
Import Entra ID users with role assignments.
Import users from Entra ID into the application with role assignments.
Users must be provided via JSON data.
JSON Format:
{
"users": [
{
"userPrincipalName": "john.doe@company.com",
"email": "john.doe@company.com",
"firstName": "John",
"lastName": "Doe",
"roles": ["admin", "user"],
"identityProviders": ["AWS-IDP", "AZURE-IDP"]
}
],
"dryRun": false
}
Examples:
# Direct JSON input with identity providers
admin create entra-id-import-users --json-data '{"users":[{"userPrincipalName":"john@company.com","email":"john@company.com","firstName":"John","lastName":"Doe","roles":["user"],"identityProviders":["AWS-IDP","AZURE-IDP"]}]}'
# Dry run with JSON
admin create entra-id-import-users --json-data '{"users":[...]}' --dry-run
Options:
--dry-run Validate import without creating users
-j, --json-data TEXT JSON string with users data to import directly
[required]
--help Show this message and exit.
create entra-id-import-groups
The following command shows how to access help and provides examples for create entra-id-import-groups.
admin create entra-id-import-groups --help
Usage: admin create entra-id-import-groups [OPTIONS]
Import Entra ID groups with optional member import.
Import groups from Entra ID into the system with role assignments for members.
Groups must be provided via JSON data.
JSON Format:
{
"groups": [
{
"id": "12345678-1234-1234-1234-123456789012",
"displayName": "Administrators",
"description": "Administrative users group",
"importMembers": true,
"memberRoles": ["admin", "user"],
"identityProviders": ["AWS-IDP", "AZURE-IDP"]
}
],
"dryRun": false
}
Examples:
# Direct JSON input with identity providers
admin create entra-id-import-groups --json-data '{"groups":[{"id":"12345678-1234-1234-1234-123456789012","displayName":"IT Admins","description":"IT department administrators","importMembers":true,"memberRoles":["admin"],"identityProviders":["AWS-IDP","AZURE-IDP"]}]}'
# Dry run with JSON
admin create entra-id-import-groups --json-data '{"groups":[...]}' --dry-run
Options:
--dry-run Validate import without creating groups
-j, --json-data TEXT JSON string with groups data to import directly
[required]
--help Show this message and exit.
create groups
The following command shows how to access help and provides examples for create groups.
admin create groups --help
Usage: admin create groups [OPTIONS]
Create a new group.
Examples:
admin create groups --name developers --description "Development team"
admin create groups --name admins --members "john,jane" --roles "admin,user_manager"
admin create groups --name operators --description "System operators" --members "user1,user2" --roles "operator"
Options:
-n, --name TEXT Group name [required]
-d, --description TEXT Group description
-m, --members TEXT Comma-separated list of usernames to add as members
-r, --roles TEXT Comma-separated list of role names to assign to
group
--help Show this message and exit.
create roles
The following command shows how to access help and provides examples for create roles.
admin create roles --help
Usage: admin create roles [OPTIONS]
Create a new role.
Examples:
admin create roles --name manager --description "Manager role"
admin create roles --name admin --permissions "security_officer"
admin create roles --name operator --description "System operator" --permissions "security_officer"
Options:
-n, --name TEXT Role name [required]
-d, --description TEXT Role description
-p, --permissions TEXT Comma-separated list of permission names
--help Show this message and exit.
create saml-mappers
The following command shows how to access help and provides examples for create saml-mappers.
admin create saml-mappers --help
Usage: admin create saml-mappers [OPTIONS] PROVIDER_ALIAS
Create an attribute mapper for a SAML provider.
Examples:
admin create saml-mappers azure-ad --name email-mapper --mapper-type saml-user-attribute-idp-mapper --attribute-name "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" --user-attribute email
admin create saml-mappers azure-ad --name role-mapper --mapper-type saml-role-idp-mapper --attribute-value admin --role admin
Options:
-n, --name TEXT Name of the attribute mapper [required]
--mapper-type [saml-user-attribute-idp-mapper|saml-role-idp-mapper|saml-advanced-group-idp-mapper|saml-username-idp-mapper]
Type of mapper [required]
--sync-mode TEXT Sync mode for the mapper
--attribute-name TEXT SAML attribute name to map from
--user-attribute TEXT User attribute to map to
--attribute-value TEXT SAML attribute value for role mapping
--role TEXT Role to assign
--group TEXT Group to assign users to
--template TEXT Username template
--attributes TEXT Key-value pairs for attribute mapping (JSON
format)
--help Show this message and exit.
create saml-providers
The following command shows how to access help and provides examples for create saml-providers.
admin create saml-providers --help
Usage: admin create saml-providers [OPTIONS]
Create a new SAML SSO provider.
Examples:
admin create saml-providers --alias azure-ad --display-name "Azure AD" --config-type metadataUrl --service-provider-entity-id "https://your-saml.com/realms/your-realm" --metadata-url "https://..."
admin create saml-providers --alias okta --display-name "Okta" --config-type metadataFile --service-provider-entity-id "https://your-saml.com/realms/your-realm" --metadata-file /path/to/metadata.xml
Options:
-a, --alias TEXT Unique alias for the SAML provider
[required]
-d, --display-name TEXT Display name shown in login pages
[required]
--config-type [metadataUrl|metadataFile]
Configuration type [required]
--service-provider-entity-id TEXT
Service Provider Entity ID [required]
--metadata-url TEXT URL to fetch SAML metadata (for metadataUrl
type)
--metadata-file FILENAME Path to SAML metadata XML file (for
metadataFile type)
--signing-certificate TEXT X.509 certificate for signing (PEM format
without headers)
--name-id-format TEXT NameID Policy Format
--force-authn / --no-force-authn
Force re-authentication
--validate-signature / --no-validate-signature
Validate SAML response signatures
--want-assertions-signed / --no-want-assertions-signed
Require signed assertions
--want-assertions-encrypted / --no-want-assertions-encrypted
Require encrypted assertions
--signature-algorithm TEXT Signature algorithm for SAML requests
--post-binding-response / --no-post-binding-response
Use POST binding for SAML responses
--post-binding-authn-request / --no-post-binding-authn-request
Use POST binding for SAML authentication
requests
--post-binding-logout / --no-post-binding-logout
Use POST binding for SAML logout requests
--want-authn-requests-signed / --no-want-authn-requests-signed
Sign SAML authentication requests
--attribute-mapping TEXT Attribute mapping as JSON string or
key=value pairs
--enabled / --disabled Enable/disable the provider
--store-token / --no-store-token
Store tokens returned by the identity
provider
--help Show this message and exit.
Note: The
--metadata-fileoption is not supported. You cannot upload or copy the metadata file. Instead, use the--metadata-urloption to configure SAML.
create users
The following command shows how to access help and provides examples for create users.
admin create users --help
Usage: admin create users [OPTIONS]
Create a new user.
Examples:
admin create users --username john.doe --email john@example.com --password "StrongPass123!"
admin create users --username jane --email jane@example.com --password "SecurePass123!" --first-name Jane --last-name Smith --roles "admin,user"
admin create users --username alpha --email alpha@example.com --password "AlphaPass123!" --identity-provider "AWS-IDP:alpha@example.com:alpha@example.com"
admin create users --username beta --password "BetaPass123!" --identity-provider "AWS-IDP:beta@example.com:beta@example.com" --identity-provider "AZURE-IDP:beta@azure.com:beta"
Options:
-u, --username TEXT Username [required]
-e, --email TEXT Email address
--first-name TEXT First name
--last-name TEXT Last name
-p, --password TEXT Password
--roles TEXT Comma-separated list of role names
--groups TEXT Comma-separated list of group names
--identity-provider TEXT Identity provider in format:
PROVIDER_NAME:userId:userName (can be specified
multiple times)
--help Show this message and exit.
delete
This section lists the delete commands.
The following command shows how to access help and provides examples for delete.
admin delete --help
Usage: admin delete [OPTIONS] COMMAND [ARGS]...
Delete a resource.
Options:
--help Show this message and exit.
Commands:
entra-id Delete Entra ID configuration.
groups Delete a group.
roles Delete a role.
saml-mappers Delete an attribute mapper for a SAML provider.
saml-providers Delete a SAML SSO provider.
users Delete a user by ID.
delete entra-id
The following command shows how to access help and provides examples for delete entra-id.
admin delete entra-id --help
Usage: admin delete entra-id [OPTIONS]
Delete Entra ID configuration.
Warning: This action cannot be undone and will permanently remove
all stored Entra ID settings.
Examples:
admin delete entra-id
Options:
--help Show this message and exit.
delete groups
The following command shows how to access help and provides examples for delete groups.
admin delete groups --help
Usage: admin delete groups [OPTIONS] GROUP_ID
Delete a group.
Examples:
admin delete groups group-uuid-here
admin delete groups group-uuid-here --delete-members
Options:
-d, --delete-members Delete all members of the group along with the group
--help Show this message and exit.
delete roles
The following command shows how to access help and provides examples for delete roles.
admin delete roles --help
Usage: admin delete roles [OPTIONS] ROLE_NAME
Delete a role.
Examples:
admin delete roles admin
Options:
--help Show this message and exit.
delete saml-mappers
The following command shows how to access help and provides examples for delete saml-mappers.
admin delete saml-mappers --help
Usage: admin delete saml-mappers [OPTIONS] PROVIDER_ALIAS MAPPER_ID
Delete an attribute mapper for a SAML provider.
Examples:
admin delete saml-mappers azure-ad mapper-uuid
Options:
--help Show this message and exit.
delete saml-providers
The following command shows how to access help and provides examples for delete saml-providers.
admin delete saml-providers --help
Usage: admin delete saml-providers [OPTIONS] ALIAS
Delete a SAML SSO provider.
Examples:
admin delete saml-providers azure-ad
Options:
--help Show this message and exit.
delete users
The following command shows how to access help and provides examples for delete users.
admin delete users --help
Usage: admin delete users [OPTIONS] USER_ID
Delete a user by ID.
Examples:
admin delete users USER_ID
Options:
--help Show this message and exit.
get
This section lists the get commands.
The following command shows how to access help and provides examples for get.
admin get --help
Usage: admin get [OPTIONS] COMMAND [ARGS]...
Display one resource.
Options:
--help Show this message and exit.
Commands:
email Get current SMTP configuration.
email-health Get detailed health status of the email service.
email-log Get current log level.
email-version Get email version information.
entra-id Get current Entra ID configuration.
groups Get detailed information about a specific group.
log-level Get current log level from the backend.
password_policy Get current password policy configuration.
roles Get detailed information about a specific role.
saml-mappers Get detailed information about a SAML provider...
saml-providers Get detailed information about a specific SAML provider.
users Get detailed information about a specific user.
version Get application version information.
get email
The following command shows how to access help and provides examples for get email.
admin get email --help
Usage: admin get email [OPTIONS]
Get current SMTP configuration.
Examples:
admin get email
Options:
--help Show this message and exit.
get email-health
The following command shows how to access help and provides examples for get email-health.
admin get email-health --help
Usage: admin get email-health [OPTIONS]
Get detailed health status of the email service.
Examples:
admin get email-health
Options:
--help Show this message and exit.
get email-log
The following command shows how to access help and provides examples for get email-log.
admin get email-log --help
Usage: admin get email-log [OPTIONS]
Get current log level.
Examples:
admin get email-log
Options:
--help Show this message and exit.
get email-version
The following command shows how to access help and provides examples for get email-version.
admin get email-version --help
Usage: admin get email-version [OPTIONS]
Get email version information.
Examples:
admin get email-version
Options:
--help Show this message and exit.
get entra-id
The following command shows how to access help and provides examples for get entra-id.
admin get entra-id --help
Usage: admin get entra-id [OPTIONS]
Get current Entra ID configuration.
Examples:
admin get entra-id
Options:
--help Show this message and exit.
get groups
The following command shows how to access help and provides examples for get groups.
admin get groups --help
Usage: admin get groups [OPTIONS] GROUP_ID
Get detailed information about a specific group.
Examples:
admin get groups group-uuid-here
admin get groups developers
Options:
--help Show this message and exit.
get password_policy
The following command shows how to access help and provides examples for get password_policy.
admin get password_policy --help
Usage: admin get password_policy [OPTIONS]
Get current password policy configuration.
Options:
--help Show this message and exit.
get roles
The following command shows how to access help and provides examples for get roles.
admin get roles --help
Usage: admin get roles [OPTIONS] ROLE_NAME
Get detailed information about a specific role.
Examples:
admin get roles admin
Options:
--help Show this message and exit.
get saml-mappers
The following command shows how to access help and provides examples for get saml-mappers.
admin get saml-mappers --help
Usage: admin get saml-mappers [OPTIONS] ALIAS
Get detailed information about a SAML provider including its mappers.
Examples:
admin get saml-mappers azure-ad
Options:
--help Show this message and exit.
get saml-providers
The following command shows how to access help and provides examples for get saml-providers.
admin get saml-providers --help
Usage: admin get saml-providers [OPTIONS] ALIAS
Get detailed information about a specific SAML provider.
Examples:
admin get saml-providers tttt
admin get saml-providers azure-ad-saml
Options:
--help Show this message and exit.
get users
The following command shows how to access help and provides examples for get users.
admin get users --help
Usage: admin get users [OPTIONS] USER_ID
Get detailed information about a specific user.
Examples:
admin get users USER_ID
admin get users 12345-uuid
Options:
--help Show this message and exit.
get version
The following command shows how to access help and provides examples for get version.
admin get version --help
Usage: admin get version [OPTIONS]
Get application version information.
Examples:
admin get version
Options:
--help Show this message and exit.
get log-level
The following command shows how to access help and provides examples for get log-level.
admin get log-level --help
Usage: admin get log-level [OPTIONS]
Get current log level from the backend.
Examples:
admin get log-level
Options:
--help Show this message and exit.
list
This section lists the list commands.
The following command shows how to access help and provides examples for list.
admin list --help
Usage: admin list [OPTIONS] COMMAND [ARGS]...
List resources.
Options:
--help Show this message and exit.
Commands:
entra-id-group-members Search Entra ID group members.
entra-id-groups Search Entra ID groups.
entra-id-users Search Entra ID users.
groups List all groups with their members and roles.
permissions List all available permissions.
roles List all roles.
saml-mappers List all attribute mappers for a SAML provider.
saml-providers List all SAML SSO providers.
users List all users.
list entra-id-group-members
The following command shows how to access help and provides examples for list entra-id-group-members.
admin list entra-id-group-members --help
Usage: admin list entra-id-group-members [OPTIONS]
Search Entra ID group members.
Search for members of a specific Entra ID group.
Search Parameters:
- Group ID: Required group unique identifier (GUID) - case-sensitive
- Search Query: Optional filter for members (searches name and email fields)
Examples:
admin list entra-id-group-members --group-id "12345678-1234-1234-1234-123456789012"
admin list entra-id-group-members --group-id "87654321-4321-4321-4321-210987654321" --search "john"
admin list entra-id-group-members -g "group-guid-here" -s "admin"
Options:
-g, --group-id TEXT Group unique identifier (GUID) [required]
-s, --search TEXT Search query to filter group members
--help Show this message and exit.
list entra-id-groups
The following command shows how to access help and provides examples for list entra-id-groups.
admin list entra-id-groups --help
Usage: admin list entra-id-groups [OPTIONS]
Search Entra ID groups.
Search across displayName field.
If no search query provided, returns all groups.
Pagination:
- Use --max to control number of results per page (max: 999)
- Use --first to skip results (offset)
- Response shows if more results are available
Examples:
# Get first 100 groups (default)
admin list entra-id-groups
# Search with default pagination
admin list entra-id-groups --search "admin"
# Get first 500 groups
admin list entra-id-groups --max 500
# Get maximum groups per page (999)
admin list entra-id-groups --max 999
# Get next page of results
admin list entra-id-groups --max 999 --first 999
# Search with custom pagination
admin list entra-id-groups --search "IT" --max 500 --first 0
To fetch all groups:
# Loop through pages until no more results
admin list entra-id-groups --max 999 --first 0
admin list entra-id-groups --max 999 --first 999
admin list entra-id-groups --max 999 --first 1998
# ... continue until "More results available" is not shown
Options:
-s, --search TEXT Search query to find groups
-m, --max INTEGER Maximum number of groups to return (default: 100, max:
999)
-f, --first INTEGER Offset for pagination (default: 0)
--help Show this message and exit.
list entra-id-users
The following command shows how to access help and provides examples for list entra-id-users.
admin list entra-id-users --help
Usage: admin list entra-id-users [OPTIONS]
Search Entra ID users.
Search across userPrincipalName, givenName, surname, and mail fields.
If no search query provided, returns all enabled users.
Pagination:
- Use --max to control number of results per page (max: 999)
- Use --first to skip results (offset)
- Response shows if more results are available
Examples:
# Get first 100 users (default)
admin list entra-id-users
# Search with default pagination
admin list entra-id-users --search "john"
# Get first 500 users
admin list entra-id-users --max 500
# Get maximum users per page (999)
admin list entra-id-users --max 999
# Get next page of results
admin list entra-id-users --max 999 --first 999
# Search with custom pagination
admin list entra-id-users --search "smith" --max 500 --first 0
To fetch all users:
# Loop through pages until no more results
admin list entra-id-users --max 999 --first 0
admin list entra-id-users --max 999 --first 999
admin list entra-id-users --max 999 --first 1998
# ... continue until "More results available" is not shown
Options:
-s, --search TEXT Search query to find users
-m, --max INTEGER Maximum number of users to return (default: 100, max:
999)
-f, --first INTEGER Offset for pagination (default: 0)
--help Show this message and exit.
list groups
The following command shows how to access help and provides examples for list groups.
admin list groups --help
Usage: admin list groups [OPTIONS]
List all groups with their members and roles.
Examples:
admin list groups
admin list groups --max 10
admin list groups --max 5 --first 10
Options:
-m, --max INTEGER Maximum number of groups to return
-f, --first INTEGER Offset for pagination
--help Show this message and exit.
list permissions
The following command shows how to access help and provides examples for list permissions.
admin list permissions --help
Usage: admin list permissions [OPTIONS]
List all available permissions.
Examples:
admin list permissions
admin list permissions --filter "read*"
Options:
-f, --filter TEXT Filter permissions by name pattern
--help Show this message and exit.
list roles
The following command shows how to access help and provides examples for list roles.
admin list roles --help
Usage: admin list roles [OPTIONS]
List all roles.
Examples:
admin list roles
Options:
--help Show this message and exit.
list saml-mappers
The following command shows how to access help and provides examples for list saml-mappers.
admin list saml-mappers --help
Usage: admin list saml-mappers [OPTIONS] PROVIDER_ALIAS
List all attribute mappers for a SAML provider.
Examples:
admin list saml-mappers azure-ad
Options:
--help Show this message and exit.
list saml-providers
The following command shows how to access help and provides examples for list saml-providers.
admin list saml-providers --help
Usage: admin list saml-providers [OPTIONS]
List all SAML SSO providers.
Examples:
admin list saml-providers
Options:
--help Show this message and exit.
list users
The following command shows how to access help and provides examples for list users.
admin list users --help
Usage: admin list users [OPTIONS]
List all users.
Examples:
admin list users
admin list users --max 10
admin list users --max 5 --first 10
Options:
-m, --max INTEGER Maximum number of users to return
-f, --first INTEGER Offset for pagination
--help Show this message and exit.
set
This section lists the set commands.
The following command shows how to access help and provides examples for set.
admin set --help
Usage: admin set [OPTIONS] COMMAND [ARGS]...
Update fields of a resource.
Options:
--help Show this message and exit.
Commands:
email Update SMTP configuration.
email-log Set application log level.
entra-id Update existing Entra ID configuration.
groups Update an existing group.
lock_user Lock a user account.
log-level Update the log level (critical, error, warning, info,...
password_policy Update password policy configuration.
roles Update an existing role.
saml-providers Update an existing SAML SSO provider.
token Update access token lifespan and SSO idle timeout.
unlock_user Unlock a user account and set a new password.
update_password Update user password.
users Update an existing user.
set email
The following command shows how to access help and provides examples for set email.
admin set email --help
Usage: admin set email [OPTIONS]
Update SMTP configuration.
Examples:
admin set email -h "smtp.example.com" -p 587 --use-tls -u "app-user" -w "app-password"
Options:
-h, --smtp-host TEXT SMTP server hostname [required]
-p, --smtp-port INTEGER SMTP server port [required]
--use-tls / --no-tls Enable/disable TLS
-u, --username TEXT SMTP username
-w, --password TEXT SMTP password
--help Show this message and exit.
set email-log
The following command shows how to access help and provides examples for set email-log.
admin set email-log --help
Usage: admin set email-log [OPTIONS]
Set email application log level.
Examples:
admin set email-log -l debug
admin set email-log -l info
Options:
-l, --level [debug|info|warning|error|critical]
Log level to set [required]
--help Show this message and exit.
set entra-id
The following command shows how to access help and provides examples for set entra-id.
admin set entra-id --help
Usage: admin set entra-id [OPTIONS]
Update existing Entra ID configuration.
Only provided fields are updated. Configuration is tested if credentials are changed.
Examples:
admin set entra-id --enabled
admin set entra-id --client-secret "new-secret-here"
admin set entra-id --tenant-id "new-tenant-id" --client-id "new-client-id"
Options:
-t, --tenant-id TEXT Update Entra ID Tenant ID
-c, --client-id TEXT Update Entra ID Application (Client) ID
-s, --client-secret TEXT Update Entra ID Application Client Secret
--enabled / --disabled Enable/disable configuration
--help Show this message and exit.
set groups
The following command shows how to access help and provides examples for set groups.
admin set groups --help
Usage: admin set groups [OPTIONS] GROUP_ID
Update an existing group.
Examples:
admin set groups group-uuid --members "john,jane,bob"
admin set groups group-uuid --roles "admin,user_manager"
admin set groups group-uuid --members "user1,user2" --roles "operator,viewer"
admin set groups group-uuid --identity-providers "AWS-IDP,AZURE-IDP"
admin set groups group-uuid --members "john.doe,senior.dev" --roles "senior_admin,lead_developer" --identity-providers "AWS-IDP,AZURE-IDP"
Options:
-m, --members TEXT Comma-separated list of usernames (replaces
existing members)
-r, --roles TEXT Comma-separated list of role names (replaces
existing roles)
-i, --identity-providers TEXT Comma-separated list of identity provider
names (replaces existing providers)
--help Show this message and exit.
set lock_user
The following command shows how to access help and provides examples for set lock_user.
admin set lock_user --help
Usage: admin set lock_user [OPTIONS] USER_ID
Lock a user account.
Examples:
admin set lock_user USER_ID
Options:
--help Show this message and exit.
set log-level
The following command shows how to access help and provides examples for set log-level.
admin set log-level --help
Usage: admin set log-level [OPTIONS] {critical|error|warning|info|debug}
Update the log level (critical, error, warning, info, debug).
Examples:
admin set log-level info
admin set log-level debug
Options:
--help Show this message and exit.
set password_policy
The following command shows how to access help and provides examples for set password_policy.
admin set password_policy --help
Usage: admin set password_policy [OPTIONS]
Update password policy configuration.
Options:
--policy TEXT Password policy configuration as JSON string.
Common Keys:
- length: Minimum password length
- digits: Number of digits required
- lowerCase: Number of lowercase characters required
- upperCase: Number of uppercase characters required
- specialChars: Number of special characters required
- notUsername: Password cannot be same as username (0 or 1)
- passwordHistory: Number of previous passwords to remember
- maxLength: Maximum password length
Examples:
admin set password_policy --policy '{"length": 8, "digits": 1, "upperCase": 1, "specialChars": 1}'
admin set password_policy --policy '{"length": 12, "digits": 2, "lowerCase": 1, "upperCase": 1, "specialChars": 2, "notUsername": 1}'
admin set password_policy --policy '{"length": 10, "passwordHistory": 5, "maxLength": 128}' [required]
--help Show this message and exit.
set roles
The following command shows how to access help and provides examples for set roles.
admin set roles --help
Usage: admin set roles [OPTIONS] ROLE_NAME
Update an existing role.
Examples:
admin set roles admin --description "Updated admin role"
admin set roles manager --permissions "security_officer"
admin set roles operator --description "System operator" --permissions "security_officer"
Options:
-d, --description TEXT New role description
-p, --permissions TEXT Comma-separated list of permission names (replaces existing)
--help Show this message and exit.
Show this message and exit.
set saml-providers
The following command shows how to access help and provides examples for set saml-providers.
admin set saml-providers --help
Usage: admin set saml-providers [OPTIONS] ALIAS
Update an existing SAML SSO provider.
Only the parameters you explicitly provide will be updated.
Examples:
admin set saml-providers azure-ad --display-name "New Azure AD"
admin set saml-providers Test --enabled
admin set saml-providers Test --disabled
admin set saml-providers Test --force-authn
admin set saml-providers Test --no-validate-signature
admin set saml-providers Test --metadata-url "https://new-metadata-url.com"
admin set saml-providers Test --signature-algorithm "RSA_SHA512"
Options:
-d, --display-name TEXT Update display name for the provider
--config-type [metadataUrl|metadataFile]
Update configuration type
--service-provider-entity-id TEXT
Update Service Provider Entity ID
--metadata-url TEXT Update metadata URL
--metadata-file FILENAME Update metadata file content
--signing-certificate TEXT Update signing certificate
--name-id-policy-format TEXT Update NameID Policy Format
--force-authn Enable force authentication
--no-force-authn Disable force authentication
--validate-signature Enable signature validation
--no-validate-signature Disable signature validation
--want-assertions-signed Require signed assertions
--no-want-assertions-signed Don't require signed assertions
--want-assertions-encrypted Require encrypted assertions
--no-want-assertions-encrypted Don't require encrypted assertions
--signature-algorithm TEXT Update signature algorithm
--post-binding-response Enable POST binding for responses
--no-post-binding-response Disable POST binding for responses
--post-binding-authn-request Enable POST binding for auth requests
--no-post-binding-authn-request
Disable POST binding for auth requests
--post-binding-logout Enable POST binding for logout
--no-post-binding-logout Disable POST binding for logout
--want-authn-requests-signed Enable authentication request signing
--no-want-authn-requests-signed
Disable authentication request signing
--attribute-mapping TEXT Update attribute mapping (JSON format)
--enabled Enable the provider
--disabled Disable the provider
--store-token Enable token storage
--no-store-token Disable token storage
--help Show this message and exit.
Note: The
--metadata-fileoption is not supported. You cannot upload or copy the metadata file. Instead, use the--metadata-urloption to configure SAML.
set unlock_user
The following command shows how to access help and provides examples for set unlock_user.
admin set unlock_user --help
Usage: admin set unlock_user [OPTIONS] USER_ID
Unlock a user account and set a new password.
Examples:
admin set unlock_user USER_ID --password "NewPassword123!"
admin set unlock_user USER_ID -p "StrongPass123!"
Options:
-p, --password TEXT New password to set after unlocking [required]
--help Show this message and exit.
set update_password
The following command shows how to access help and provides examples for set update_password.
admin set update_password --help
Usage: admin set update_password [OPTIONS] USER_ID
Update user password.
Examples:
admin set update_password USER_ID --new-password "NewPassword123!" --old-password "OldPass123!"
admin set update_password USER_ID -n "NewPass123!" -o "OldPass123!"
Options:
-n, --new-password TEXT New password [required]
-o, --old-password TEXT Current password for validation [required]
--help Show this message and exit.
set users
The following command shows how to access help and provides examples for set users.
admin set users --help
Usage: admin set users [OPTIONS] USER_ID
Update an existing user.
Examples:
admin set users USER_ID --email newemail@example.com
admin set users USER_ID --roles "admin,manager"
admin set users USER_ID --identity-provider "AWS-IDP:alpha@example.com:alpha@example.com"
admin set users USER_ID --identity-provider "AWS-IDP:alpha@example.com:alpha@example.com" --identity-provider "AZURE-IDP:beta@azure.com:beta"
Options:
-e, --email TEXT New email address
--first-name TEXT New first name
--last-name TEXT New last name
--roles TEXT Comma-separated list of role names (replaces
existing)
--groups TEXT Comma-separated list of group names (replaces
existing)
--identity-provider TEXT Identity provider in format:
PROVIDER_NAME:userId:userName (can be specified
multiple times, replaces existing)
--help Show this message and exit.
set token
The following command shows how to access help and provides examples for set token.
admin set token --help
Usage: admin set token [OPTIONS]
Update access token lifespan and SSO idle timeout.
Examples:
admin set token --lifespan 600
admin set token --lifespan 1200
Options:
--lifespan INTEGER RANGE Access token lifespan in seconds (minimum: 60,
maximum: 3600) [60<=x<=3600; required]
--help Show this message and exit.
test
This section lists the test commands.
The following command shows how to access help and provides examples for test.
admin test --help
Usage: admin test [OPTIONS] COMMAND [ARGS]...
Test various configurations and connections.
Options:
--help Show this message and exit.
Commands:
email Send an email.
entra-id Test Entra ID connection.
test email
The following command shows how to access help and provides examples for test email.
admin test email --help
Usage: admin test email [OPTIONS]
Send an email.
Examples:
admin test email -f "sender@example.com" -t "recipient@example.com" -s "Test" -b "This is a test"
admin test email -f "sender@example.com" -t "recipient@example.com" -c "cc@example.com" --bcc-emails "bcc@example.com" -s "Test" -b "Message"
Options:
-f, --from-email TEXT Sender email address [required]
-t, --to-emails TEXT Recipient email address. For multiple recipients,
provide a comma-separated list [required]
-s, --subject TEXT Email subject [required]
-b, --body TEXT Email body content [required]
-c, --cc-emails TEXT CC email address. For multiple recipients, provide a
comma-separated list
--bcc-emails TEXT BCC email address. For multiple recipients, provide a
comma-separated list
--help Show this message and exit.
test entra-id
The following command shows how to access help and provides examples for test entra-id.
admin test entra-id --help
Usage: admin test entra-id [OPTIONS]
Test Entra ID connection.
Test Options:
1. Test stored configuration: --use-stored
2. Test provided credentials: --tenant-id, --client-id, --client-secret
Examples:
admin test entra-id --use-stored
admin test entra-id --tenant-id "tenant-id" --client-id "client-id" --client-secret "secret"
Options:
--use-stored Test stored configuration
-t, --tenant-id TEXT Entra ID Tenant ID (for direct test)
-c, --client-id TEXT Entra ID Application (Client) ID (for direct test)
-s, --client-secret TEXT Entra ID Application Client Secret (for direct
test)
--help Show this message and exit.