> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev.auth0-mintlify.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Link a User Account

> Link two user accounts together forming a primary and secondary relationship. On successful linking, the endpoint returns the new array of the primary account identities.

Note: There are two ways of invoking the endpoint:

- With the authenticated primary account's JWT in the Authorization header, which has the `update:current_user_identities` scope:

  ```http
  POST /api/v2/users/PRIMARY_ACCOUNT_USER_ID/identities
  Authorization: "Bearer PRIMARY_ACCOUNT_JWT"
  {
    "link_with": "SECONDARY_ACCOUNT_JWT"
  }
  ```

  In this case, only the `link_with` param is required in the body, which also contains the JWT obtained upon the secondary account's authentication.

- With a token generated by the API V2 containing the `update:users` scope:

  ```http
  POST /api/v2/users/PRIMARY_ACCOUNT_USER_ID/identities
  Authorization: "Bearer YOUR_API_V2_TOKEN"
  {
    "provider": "SECONDARY_ACCOUNT_PROVIDER",
    "connection_id": "SECONDARY_ACCOUNT_CONNECTION_ID(OPTIONAL)",
    "user_id": "SECONDARY_ACCOUNT_USER_ID"
  }
  ```

  In this case you need to send `provider` and `user_id` in the body. Optionally you can also send the `connection_id` param which is suitable for identifying a particular database connection for the 'auth0' provider.


export const Scopes = ({scopes = []}) => {
  return <div>
      <div class="api-section-heading flex flex-col gap-y-4 w-full">
        <div class="flex items-baseline border-b pb-2.5 border-gray-100 dark:border-gray-800 w-full">
          <h4 class="api-section-heading-title flex-1 mb-0">Scopes</h4>
          <div class="flex items-center"></div>
        </div>
      </div>
      <div class="mt-4">
        <div class="space-y-4 whitespace-normal prose prose-sm prose-gray dark:prose-invert overflow-wrap-anywhere [&_*]:overflow-wrap-anywhere">
          <p class="whitespace-pre-line text-xs">
            {"Scopes define permissions and access levels for API requests and authentication tokens."}
          </p>
        </div>
      </div>
      <div class="flex font-mono text-sm group/param-head param-head break-all relative mt-6" id="scopes-scopes">
        <div class="flex-1 flex flex-col content-start py-0.5 mr-5">
          <div class="flex items-center flex-wrap gap-2">
            <div class="absolute -top-1.5">
              <a href="#scopes-scopes" class="-ml-10 flex items-center opacity-0 border-0 group-hover/param-head:opacity-100 focus:opacity-100 focus:outline-0 py-2 [.expandable-content_&]:-ml-[2.1rem] group/link" aria-label="Navigate to header">
                ​
                <div class="w-6 h-6 rounded-md flex items-center justify-center shadow-sm text-gray-400 dark:text-white/50 dark:bg-background-dark dark:brightness-[1.35] dark:ring-1 dark:hover:brightness-150 bg-white ring-1 ring-gray-400/30 dark:ring-gray-700/25 hover:ring-gray-400/60 dark:hover:ring-white/20 group-focus/link:border-2 group-focus/link:border-primary dark:group-focus/link:border-primary-light">
                  <svg xmlns="http://www.w3.org/2000/svg" fill="gray" height="12px" viewBox="0 0 576 512">
                    <path d="M0 256C0 167.6 71.6 96 160 96h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C98.1 144 48 194.1 48 256s50.1 112 112 112h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C71.6 416 0 344.4 0 256zm576 0c0 88.4-71.6 160-160 160H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c61.9 0 112-50.1 112-112s-50.1-112-112-112H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c88.4 0 160 71.6 160 160zM184 232H392c13.3 0 24 10.7 24 24s-10.7 24-24 24H184c-13.3 0-24-10.7-24-24s10.7-24 24-24z"></path>
                  </svg>
                </div>
              </a>
            </div>
            {scopes.map((scope, index) => {
    return <span class="flex items-center px-2 py-0.5 rounded-md bg-gray-100/50 dark:bg-white/5 text-gray-600 dark:text-gray-200 font-medium break-all" style={{
      lineHeight: "1rem",
      fontSize: "0.75rem",
      fontFamily: 'var(--font-jetbrains-mono), ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace'
    }} data-component-part="field-info-pill" key={index}>
                  {scope}
                </span>;
  })}
          </div>
        </div>
      </div>
    </div>;
};

export const ApiReleaseLifecycle = ({releaseLifecycle = 'GA'}) => {
  const lifecycleMap = {
    ea: 'Early Access',
    ga: 'Generally Available',
    deprecated: 'Deprecated',
    planned: 'Planned',
    beta: 'Beta'
  };
  const LIFECYCLE_THEMES = {
    info: {
      light: {
        bg: 'lab(91.896% .077188 -6.94053)',
        text: 'lab(36.091% 25.9241 -68.0384)'
      },
      dark: {
        bg: 'lab(16.0426% 6.71726 -27.2409)',
        text: 'lab(72.6029% 4.08953 -41.9669)'
      }
    },
    secondary: {
      light: {
        bg: 'lab(90.8548% 11.3355 8.01476)',
        text: 'lab(47.5286% 56.4238 43.4706)'
      },
      dark: {
        bg: 'lab(16.3609% 37.191 25.6346)',
        text: 'lab(71.881% 41.5 29.4839)'
      }
    },
    danger: {
      light: {
        bg: 'lab(94.7916% -.0000298023 0)',
        text: 'lab(54.3656% 0 -.0000119209)'
      },
      dark: {
        bg: 'lab(13.232% 0 0)',
        text: 'lab(51.6164% 0 0)'
      }
    }
  };
  const LIFECYCLE_THEME_MAP = {
    ea: 'info',
    ga: 'info',
    beta: 'info',
    deprecated: 'secondary',
    planned: 'danger'
  };
  const lifecycle = releaseLifecycle.toLocaleLowerCase();
  const lifecycleText = lifecycleMap[lifecycle];
  if (!lifecycleText) {
    return null;
  }
  const theme = LIFECYCLE_THEMES[LIFECYCLE_THEME_MAP[lifecycle]];
  return <div>
      <div className="api-section-heading flex flex-col gap-y-4 w-full">
        <div className="flex items-baseline border-b pb-2.5 border-gray-100 dark:border-gray-800 w-full">
          <h4 className="api-section-heading-title flex-1 mb-0">
            Release Lifecycle
          </h4>
        </div>
      </div>
      <div className="flex font-mono text-sm group/param-head param-head break-all relative mt-2.5" id="releaselifecycle-lifecycle">
        <div className="flex-1 flex flex-col content-start py-0.5 mr-5">
          <div className="flex items-center flex-wrap gap-2">
            <div className="absolute -top-1.5">
              <a href="#releaselifecycle-lifecycle" className="-ml-10 flex items-center opacity-0 border-0 group-hover/param-head:opacity-100 focus:opacity-100 focus:outline-0 py-2 [.expandable-content_&]:-ml-[2.1rem] group/link" aria-label="Navigate to header">
                <div className="w-6 h-6 rounded-md flex items-center justify-center shadow-sm text-gray-400 dark:text-white/50 dark:bg-background-dark dark:brightness-[1.35] dark:ring-1 dark:hover:brightness-150 bg-white ring-1 ring-gray-400/30 dark:ring-gray-700/25 hover:ring-gray-400/60 dark:hover:ring-white/20 group-focus/link:border-2 group-focus/link:border-primary dark:group-focus/link:border-primary-light">
                  <svg xmlns="http://www.w3.org/2000/svg" fill="gray" height="12px" viewBox="0 0 576 512">
                    <path d="M0 256C0 167.6 71.6 96 160 96h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C98.1 144 48 194.1 48 256s50.1 112 112 112h72c13.3 0 24 10.7 24 24s-10.7 24-24 24H160C71.6 416 0 344.4 0 256zm576 0c0 88.4-71.6 160-160 160H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c61.9 0 112-50.1 112-112s-50.1-112-112-112H344c-13.3 0-24-10.7-24-24s10.7-24 24-24h72c88.4 0 160 71.6 160 160zM184 232H392c13.3 0 24 10.7 24 24s-10.7 24-24 24H184c-13.3 0-24-10.7-24-24s10.7-24 24-24z"></path>
                  </svg>
                </div>
              </a>
            </div>
            <span className="inline-flex items-center w-fit font-medium gap-1 py-0.5 px-2 rounded-md" style={{
    lineHeight: '1rem',
    fontSize: '0.75rem',
    fontFamily: 'var(--font-jetbrains-mono), ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace',
    backgroundColor: `light-dark(${theme.light.bg}, ${theme.dark.bg})`,
    color: `light-dark(${theme.light.text}, ${theme.dark.text})`,
    borderColor: `light-dark(color-mix(in oklab, ${theme.light.text} 25%, transparent), color-mix(in oklab, ${theme.dark.text} 25%, transparent))`
  }}>
              {lifecycleText}
            </span>
          </div>
        </div>
      </div>
    </div>;
};

<ApiReleaseLifecycle releaseLifecycle="GA" />

<Scopes scopes={["update:users","update:current_user_identities"]} />


## OpenAPI

````yaml management-api-oas post /users/{id}/identities
openapi: 3.1.0
info:
  title: Auth0 Management API
  description: Auth0 Management API v2.
  termsOfService: https://auth0.com/web-terms/
  contact:
    name: Auth0 Support
    url: https://support.auth0.com
  version: '2.0'
servers:
  - url: https://{tenantDomain}/api/v2
    variables:
      tenantDomain:
        default: '{TENANT}.auth0.com'
        description: Auth0 Tenant Domain
security:
  - bearerAuth: []
externalDocs:
  description: Auth0 Management API Documentation
  url: https://auth0.com/docs/api/management/v2/
paths:
  /users/{id}/identities:
    post:
      tags:
        - users
      summary: Link a User Account
      description: >
        Link two user accounts together forming a primary and secondary
        relationship. On successful linking, the endpoint returns the new array
        of the primary account identities.


        Note: There are two ways of invoking the endpoint:


        - With the authenticated primary account's JWT in the Authorization
        header, which has the `update:current_user_identities` scope:

          ```http
          POST /api/v2/users/PRIMARY_ACCOUNT_USER_ID/identities
          Authorization: "Bearer PRIMARY_ACCOUNT_JWT"
          {
            "link_with": "SECONDARY_ACCOUNT_JWT"
          }
          ```

          In this case, only the `link_with` param is required in the body, which also contains the JWT obtained upon the secondary account's authentication.

        - With a token generated by the API V2 containing the `update:users`
        scope:

          ```http
          POST /api/v2/users/PRIMARY_ACCOUNT_USER_ID/identities
          Authorization: "Bearer YOUR_API_V2_TOKEN"
          {
            "provider": "SECONDARY_ACCOUNT_PROVIDER",
            "connection_id": "SECONDARY_ACCOUNT_CONNECTION_ID(OPTIONAL)",
            "user_id": "SECONDARY_ACCOUNT_USER_ID"
          }
          ```

          In this case you need to send `provider` and `user_id` in the body. Optionally you can also send the `connection_id` param which is suitable for identifying a particular database connection for the 'auth0' provider.
      operationId: post_identities
      parameters:
        - name: id
          in: path
          description: ID of the primary user account to link a second user account to.
          required: true
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/LinkUserIdentityRequestContent'
          application/x-www-form-urlencoded:
            schema:
              $ref: '#/components/schemas/LinkUserIdentityRequestContent'
      responses:
        '201':
          description: Identity successfully added.
          content:
            application/json:
              schema:
                type: array
                description: >-
                  An array of objects with information about the user's
                  identities.
                items:
                  $ref: '#/components/schemas/UserIdentity'
        '400':
          description: Invalid request URI. The message will vary depending on the cause.
          x-description-1: Invalid request body. The message will vary depending on the cause.
          x-description-2: The provider/connection is not configured.
          x-description-3: Main identity and the new one are the same.
          x-description-4: Invalid token (link_with).
          x-description-5: JWT (link_with) contains an invalid aud claim.
          x-description-6: JWT (link_with) must contains sub claim.
          x-description-7: JWT (link_with) contains an invalid sub claim.
          x-description-8: JWT (link_with) must have an alg of RS256.
          x-description-9: JWT (link_with) must have the same issuer as the calling user.
          x-description-10: >-
            JWT (link_with) must have an aud claim that matches that of the
            calling token's azp.
          x-description-11: Linking to an inexistent identity requires a connection.
          x-description-12: Linking to an inexistent identity is not allowed.
          x-description-13: Unable to link with the secondary account.
          x-description-14: Provided secondary account not found.
        '401':
          description: Invalid token.
          x-description-1: Invalid signature received for JSON Web Token validation.
        '403':
          description: >-
            Insufficient scope; expected: update:users,
            update:current_user_identities.
          x-description-1: User to be acted on does not match subject in bearer token.
        '409':
          description: Specified identity already exists.
        '429':
          description: >-
            Too many requests. Check the X-RateLimit-Limit,
            X-RateLimit-Remaining and X-RateLimit-Reset headers.
      security:
        - bearerAuth: []
        - oAuth2ClientCredentials:
            - update:users
            - update:current_user_identities
      x-codeSamples:
        - lang: go
          label: Link a User Account
          source: |
            package example

            import (
                context "context"

                client "github.com/auth0/go-auth0/management/management/client"
                option "github.com/auth0/go-auth0/management/management/option"
                users "github.com/auth0/go-auth0/management/management/users"
            )

            func do() {
                client := client.NewClient(
                    option.WithToken(
                        "<token>",
                    ),
                )
                request := &users.LinkUserIdentityRequestContent{}
                client.Users.Identities.Link(
                    context.TODO(),
                    "id",
                    request,
                )
            }
        - lang: typescript
          label: Link a User Account
          source: |
            import { ManagementClient } from "auth0";

            async function main() {
                const client = new ManagementClient({
                    token: "<token>",
                });
                await client.users.identities.link("id", {});
            }
            main();
        - lang: javascript
          label: Link a User Account
          source: |
            import { ManagementClient } from "auth0";

            async function main() {
                const client = new ManagementClient({
                    token: "<token>",
                });
                await client.users.identities.link("id", {});
            }
            main();
components:
  schemas:
    LinkUserIdentityRequestContent:
      type: object
      additionalProperties: false
      minProperties: 1
      properties:
        provider:
          $ref: '#/components/schemas/UserIdentityProviderEnum'
          description: Identity provider of the secondary user account being linked.
        connection_id:
          type: string
          description: >-
            connection_id of the secondary user account being linked when more
            than one `auth0` database provider exists.
          pattern: ^con_[A-Za-z0-9]{16}$
        user_id:
          $ref: '#/components/schemas/UserId'
          description: user_id of the secondary user account being linked.
        link_with:
          type: string
          description: >-
            JWT for the secondary account being linked. If sending this
            parameter, `provider`, `user_id`, and `connection_id` must not be
            sent.
          default: '{SECONDARY_ACCOUNT_JWT}'
    UserIdentity:
      type: object
      additionalProperties: false
      required:
        - provider
        - user_id
        - connection
      properties:
        connection:
          type: string
          description: Connection name of this identity.
          default: twitter
        user_id:
          $ref: '#/components/schemas/UserId'
          description: user_id of this identity.
        provider:
          type: string
          description: Type of identity provider.
          default: twitter
        profileData:
          $ref: '#/components/schemas/UserProfileData'
        isSocial:
          type: boolean
          description: >-
            Whether the identity provider is a social provider (true) or not
            (false).
        access_token:
          type: string
          description: >-
            IDP access token returned if scope `read:user_idp_tokens` is
            defined.
        access_token_secret:
          type: string
          description: >-
            IDP access token secret returned only if `scope
            read:user_idp_tokens` is defined.
        refresh_token:
          type: string
          description: >-
            IDP refresh token returned only if scope `read:user_idp_tokens` is
            defined.
    UserIdentityProviderEnum:
      type: string
      description: The type of identity provider
      enum:
        - ad
        - adfs
        - amazon
        - apple
        - dropbox
        - bitbucket
        - auth0-oidc
        - auth0
        - baidu
        - bitly
        - box
        - custom
        - daccount
        - dwolla
        - email
        - evernote-sandbox
        - evernote
        - exact
        - facebook
        - fitbit
        - github
        - google-apps
        - google-oauth2
        - instagram
        - ip
        - line
        - linkedin
        - oauth1
        - oauth2
        - office365
        - oidc
        - okta
        - paypal
        - paypal-sandbox
        - pingfederate
        - planningcenter
        - salesforce-community
        - salesforce-sandbox
        - salesforce
        - samlp
        - sharepoint
        - shopify
        - shop
        - sms
        - soundcloud
        - thirtysevensignals
        - twitter
        - untappd
        - vkontakte
        - waad
        - weibo
        - windowslive
        - wordpress
        - yahoo
        - yandex
    UserId:
      description: Unique identifier of the user for this identity.
      oneOf:
        - type: string
          default: abc
          minLength: 1
        - type: integer
          default: 191919191
    UserProfileData:
      type: object
      additionalProperties: true
      properties:
        email:
          type: string
          description: Email address of this user.
        email_verified:
          type: boolean
          description: Whether this email address is verified (true) or unverified (false).
        name:
          type: string
          description: Name of this user.
        username:
          type: string
          description: Username of this user.
          default: johndoe
        given_name:
          type: string
          description: Given name/first name/forename of this user.
        phone_number:
          type: string
          description: Phone number for this user.
        phone_verified:
          type: boolean
          description: Whether this phone number is verified (true) or unverified (false).
        family_name:
          type: string
          description: Family name/last name/surname of this user.
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: jwt
    oAuth2ClientCredentials:
      type: oauth2
      flows:
        clientCredentials:
          tokenUrl: /oauth/token/
          x-form-parameters:
            audience: /api/v2/
          scopes:
            create:actions: Create Actions
            read:actions: Read Actions
            update:actions: Update Actions
            delete:actions: Delete Actions
            read:anomaly_blocks: Read Anomaly Blocks
            delete:anomaly_blocks: Delete Anomaly Blocks
            read:attack_protection: Read Attack Protection
            update:attack_protection: Update Attack Protection
            create:authentication_methods: Create Authentication Methods
            read:authentication_methods: Read Authentication Methods
            update:authentication_methods: Update Authentication Methods
            delete:authentication_methods: Delete Authentication Methods
            read:branding: Read Branding
            update:branding: Update Branding
            delete:branding: Delete Branding
            create:client_credentials: Create Client Credentials
            read:client_credentials: Read Client Credentials
            update:client_credentials: Update Client Credentials
            delete:client_credentials: Delete Client Credentials
            create:client_grants: Create Client Grants
            read:client_grants: Read Client Grants
            update:client_grants: Update Client Grants
            delete:client_grants: Delete Client Grants
            read:client_keys: Read Client Keys
            update:client_keys: Update Client Keys
            read:client_summary: Read Client Summary
            update:client_token_vault_privileged_access: Update Client Token Vault Privileged Access
            create:clients: Create Clients
            read:clients: Read Clients
            update:clients: Update Clients
            delete:clients: Delete Clients
            create:connection_profiles: Create Connection Profiles
            read:connection_profiles: Read Connection Profiles
            update:connection_profiles: Update Connection Profiles
            delete:connection_profiles: Delete Connection Profiles
            create:connections: Create Connections
            read:connections: Read Connections
            update:connections: Update Connections
            delete:connections: Delete Connections
            create:connections_keys: Create Connections Keys
            read:connections_keys: Read Connections Keys
            update:connections_keys: Update Connections Keys
            read:current_user: Read Current User
            delete:current_user: Delete Current User
            create:current_user_device_credentials: Create Current User Device Credentials
            delete:current_user_device_credentials: Delete Current User Device Credentials
            update:current_user_identities: Update Current User Identities
            update:current_user_metadata: Update Current User Metadata
            create:custom_domains: Create Custom Domains
            read:custom_domains: Read Custom Domains
            update:custom_domains: Update Custom Domains
            delete:custom_domains: Delete Custom Domains
            create:custom_signing_keys: Create Custom Signing Keys
            read:custom_signing_keys: Read Custom Signing Keys
            update:custom_signing_keys: Update Custom Signing Keys
            delete:custom_signing_keys: Delete Custom Signing Keys
            read:device_credentials: Read Device Credentials
            delete:device_credentials: Delete Device Credentials
            create:directory_provisionings: Create Directory Provisionings
            read:directory_provisionings: Read Directory Provisionings
            update:directory_provisionings: Update Directory Provisionings
            delete:directory_provisionings: Delete Directory Provisionings
            create:email_provider: Create Email Provider
            read:email_provider: Read Email Provider
            update:email_provider: Update Email Provider
            delete:email_provider: Delete Email Provider
            create:email_templates: Create Email Templates
            read:email_templates: Read Email Templates
            update:email_templates: Update Email Templates
            create:encryption_keys: Create Encryption Keys
            read:encryption_keys: Read Encryption Keys
            update:encryption_keys: Update Encryption Keys
            delete:encryption_keys: Delete Encryption Keys
            read:event_deliveries: Read Event Deliveries
            update:event_deliveries: Update Event Deliveries
            create:event_streams: Create Event Streams
            read:event_streams: Read Event Streams
            update:event_streams: Update Event Streams
            delete:event_streams: Delete Event Streams
            read:events: Read Events
            create:experimentation: Create Experimentation
            read:experimentation: Read Experimentation
            update:experimentation: Update Experimentation
            delete:experimentation: Delete Experimentation
            read:federated_connections_tokens: Read Federated Connections Tokens
            delete:federated_connections_tokens: Delete Federated Connections Tokens
            create:flows: Create Flows
            read:flows: Read Flows
            update:flows: Update Flows
            delete:flows: Delete Flows
            read:flows_executions: Read Flows Executions
            delete:flows_executions: Delete Flows Executions
            create:flows_vault_connections: Create Flows Vault Connections
            read:flows_vault_connections: Read Flows Vault Connections
            update:flows_vault_connections: Update Flows Vault Connections
            delete:flows_vault_connections: Delete Flows Vault Connections
            create:forms: Create Forms
            read:forms: Read Forms
            update:forms: Update Forms
            delete:forms: Delete Forms
            read:grants: Read Grants
            delete:grants: Delete Grants
            read:group_members: Read Group Members
            create:group_roles: Create Group Roles
            read:group_roles: Read Group Roles
            delete:group_roles: Delete Group Roles
            read:groups: Read Groups
            delete:groups: Delete Groups
            create:guardian_enrollment_tickets: Create Guardian Enrollment Tickets
            read:guardian_enrollments: Read Guardian Enrollments
            delete:guardian_enrollments: Delete Guardian Enrollments
            read:guardian_factors: Read Guardian Factors
            update:guardian_factors: Update Guardian Factors
            create:hooks: Create Hooks
            read:hooks: Read Hooks
            update:hooks: Update Hooks
            delete:hooks: Delete Hooks
            create:log_streams: Create Log Streams
            read:log_streams: Read Log Streams
            update:log_streams: Update Log Streams
            delete:log_streams: Delete Log Streams
            read:logs: Read Logs
            read:logs_users: Read Logs Users
            read:mfa_policies: Read Mfa Policies
            update:mfa_policies: Update Mfa Policies
            create:network_acls: Create Network Acls
            read:network_acls: Read Network Acls
            update:network_acls: Update Network Acls
            delete:network_acls: Delete Network Acls
            create:organization_client_grants: Create Organization Client Grants
            read:organization_client_grants: Read Organization Client Grants
            delete:organization_client_grants: Delete Organization Client Grants
            create:organization_connections: Create Organization Connections
            read:organization_connections: Read Organization Connections
            update:organization_connections: Update Organization Connections
            delete:organization_connections: Delete Organization Connections
            create:organization_discovery_domains: Create Organization Discovery Domains
            read:organization_discovery_domains: Read Organization Discovery Domains
            update:organization_discovery_domains: Update Organization Discovery Domains
            delete:organization_discovery_domains: Delete Organization Discovery Domains
            create:organization_group_roles: Create Organization Group Roles
            read:organization_group_roles: Read Organization Group Roles
            delete:organization_group_roles: Delete Organization Group Roles
            read:organization_groups: Read Organization Groups
            create:organization_invitations: Create Organization Invitations
            read:organization_invitations: Read Organization Invitations
            delete:organization_invitations: Delete Organization Invitations
            read:organization_member_effective_roles: Read Organization Member Effective Roles
            read:organization_member_role_source_groups: Read Organization Member Role Source Groups
            create:organization_member_roles: Create Organization Member Roles
            read:organization_member_roles: Read Organization Member Roles
            delete:organization_member_roles: Delete Organization Member Roles
            create:organization_members: Create Organization Members
            read:organization_members: Read Organization Members
            delete:organization_members: Delete Organization Members
            create:organizations: Create Organizations
            read:organizations: Read Organizations
            update:organizations: Update Organizations
            delete:organizations: Delete Organizations
            read:organizations_summary: Read Organizations Summary
            create:phone_providers: Create Phone Providers
            read:phone_providers: Read Phone Providers
            update:phone_providers: Update Phone Providers
            delete:phone_providers: Delete Phone Providers
            create:phone_templates: Create Phone Templates
            read:phone_templates: Read Phone Templates
            update:phone_templates: Update Phone Templates
            delete:phone_templates: Delete Phone Templates
            read:prompts: Read Prompts
            update:prompts: Update Prompts
            create:rate_limit_policies: Create Rate Limit Policies
            read:rate_limit_policies: Read Rate Limit Policies
            update:rate_limit_policies: Update Rate Limit Policies
            delete:rate_limit_policies: Delete Rate Limit Policies
            read:refresh_tokens: Read Refresh Tokens
            update:refresh_tokens: Update Refresh Tokens
            delete:refresh_tokens: Delete Refresh Tokens
            create:resource_servers: Create Resource Servers
            read:resource_servers: Read Resource Servers
            update:resource_servers: Update Resource Servers
            delete:resource_servers: Delete Resource Servers
            create:role_members: Create Role Members
            read:role_members: Read Role Members
            delete:role_members: Delete Role Members
            create:roles: Create Roles
            read:roles: Read Roles
            update:roles: Update Roles
            delete:roles: Delete Roles
            create:rules: Create Rules
            read:rules: Read Rules
            update:rules: Update Rules
            delete:rules: Delete Rules
            read:rules_configs: Read Rules Configs
            update:rules_configs: Update Rules Configs
            delete:rules_configs: Delete Rules Configs
            create:scim_config: Create Scim Config
            read:scim_config: Read Scim Config
            update:scim_config: Update Scim Config
            delete:scim_config: Delete Scim Config
            create:scim_token: Create Scim Token
            read:scim_token: Read Scim Token
            delete:scim_token: Delete Scim Token
            read:self_service_profile_custom_texts: Read Self Service Profile Custom Texts
            update:self_service_profile_custom_texts: Update Self Service Profile Custom Texts
            create:self_service_profiles: Create Self Service Profiles
            read:self_service_profiles: Read Self Service Profiles
            update:self_service_profiles: Update Self Service Profiles
            delete:self_service_profiles: Delete Self Service Profiles
            read:sessions: Read Sessions
            update:sessions: Update Sessions
            delete:sessions: Delete Sessions
            create:signing_keys: Create Signing Keys
            read:signing_keys: Read Signing Keys
            update:signing_keys: Update Signing Keys
            create:sso_access_tickets: Create Sso Access Tickets
            delete:sso_access_tickets: Delete Sso Access Tickets
            read:stats: Read Stats
            read:tenant_settings: Read Tenant Settings
            update:tenant_settings: Update Tenant Settings
            create:token_exchange_profiles: Create Token Exchange Profiles
            read:token_exchange_profiles: Read Token Exchange Profiles
            update:token_exchange_profiles: Update Token Exchange Profiles
            delete:token_exchange_profiles: Delete Token Exchange Profiles
            create:user_attribute_profiles: Create User Attribute Profiles
            read:user_attribute_profiles: Read User Attribute Profiles
            update:user_attribute_profiles: Update User Attribute Profiles
            delete:user_attribute_profiles: Delete User Attribute Profiles
            read:user_effective_permissions: Read User Effective Permissions
            read:user_effective_roles: Read User Effective Roles
            read:user_idp_tokens: Read User Idp Tokens
            read:user_permission_source_roles: Read User Permission Source Roles
            read:user_role_source_groups: Read User Role Source Groups
            create:user_tickets: Create User Tickets
            create:users: Create Users
            read:users: Read Users
            update:users: Update Users
            delete:users: Delete Users
            update:users_app_metadata: Update Users App Metadata
            create:vdcs_templates: Create Vdcs Templates
            read:vdcs_templates: Read Vdcs Templates
            update:vdcs_templates: Update Vdcs Templates
            delete:vdcs_templates: Delete Vdcs Templates

````