Offline MFA
The Offline MFA API allows you to manage users who are enrolled on a device and can log in even when the device is offline.
Download Offline MFA OpenAPI Document
End Points
Get Offline Enrolled Users
Bulk Delete Offline Enrolled Users
Delete Offline Enrolled User
Attribute
id
string
Unique identifier for the user
display_name
string
Display name of the user
user_name
string
Email address or username of the user
sam_account_name
string
SAM account name of the user
local_account_name
string
Local account name of the user
enrolled_time
date-time
Time when the user was enrolled on the device
primary_source
object
Primary source of the resource.
id
string
Unique identifier of the primary source.
name
string
Name of the primary source.
application_service
object
Service to which the primary source belongs.
id
string
Unique identifier of the service.
display_name
string
Display name of the service.
name
string
Name of the service.
logo
string
URL of the service logo.
enrolled_authenticators
array
List of authenticators enrolled for the user on the device
authn_factor_config_id
string
Unique identifier of the authnfactor config
authn_factor_type
string
Type of the authenticator factor
display_name
string
Display name of the authenticator
{
"id": "2000000000101",
"display_name": "AlexHales",
"user_name": "alexhales@company.com",
"sam_account_name": "alexhales",
"local_account_name": "alexhales",
"enrolled_time": "2023-10-26T03:30:00Z",
"primary_source": {
"id": "2000000002642",
"name": "admp.com",
"application_service": {
"id": "2000000002642",
"display_name": "Universal Directory",
"name": "ZOHO_DIRECTORY",
"logo": "https://example.com/logo.png"
}
},
"enrolled_authenticators": [
{
"authn_factor_config_id": "authenticator-12345",
"authn_factor_type": "TOTP",
"display_name": "Google Authenticator"
}
]
}
Get Offline Enrolled Users
The Get Offline Enrolled Users API can be used to get the list of users enrolled on a device who are allowed to log in even when the device is offline.
OAuth Scope : id360.device.READ,id360.device.ALL
Query Parameters
limit
Limit the number of users to be fetched
from
Start index for pagination.
filter
Filter resources based on a the provided SCIM filter query. Refer to filter section for more details
eg: firstName eq "John" and lastName eq "Doe"
eg: firstName eq "John" and lastName eq "Doe"
sort
Sort the resources based on the provided field. The default sort order is ascending. To sort in descending order, prefix the field with a - (hyphen).
eg: firstName,-lastName
eg: firstName,-lastName
headers_data = Map();
headers_data.put("Accept", "application/json");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://id360.manageengine.com/api/v1/devices/2000000000001/offline-enrolled-users"
type: GET
headers: headers_data
connection: <connection_name>
];
info response;
OkHttpClient client = new OkHttpClient();
Request request = new Request.Builder()
.url("https://id360.manageengine.com/api/v1/devices/2000000000001/offline-enrolled-users")
.get()
.addHeader("Accept", "application/json")
.addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
.build();
Response response = client.newCall(request).execute();
const options = {
method: 'GET',
headers: {
Accept: 'application/json',
Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
}
};
fetch('https://id360.manageengine.com/api/v1/devices/2000000000001/offline-enrolled-users', options)
.then(response => response.json())
.then(response => console.log(response))
.catch(err => console.error(err));
import http.client
conn = http.client.HTTPSConnection("id360.manageengine.com")
headers = {
'Accept': "application/json",
'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
conn.request("GET", "/api/v1/devices/2000000000001/offline-enrolled-users", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
const http = require("https");
const options = {
"method": "GET",
"hostname": "id360.manageengine.com",
"port": null,
"path": "/api/v1/devices/2000000000001/offline-enrolled-users",
"headers": {
"Accept": "application/json",
"Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.end();
curl --request GET \
--url https://id360.manageengine.com/api/v1/devices/2000000000001/offline-enrolled-users \
--header 'Accept: application/json' \
--header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
{
"data": [
{
"id": "2000000000101",
"display_name": "AlexHales",
"user_name": "alexhales@company.com",
"sam_account_name": "alexhales",
"enrolled_time": "2023-10-26T03:30:00Z",
"primary_source": {
"id": "2000000072637",
"name": "Berge-Corp",
"application_service": {
"id": "2000000018007",
"display_name": "Universal Directory",
"name": "ZOHO_DIRECTORY",
"logo": "universal-directory"
}
},
"enrolled_authenticators": [
{
"authn_factor_config_id": "2000000001001",
"factor_type": "GoogleAuthenticator",
"display_name": "Google Authenticator"
},
{
"authn_factor_config_id": "2000000001002",
"factor_type": "MicrosoftAuthenticator",
"display_name": "Microsoft Authenticator"
},
{
"id": "2000000000102",
"factor_type": "FIDOAuthenticator",
"display_name": "FIDO2 Passkeys"
}
]
},
{
"id": "20012002",
"display_name": "JohnDoe",
"user_name": "johndoe@company.com",
"local_account_name": "johndoe",
"enrolled_time": "2023-10-26T03:30:00Z",
"primary_source": {
"id": "2000000072637",
"name": "Berge-Corp",
"application_service": {
"id": "2000000018007",
"display_name": "Universal Directory",
"name": "ZOHO_DIRECTORY",
"logo": "universal-directory"
}
},
"enrolled_authenticators": [
{
"authn_factor_config_id": "2000000001001",
"factor_type": "GoogleAuthenticator",
"display_name": "Google Authenticator"
},
{
"authn_factor_config_id": "2000000001002",
"factor_type": "MicrosoftAuthenticator",
"display_name": "Microsoft Authenticator"
},
{
"id": "2000000000102",
"factor_type": "FIDOAuthenticator",
"display_name": "FIDO2 Passkeys"
}
]
},
{
"id": "20012003",
"display_name": "JaneSmith",
"user_name": "janesmith@company.com",
"local_account_name": "janesmith",
"enrolled_time": "2023-10-26T03:30:00Z",
"primary_source": {
"id": "2000000072637",
"name": "Berge-Corp",
"application_service": {
"id": "2000000018007",
"display_name": "Universal Directory",
"name": "ZOHO_DIRECTORY",
"logo": "universal-directory"
}
},
"enrolled_authenticators": [
{
"authn_factor_config_id": "2000000001001",
"factor_type": "GoogleAuthenticator",
"display_name": "Google Authenticator"
},
{
"authn_factor_config_id": "2000000001002",
"factor_type": "MicrosoftAuthenticator",
"display_name": "Microsoft Authenticator"
},
{
"id": "2000000000102",
"factor_type": "FIDOAuthenticator",
"display_name": "FIDO2 Passkeys"
}
]
}
],
"meta": {
"start_index": 1,
"limit": 100,
"total_no_of_objects": 1
}
}
{
"error": {
"code": "00000101",
"title": "Unauthorized",
"detail": "The OAuth token is invalid."
}
}
{
"error": {
"code": "********",
"title": "Device Not Found",
"detail": "No device found with ID 2000000000001."
}
}
{
"error": {
"code": "00000000",
"title": "Internal Server Error",
"detail": "An unexpected internal error has occurred on the server. Please try again later."
}
}
Bulk Delete Offline Enrolled Users
The Bulk Delete Offline Enrolled Users API can be used to delete multiple users enrolled on a device who are allowed to log in even when the device is offline.
OAuth Scope : id360.device.write,id360.device.delete,id360.device.all
Query Parameters
ids
(Required)
Comma-separated list of resource IDs.
eg: 2000000000011,2000000000012
eg: 2000000000011,2000000000012
headers_data = Map();
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://id360.manageengine.com/api/v1/devices/2000000000001/offline-enrolled-users?ids=2000000000011,2000000000012"
type: DELETE
headers: headers_data
connection: <connection_name>
];
info response;
OkHttpClient client = new OkHttpClient();
Request request = new Request.Builder()
.url("https://id360.manageengine.com/api/v1/devices/2000000000001/offline-enrolled-users?ids=2000000000011%2C2000000000012")
.delete(null)
.addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
.build();
Response response = client.newCall(request).execute();
const options = {
method: 'DELETE',
headers: {
Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
}
};
fetch('https://id360.manageengine.com/api/v1/devices/2000000000001/offline-enrolled-users?ids=2000000000011%2C2000000000012', options)
.then(response => response.json())
.then(response => console.log(response))
.catch(err => console.error(err));
import http.client
conn = http.client.HTTPSConnection("id360.manageengine.com")
headers = { 'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f" }
conn.request("DELETE", "/api/v1/devices/2000000000001/offline-enrolled-users?ids=2000000000011%2C2000000000012", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
const http = require("https");
const options = {
"method": "DELETE",
"hostname": "id360.manageengine.com",
"port": null,
"path": "/api/v1/devices/2000000000001/offline-enrolled-users?ids=2000000000011%2C2000000000012",
"headers": {
"Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.end();
curl --request DELETE \
--url 'https://id360.manageengine.com/api/v1/devices/2000000000001/offline-enrolled-users?ids=2000000000011%2C2000000000012' \
--header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
{
"data": [
{
"resource_id": "2000000000001",
"status": 204
},
{
"resource_id": "2000000000002",
"status": 404,
"error": {
"code": "****",
"title": "Device Not Found",
"detail": "No device found with ID 2000000000001."
}
}
]
}
{
"error": {
"code": "00000101",
"title": "Unauthorized",
"detail": "The OAuth token is invalid."
}
}
{
"error": {
"code": "********",
"title": "Access Denied",
"detail": "You do not have permission to do this operation."
}
}
{
"error": {
"code": "********",
"title": "Device Not Found",
"detail": "No device found with ID 2000000000001."
}
}
{
"error": {
"code": "00000000",
"title": "Internal Server Error",
"detail": "An unexpected internal error has occurred on the server. Please try again later."
}
}
Delete Offline Enrolled User
The Delete Offline Enrolled User API can be used to delete a user enrolled on a device who is allowed to log in even when the device is offline.
OAuth Scope : id360.device.write,id360.device.delete,id360.device.all
headers_data = Map();
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://id360.manageengine.com/api/v1/devices/2000000000001/offline-enrolled-users/2000000000001"
type: DELETE
headers: headers_data
connection: <connection_name>
];
info response;
OkHttpClient client = new OkHttpClient();
Request request = new Request.Builder()
.url("https://id360.manageengine.com/api/v1/devices/2000000000001/offline-enrolled-users/2000000000001")
.delete(null)
.addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
.build();
Response response = client.newCall(request).execute();
const options = {
method: 'DELETE',
headers: {
Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
}
};
fetch('https://id360.manageengine.com/api/v1/devices/2000000000001/offline-enrolled-users/2000000000001', options)
.then(response => response.json())
.then(response => console.log(response))
.catch(err => console.error(err));
import http.client
conn = http.client.HTTPSConnection("id360.manageengine.com")
headers = { 'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f" }
conn.request("DELETE", "/api/v1/devices/2000000000001/offline-enrolled-users/2000000000001", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
const http = require("https");
const options = {
"method": "DELETE",
"hostname": "id360.manageengine.com",
"port": null,
"path": "/api/v1/devices/2000000000001/offline-enrolled-users/2000000000001",
"headers": {
"Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.end();
curl --request DELETE \
--url https://id360.manageengine.com/api/v1/devices/2000000000001/offline-enrolled-users/2000000000001 \
--header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
{
"error": {
"code": "00000101",
"title": "Unauthorized",
"detail": "The OAuth token is invalid."
}
}
{
"error": {
"code": "********",
"title": "Access Denied",
"detail": "You do not have permission to do this operation."
}
}
{
"error": {
"code": "********",
"title": "Device Not Found",
"detail": "No device found with ID 2000000000001."
}
}
{
"error": {
"code": "00000000",
"title": "Internal Server Error",
"detail": "An unexpected internal error has occurred on the server. Please try again later."
}
}