> ## Documentation Index
> Fetch the complete documentation index at: https://developer.vanta.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List all user accounts

> 
List `UserAccount` resources for the given application.

** Headers **
```
Authorization: Bearer <access_token>
```

** Scopes **
```
connectors.self:read-resource
```




## OpenAPI

````yaml /reference/build-integrations.json get /v1/resources/user_account
openapi: 3.0.1
info:
  title: Build integrations
  description: >-
    The API that enables syncing and viewing resources


    **Note for Vanta Gov (FedRAMP) customers:** Select `Vanta Gov (FedRAMP)`
    from the server dropdown to issue requests against
    `https://api.vanta-gov.com`. The OAuth token and authorization URLs shown
    below default to the commercial hosts — Gov customers should replace
    `api.vanta.com` with `api.vanta-gov.com` and `app.vanta.com` with
    `app.vanta-gov.com`.
  termsOfService: https://www.vanta.com/terms
  contact:
    name: API Support
    url: https://help.vanta.com/
    email: support@vanta.com
  license:
    name: Vanta Terms of Service
    url: https://www.vanta.com/terms
  version: 0.0.1
servers:
  - url: https://api.vanta.com
    description: Vanta (Commercial)
  - url: https://api.vanta-gov.com
    description: Vanta Gov (FedRAMP)
security:
  - oauth:
      - connectors.self:read-resource
      - connectors.self:write-resource
tags:
  - name: API Endpoint Vulnerabilities
  - name: Background Checks
  - name: Custom Resources
  - name: Documents
  - name: MacOS User Computers
  - name: Package Vulnerabilities
  - name: Secrets
  - name: Security Tasks
  - name: Static Code Analysis Vulnerabilities
  - name: User Accounts
  - name: User Security Training Statuses
  - name: Vulnerable Components
  - name: Windows User Computers
paths:
  /v1/resources/user_account:
    get:
      tags:
        - User Accounts
      summary: List all user accounts
      description: |

        List `UserAccount` resources for the given application.

        ** Headers **
        ```
        Authorization: Bearer <access_token>
        ```

        ** Scopes **
        ```
        connectors.self:read-resource
        ```
      operationId: get-UserAccount
      parameters:
        - name: resourceId
          in: query
          schema:
            type: string
          required: true
          description: >-
            Vanta generated identifier for the given resource, and can be found
            on the developer console page. See the list of registered resources
            and their IDs on
            https://app.vanta.com/settings/developer-console/<app_id>?tab=resources
      responses:
        '200':
          description: List of resources.
          content:
            application/json:
              schema:
                type: object
                properties:
                  resources:
                    type: array
                    items:
                      properties:
                        displayName:
                          type: string
                          description: >-
                            A human readable label for this resource - will be
                            shown as-is in inventory page.
                        uniqueId:
                          type: string
                          description: A stable global identifier for this resource.
                        externalUrl:
                          type: string
                          description: >-
                            A link to this resource on the partner site. This
                            must be a HTTPS URL.
                        fullName:
                          type: string
                          description: >-
                            The full name of the corresponding user. If your
                            system splits name by given name and family name,
                            send us space separated values.
                        accountName:
                          type: string
                          description: >-
                            In case a fullName is not relevant, like a machine
                            account, populate this field.
                        email:
                          type: string
                          description: >-
                            The email address of the user. This lets us connect
                            accounts to Vanta users.
                        permissionLevel:
                          description: >-
                            What the permission level of the user is. If your
                            system supports more advanced roles, find the
                            closest approximation. This will be used to help
                            populate Vanta access reviews and help customers
                            ensure that the right set of users have access to
                            their relevant systems.
                          enum:
                            - ADMIN
                            - EDITOR
                            - BASE
                        createdTimestamp:
                          type: string
                          format: date-time
                          description: >-
                            The time at which this user was created in the
                            system.
                        status:
                          description: >-
                            The status of the user. It's acceptable to omit any
                            deactivated users from your application, but if your
                            application has access to deactivated users, it's
                            preferable to send them over with this status.
                          enum:
                            - ACTIVE
                            - DEACTIVATED
                        mfaEnabled:
                          type: boolean
                          description: This value is ignored if `authMethod` is SSO.
                        mfaMethods:
                          items:
                            description: The individual MFA setting.
                            enum:
                              - UNSUPPORTED
                              - DISABLED
                              - SMS
                              - EMAIL
                              - OTP
                              - HARDWARE_TOKEN
                              - PUSH_PROMPT
                          type: array
                          description: >-
                            The MFA settings of the user. This helps customers
                            verify that their users are adequately protecting
                            their accounts. This value is ignored if authMethod
                            is SSO.
                        authMethod:
                          description: >-
                            How the user logs into the system. This is useful
                            for us to validate security properties, like
                            ensuring MFA is enabled if the user logs in with a
                            password.
                          enum:
                            - SSO
                            - PASSWORD
                            - TOKEN
                            - BIOMETRIC
                        roleDescription:
                          type: string
                          description: A human readable description of the user's role.
                        updatedTimestamp:
                          type: string
                          format: date-time
                          description: The last time the user was updated in the system.
                        deactivatedTimestamp:
                          type: string
                          format: date-time
                          description: >-
                            If the user is deactivated, the timestamp of that
                            deactivation.
                        lastLoginTimestamp:
                          type: string
                          format: date-time
                          description: The time at which the user last logged in.
                        lastPasswordResetTimestamp:
                          type: string
                          format: date-time
                          description: >-
                            The time at which the user last reset their
                            password. Helps with future Vanta functionality.
                        groupIds:
                          items:
                            type: string
                            description: The individual group identifier.
                          type: array
                          description: >-
                            If the user belongs to any groups/teams in the
                            product, those corresponding group IDs. We'll map
                            these to groups in our product in the future.
                      required:
                        - displayName
                        - uniqueId
                        - externalUrl
                        - fullName
                        - accountName
                        - email
                        - permissionLevel
                        - createdTimestamp
                        - status
                        - mfaEnabled
                        - mfaMethods
                        - authMethod
components:
  securitySchemes:
    oauth:
      type: oauth2
      x-default: vat_llamainapajama
      flows:
        authorizationCode:
          authorizationUrl: https://app.vanta.com/oauth/authorize
          tokenUrl: https://api.vanta.com/oauth/token
          scopes:
            connectors.self:write-resource: Send data to your account.
            connectors.self:read-resource: Read data from your account.

````