> ## Documentation Index > Fetch the complete documentation index at: https://developer.vanta.com/llms.txt > Use this file to discover all available pages before exploring further. # Sync all user accounts > To send us data related to users in your system, you send us `UserAccount` resources. Every partner must send us `UserAccount` resources. This helps us determine whether users have appropriate levels of access and have a secure authentication mechanism. This call replaces ALL existing `UserAccount` resources for the given app and `source_id` - this is a "state of the world" sync. In other words, if a `UserAccount` resource is sent for a user in a previous `sync_all` call, but is not included in a later `sync_all` call for that customer, it is assumed to no longer exist and it is "deletedAt" time in is set to that of the `sync_all` call. The resource will still show in the Vanta UI as a Deactivated `UserAccount`, and `list_all` calls. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:write-resource ``` ** Schema ** Expand the `resources` array below for the schema of `UserAccount`. ## OpenAPI ````yaml /reference/build-integrations.json put /v1/resources/user_account openapi: 3.0.1 info: title: Build integrations description: >- The API that enables syncing and viewing resources **Note for Vanta Gov (FedRAMP) customers:** Select `Vanta Gov (FedRAMP)` from the server dropdown to issue requests against `https://api.vanta-gov.com`. The OAuth token and authorization URLs shown below default to the commercial hosts — Gov customers should replace `api.vanta.com` with `api.vanta-gov.com` and `app.vanta.com` with `app.vanta-gov.com`. termsOfService: https://www.vanta.com/terms contact: name: API Support url: https://help.vanta.com/ email: support@vanta.com license: name: Vanta Terms of Service url: https://www.vanta.com/terms version: 0.0.1 servers: - url: https://api.vanta.com description: Vanta (Commercial) - url: https://api.vanta-gov.com description: Vanta Gov (FedRAMP) security: - oauth: - connectors.self:read-resource - connectors.self:write-resource tags: - name: API Endpoint Vulnerabilities - name: Background Checks - name: Custom Resources - name: Documents - name: MacOS User Computers - name: Package Vulnerabilities - name: Secrets - name: Security Tasks - name: Static Code Analysis Vulnerabilities - name: User Accounts - name: User Security Training Statuses - name: Vulnerable Components - name: Windows User Computers paths: /v1/resources/user_account: put: tags: - User Accounts summary: Sync all user accounts description: >- To send us data related to users in your system, you send us `UserAccount` resources. Every partner must send us `UserAccount` resources. This helps us determine whether users have appropriate levels of access and have a secure authentication mechanism. This call replaces ALL existing `UserAccount` resources for the given app and `source_id` - this is a "state of the world" sync. In other words, if a `UserAccount` resource is sent for a user in a previous `sync_all` call, but is not included in a later `sync_all` call for that customer, it is assumed to no longer exist and it is "deletedAt" time in is set to that of the `sync_all` call. The resource will still show in the Vanta UI as a Deactivated `UserAccount`, and `list_all` calls. ** Headers ** ``` Authorization: Bearer ``` ** Scopes ** ``` connectors.self:write-resource ``` ** Schema ** Expand the `resources` array below for the schema of `UserAccount`. operationId: put-UserAccount requestBody: description: List of resources to sync required: true content: application/json: schema: type: object required: - resourceId - resources properties: resourceId: type: string description: >- Vanta generated identifier for the given resource, and can be found on the developer console page. See the list of registered resources and their IDs on https://app.vanta.com/settings/developer-console/?tab=resources resources: type: array items: properties: displayName: type: string description: >- A human readable label for this resource - will be shown as-is in inventory page. uniqueId: type: string description: A stable global identifier for this resource. externalUrl: type: string description: >- A link to this resource on the partner site. This must be a HTTPS URL. fullName: type: string description: >- The full name of the corresponding user. If your system splits name by given name and family name, send us space separated values. accountName: type: string description: >- In case a fullName is not relevant, like a machine account, populate this field. email: type: string description: >- The email address of the user. This lets us connect accounts to Vanta users. permissionLevel: description: >- What the permission level of the user is. If your system supports more advanced roles, find the closest approximation. This will be used to help populate Vanta access reviews and help customers ensure that the right set of users have access to their relevant systems. enum: - ADMIN - EDITOR - BASE createdTimestamp: type: string format: date-time description: The time at which this user was created in the system. status: description: >- The status of the user. It's acceptable to omit any deactivated users from your application, but if your application has access to deactivated users, it's preferable to send them over with this status. enum: - ACTIVE - DEACTIVATED mfaEnabled: type: boolean description: This value is ignored if `authMethod` is SSO. mfaMethods: items: description: The individual MFA setting. enum: - UNSUPPORTED - DISABLED - SMS - EMAIL - OTP - HARDWARE_TOKEN - PUSH_PROMPT type: array description: >- The MFA settings of the user. This helps customers verify that their users are adequately protecting their accounts. This value is ignored if authMethod is SSO. authMethod: description: >- How the user logs into the system. This is useful for us to validate security properties, like ensuring MFA is enabled if the user logs in with a password. enum: - SSO - PASSWORD - TOKEN - BIOMETRIC roleDescription: type: string description: A human readable description of the user's role. updatedTimestamp: type: string format: date-time description: The last time the user was updated in the system. deactivatedTimestamp: type: string format: date-time description: >- If the user is deactivated, the timestamp of that deactivation. lastLoginTimestamp: type: string format: date-time description: The time at which the user last logged in. lastPasswordResetTimestamp: type: string format: date-time description: >- The time at which the user last reset their password. Helps with future Vanta functionality. groupIds: items: type: string description: The individual group identifier. type: array description: >- If the user belongs to any groups/teams in the product, those corresponding group IDs. We'll map these to groups in our product in the future. required: - displayName - uniqueId - externalUrl - fullName - accountName - email - permissionLevel - createdTimestamp - status - mfaEnabled - mfaMethods - authMethod responses: '200': description: The current resources synced. content: application/json: schema: type: object required: - success properties: success: type: boolean components: securitySchemes: oauth: type: oauth2 x-default: vat_llamainapajama flows: authorizationCode: authorizationUrl: https://app.vanta.com/oauth/authorize tokenUrl: https://api.vanta.com/oauth/token scopes: connectors.self:write-resource: Send data to your account. connectors.self:read-resource: Read data from your account. ````