CLI: Users
Manage users, role assignments, custom claim values, and 2FA via the porta user command.
Mode: HTTP (requires porta login)
User CRUD
porta user create
porta user create --org-id <id> --email alice@example.com \
[--given-name Alice] [--family-name Smith] [--password "secure-password"]| Flag | Required | Description |
|---|---|---|
--org-id | ✅ | Organization ID |
--email | ✅ | Email address |
--given-name | First name | |
--family-name | Last name | |
--nickname | Nickname | |
--password | Initial password | |
--phone-number | Phone number | |
--locale | User locale |
porta user invite
porta user invite --org-id <id> --email bob@example.com \
[--given-name Bob] [--family-name Jones]Creates the user with invited status and sends an invitation email.
porta user list
porta user list --org-id <id> [--status active] [--search "alice"] [--page 1]porta user show
porta user show --org-id <id> --user-id <id>porta user update
porta user update --org-id <id> --user-id <id> \
[--given-name "Alice"] [--family-name "Johnson"] [--locale en]Status Management
porta user suspend --org-id <id> --user-id <id>
porta user activate --org-id <id> --user-id <id>
porta user lock --org-id <id> --user-id <id>
porta user unlock --org-id <id> --user-id <id>
porta user archive --org-id <id> --user-id <id>porta user set-password
porta user set-password --org-id <id> --user-id <id> --password "new-password"User Roles
Assign and manage RBAC roles for a user.
porta user roles assign
porta user roles assign --org-id <id> --user-id <id> --role-id <id>porta user roles remove
porta user roles remove --org-id <id> --user-id <id> --role-id <id>porta user roles list
porta user roles list --org-id <id> --user-id <id>Shows all roles assigned to the user, grouped by application.
User Custom Claims
Set and manage custom claim values for a user.
porta user claims set
porta user claims set --org-id <id> --user-id <id> \
--claim-id <id> --value "Engineering"porta user claims remove
porta user claims remove --org-id <id> --user-id <id> --claim-id <id>porta user claims list
porta user claims list --org-id <id> --user-id <id>Two-Factor Authentication
Admin commands for managing a user's 2FA enrollment.
porta user 2fa status
porta user 2fa status --org-id <id> --user-id <id>Shows whether 2FA is enabled, the method (TOTP/email), and enrollment date.
porta user 2fa disable
porta user 2fa disable --org-id <id> --user-id <id>Force-disables 2FA for the user. Prompts for confirmation.
porta user 2fa reset
porta user 2fa reset --org-id <id> --user-id <id>Resets 2FA, forcing the user to re-enroll on next login. Prompts for confirmation.
GDPR Compliance
Commands for GDPR data portability (Article 20) and right to erasure (Article 17).
porta user export
porta user export --org-id <id> --user-id <id>Exports all personal data for a user as a JSON document. The export includes profile data, organization membership, role assignments, custom claim values, audit log entries, 2FA enrollment status, and active OIDC sessions.
Use --json to pipe the output to a file:
porta user export --org-id <id> --user-id <id> --json > user-data.jsonporta user purge
porta user purge --org-id <id> --user-id <id>Permanently anonymizes and deletes a user's personal data. This operation:
- Anonymizes the user record (replaces PII with anonymized placeholders)
- Deletes all associated data (roles, claims, tokens, 2FA, audit metadata)
- Executes in a single database transaction
Prompts for confirmation before executing. Use --force to skip the confirmation prompt.
Irreversible
Data purge cannot be undone. Super-admin users cannot be purged as a safety measure.