Manage users from the HelloJohn CLI — list, create, update, disable, impersonate, and export users.

hj users

The hj users command group manages users within a tenant. Most commands mirror the Admin API but are accessible directly from the terminal.

Commands

Command	Description
`hj users list`	List users with optional filters
`hj users get`	Get a single user's details
`hj users create`	Create a user (skips email verification)
`hj users update`	Update user profile fields
`hj users disable`	Disable a user account
`hj users enable`	Re-enable a disabled account
`hj users delete`	Permanently delete a user
`hj users impersonate`	Get a short-lived session token for a user
`hj users sessions`	List or revoke user sessions
`hj users mfa`	Manage user MFA factors
`hj users export`	Export all data for a user (GDPR)

hj users list

List users in the active tenant:

hj users list

ID                        EMAIL                    STATUS    CREATED
usr_01HABCDEF123456       jane@example.com          active    2024-01-20
usr_01HABCDEF234567       john@example.com          active    2024-02-10
usr_01HABCDEF345678       bob@example.com           disabled  2024-03-01

Filter options:

# Search by email
hj users list --search "jane@"

# Filter by status
hj users list --status disabled

# Filter by organization
hj users list --org org_01HABCDEF000001

# Pagination
hj users list --limit 50 --cursor <next_cursor>

# Output as JSON
hj users list --format json

Flags:

Flag	Description
`--search <query>`	Search by email, name, or ID
`--status <status>`	Filter: `active`, `disabled`, `unverified`
`--org <id>`	Filter by organization membership
`--limit <n>`	Results per page (default: 20, max: 100)
`--cursor <token>`	Pagination cursor
`--format json\|table`	Output format

hj users get

Get a specific user by ID or email:

# By ID
hj users get usr_01HABCDEF123456

# By email
hj users get --email jane@example.com

Output includes: profile, verification status, MFA factors, OAuth connections, last sign-in, organization memberships.

hj users create

Create a user without sending a verification email:

hj users create \
  --email "jane@example.com" \
  --name "Jane Doe" \
  --password "TemporaryPassword123!"

Flags:

Flag	Description
`--email`	Email address (required)
`--name`	Full name
`--first-name`	First name
`--last-name`	Last name
`--password`	Initial password (user can reset)
`--verified`	Mark email as pre-verified (skips email)
`--org <id>`	Add to organization on creation
`--role <role>`	Organization role if `--org` is set

# Create pre-verified admin user
hj users create \
  --email "admin@example.com" \
  --password "SecurePass123!" \
  --verified \
  --org org_01HABCDEF000001 \
  --role admin

hj users update

Update a user's profile:

hj users update usr_01HABCDEF123456 \
  --name "Jane Smith" \
  --email "jane.smith@example.com"

Changing email requires re-verification unless --skip-verification is passed.

Flags:

Flag	Description
`--email`	New email address
`--name`	Full name
`--first-name`	First name
`--last-name`	Last name
`--skip-verification`	Set new email without requiring re-verification
`--metadata-key`	Set a custom metadata key
`--metadata-value`	Value for the metadata key

hj users disable

Disable a user account (blocks all sign-ins and invalidates sessions):

hj users disable usr_01HABCDEF123456

With a reason (visible in audit log):

hj users disable usr_01HABCDEF123456 --reason "Violated terms of service"

Bulk disable:

# Disable multiple users from a file (one ID per line)
hj users disable --from-file user_ids.txt --reason "Account cleanup"

hj users enable

Re-enable a disabled account:

hj users enable usr_01HABCDEF123456

hj users delete

Permanently delete a user and all associated data:

hj users delete usr_01HABCDEF123456

Requires confirmation. This action cannot be undone. All sessions, MFA factors, OAuth connections, and organization memberships are deleted.

hj users impersonate

Get a short-lived session token for a user without knowing their password:

hj users impersonate usr_01HABCDEF123456 \
  --reason "Investigating reported issue #4521" \
  --duration 30m

Output:

{
  "access_token": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9...",
  "expires_at": "2024-06-01T15:30:00Z",
  "user_id": "usr_01HABCDEF123456",
  "audit_event_id": "evt_01HABCDEF999999"
}

Use the access token to make API requests as that user. The impersonation is logged in the audit trail with the reason.

Flags:

Flag	Required	Description
`--reason`	✅	Reason for impersonation (audited)
`--duration`	No	Token TTL: `15m`, `30m`, `1h` (max: `24h`)

hj users sessions

List and manage user sessions:

# List sessions
hj users sessions list usr_01HABCDEF123456

# Revoke all sessions (force sign-out)
hj users sessions revoke-all usr_01HABCDEF123456

Output:

SESSION ID              CREATED              LAST ACTIVE     IP              DEVICE
ses_01HABCDEF111111     2024-06-01 09:00     14 min ago      192.168.1.1     Chrome/macOS
ses_01HABCDEF222222     2024-05-28 16:42     3 days ago      10.0.0.5        Safari/iOS

hj users mfa

Manage a user's MFA factors:

# List factors
hj users mfa list usr_01HABCDEF123456

# Remove a TOTP factor (user must re-enroll)
hj users mfa remove usr_01HABCDEF123456 --factor-id fct_01HABCDEF888888

hj users export

Export all data for a user in JSON format (GDPR portability):

hj users export usr_01HABCDEF123456 --output jane_export.json

Includes profile, sessions history, MFA factors (type only, not secrets), OAuth connections, audit events, and organization memberships.

hj users

On this page