naftiko: 1.0.0-alpha2 info: label: ForgeRock Identity Cloud REST API — Managed Users description: 'ForgeRock Identity Cloud REST API — Managed Users. 6 operations. Lead operation: ForgeRock List managed users. Self-contained Naftiko capability covering one Forgerock business surface.' tags: - Forgerock - Managed Users created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: FORGEROCK_API_KEY: FORGEROCK_API_KEY capability: consumes: - type: http namespace: identity-cloud-managed-users baseUri: https://{tenant}.forgeblocks.com description: ForgeRock Identity Cloud REST API — Managed Users business capability. Self-contained, no shared references. resources: - name: openidm-managed-realm}_user path: /openidm/managed/{realm}_user operations: - name: listmanagedusers method: GET description: ForgeRock List managed users outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createmanageduser method: POST description: ForgeRock Create a managed user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: openidm-managed-realm}_user-userId path: /openidm/managed/{realm}_user/{userId} operations: - name: getmanageduser method: GET description: ForgeRock Get a managed user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updatemanageduser method: PUT description: ForgeRock Replace a managed user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: If-Match in: header type: string description: Revision identifier for optimistic concurrency control - name: body in: body type: object description: Request body (JSON). required: true - name: patchmanageduser method: PATCH description: ForgeRock Patch a managed user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: If-Match in: header type: string description: Revision identifier for optimistic concurrency control - name: body in: body type: object description: Request body (JSON). required: true - name: deletemanageduser method: DELETE description: ForgeRock Delete a managed user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: If-Match in: header type: string description: Revision identifier for optimistic concurrency control authentication: type: bearer token: '{{env.FORGEROCK_API_KEY}}' exposes: - type: rest namespace: identity-cloud-managed-users-rest port: 8080 description: REST adapter for ForgeRock Identity Cloud REST API — Managed Users. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/openidm/managed/realm-user name: openidm-managed-realm-user description: REST surface for openidm-managed-realm}_user. operations: - method: GET name: listmanagedusers description: ForgeRock List managed users call: identity-cloud-managed-users.listmanagedusers outputParameters: - type: object mapping: $. - method: POST name: createmanageduser description: ForgeRock Create a managed user call: identity-cloud-managed-users.createmanageduser with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/openidm/managed/realm-user/{userid} name: openidm-managed-realm-user-userid description: REST surface for openidm-managed-realm}_user-userId. operations: - method: GET name: getmanageduser description: ForgeRock Get a managed user call: identity-cloud-managed-users.getmanageduser outputParameters: - type: object mapping: $. - method: PUT name: updatemanageduser description: ForgeRock Replace a managed user call: identity-cloud-managed-users.updatemanageduser with: If-Match: rest.If-Match body: rest.body outputParameters: - type: object mapping: $. - method: PATCH name: patchmanageduser description: ForgeRock Patch a managed user call: identity-cloud-managed-users.patchmanageduser with: If-Match: rest.If-Match body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deletemanageduser description: ForgeRock Delete a managed user call: identity-cloud-managed-users.deletemanageduser with: If-Match: rest.If-Match outputParameters: - type: object mapping: $. - type: mcp namespace: identity-cloud-managed-users-mcp port: 9090 transport: http description: MCP adapter for ForgeRock Identity Cloud REST API — Managed Users. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: forgerock-list-managed-users description: ForgeRock List managed users hints: readOnly: true destructive: false idempotent: true call: identity-cloud-managed-users.listmanagedusers outputParameters: - type: object mapping: $. - name: forgerock-create-managed-user description: ForgeRock Create a managed user hints: readOnly: false destructive: false idempotent: false call: identity-cloud-managed-users.createmanageduser with: body: tools.body outputParameters: - type: object mapping: $. - name: forgerock-get-managed-user description: ForgeRock Get a managed user hints: readOnly: true destructive: false idempotent: true call: identity-cloud-managed-users.getmanageduser outputParameters: - type: object mapping: $. - name: forgerock-replace-managed-user description: ForgeRock Replace a managed user hints: readOnly: false destructive: false idempotent: true call: identity-cloud-managed-users.updatemanageduser with: If-Match: tools.If-Match body: tools.body outputParameters: - type: object mapping: $. - name: forgerock-patch-managed-user description: ForgeRock Patch a managed user hints: readOnly: false destructive: false idempotent: true call: identity-cloud-managed-users.patchmanageduser with: If-Match: tools.If-Match body: tools.body outputParameters: - type: object mapping: $. - name: forgerock-delete-managed-user description: ForgeRock Delete a managed user hints: readOnly: false destructive: true idempotent: true call: identity-cloud-managed-users.deletemanageduser with: If-Match: tools.If-Match outputParameters: - type: object mapping: $.