How to programmatically activate users?

Following a migration to a new self-hosted Zitadel instance a lot of users are suddenly in "Initial" state (those who did not have a password set because they only had logged in via IdP).

I can't seem to find a way to programmatically get them out of this state. I've tried (all using Python and requests with both

Content-Type

Content-Type

and

Accept

Accept

Accept

Accept set to

application/json

application/json

, similar to the code in the API documentation):

PATCH /v2/users/human/<userid> with
```
{"human": {"email": "...", "isVerified": true } }
```
{"human": {"email": "...", "isVerified": true } }
```
{"human": {"email": "...", "isVerified": true } }
```
{"human": {"email": "...", "isVerified": true } }
(result: 400 error,
```
proto: syntax error (line 1:11): unexpected token \\"<email>\\"
```
proto: syntax error (line 1:11): unexpected token \\"<email>\\"
```
proto: syntax error (line 1:11): unexpected token \\"<email>\\"
```
proto: syntax error (line 1:11): unexpected token \\"<email>\\"
)
PUT /v2/users/human/<userid> with
```
{"email": "...", "isVerified": true}
```
{"email": "...", "isVerified": true}
```
{"email": "...", "isVerified": true}
```
{"email": "...", "isVerified": true}
(result: 400 error,
```
proto: syntax error (line 1:11): unexpected token \\"<email>\\"
```
proto: syntax error (line 1:11): unexpected token \\"<email>\\"
```
proto: syntax error (line 1:11): unexpected token \\"<email>\\"
```
proto: syntax error (line 1:11): unexpected token \\"<email>\\"
)
PUT /management/v1/users/<userid>/email with
```
{"email": "...", "isEmailVerified": true}
```
{"email": "...", "isEmailVerified": true}
```
{"email": "...", "isEmailVerified": true}
```
{"email": "...", "isEmailVerified": true}
(result: 400 error,
```
{"code":9, "message":"Användaren är ännu inte initialiserad (COMMAND-J8dsk)", "details":[{"@type":"type.googleapis.com/zitadel.v1.ErrorDetail", "id":"COMMAND-J8dsk", "message":"Användaren är ännu inte initialiserad"}]}
```
{"code":9, "message":"Användaren är ännu inte initialiserad (COMMAND-J8dsk)", "details":[{"@type":"type.googleapis.com/zitadel.v1.ErrorDetail", "id":"COMMAND-J8dsk", "message":"Användaren är ännu inte initialiserad"}]}
```
{"code":9, "message":"Användaren är ännu inte initialiserad (COMMAND-J8dsk)", "details":[{"@type":"type.googleapis.com/zitadel.v1.ErrorDetail", "id":"COMMAND-J8dsk", "message":"Användaren är ännu inte initialiserad"}]}
```
{"code":9, "message":"Användaren är ännu inte initialiserad (COMMAND-J8dsk)", "details":[{"@type":"type.googleapis.com/zitadel.v1.ErrorDetail", "id":"COMMAND-J8dsk", "message":"Användaren är ännu inte initialiserad"}]}
, translates to "The user is not yet initialised")

So - what is the correct way to get a user out of the initialization state via the API? And why did neither of my attempts above work?

Ask Inkeep•11/20/25, 1:41 PM

Hi @Jan, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.

Ask Inkeep•11/20/25, 1:42 PM

Answer

I wasn't able to find a direct answer in the official documentation for programmatically moving users out of the "Initial" state after migration. Here are some relevant sources:

User initialization (1) : A community discussion mentions that with importUserimportUser and isEmailVerifiedisEmailVerified set to true, the user becomes immediately active, avoiding the initial state.
questions-help-bugsDon't send initialization email questions-help-bugsDon't send initialization email : Suggests setting isEmailVerified = trueisEmailVerified = true with a password/hash provided for imported users to let them login immediately, or setting isEmailVerified = falseisEmailVerified = false with no password or passwordChangeRequired = truepasswordChangeRequired = true to trigger initialization email on first login.

The v1 Management API endpoint you tried doesn't work on users in Initial state (1) . The v2 API's importUserimportUser endpoint appears to be the recommended approach for creating users that bypass the Initial state .

Would you like me to provide a general answer based on my knowledge of user state management?

Ask Inkeep•11/20/25, 1:42 PM

To learn more, see the sources I considered:

[1] User initialization
questions-help-bugsDon't send initialization email

Ask Inkeep•11/20/25, 1:42 PM

Feel free to tag @Ask Inkeep with additional questions.