search

mbegan / Okta-PSModule

Okta API Powershell Wrapper Module
Other
102 stars 31 forks source link

How do I find out what oktaConvertGroupbyId does? #48

Closed Wq3VDUAK29DdpZZkQTSnGYFY3E closed 4 years ago

Wq3VDUAK29DdpZZkQTSnGYFY3E commented 4 years ago

I am having difficulty identifying what oktaConvertGroupbyId does. I see the /convert in the API concerning the Group but can't find it in the Okta API documentation.

[string]$resource = '/api/internal/groups/' + $gid + '/convert' [string]$method = "Post"

What does oktaConvertGroupbyId actually do? Is it the "Convert Assignments" button in the UI?

mbegan commented 4 years ago

I vaguely recall the purpose of it (also it is not intended to be a public API)

In the early days of Okta group push there wasn't anything in the UI to convert an application group to a push group.

So it is NOT the "convert assignments" button, if you wanted to that it would be a matter of updating the application users scope

You could use oktaGetAppProfilebyUserId and oktaUpdateAppProfilebyUserId to automate the "convert assignment" button.

-Matt

Wq3VDUAK29DdpZZkQTSnGYFY3E commented 4 years ago

I am trying to use the oktaUpdateAppProfilebyUserId to update the "scope" or the "profile.scope" from "User" to "Group" but failing. There is a similar cmdlet, oktaUpdateUserProfilebyID, referenced here: https://github.com/mbegan/Okta-PSModule/issues/11. I tried using similar syntax but am not having any luck.

I have tried -partial as well as trying to replace the entire profile but cannot get a change to commit.

Here is what I have so far:

`$AllUserScopes=$AllOktaAppProfileData | Where-Object {$_.appname -eq "Test App" -and $_.scope -eq "User"}

foreach ($UserScope in $AllUserScopes){
    $CurrentAppProfile = oktaGetAppProfilebyUserId -oOrg prev -aid $UserScope.appid -uid $UserScope.userid | select * -ExpandProperty profile
    $UpdatedAppProfile = $CurrentAppProfile
    $UpdatedAppProfile.profile.scope = 'GROUP'
    oktaUpdateAppProfilebyUserId -oOrg prev -partial -aid $UserScope.appid -uid $UserScope.userid -profile $UpdatedAppProfile
}`

EDIT: Error output:

oktaUpdateAppProfilebyUserId -oOrg prev -partial -aid $UserScope.appid -uid $UserScope.userid -profile $UpdatedAppProfile
VERBOSE: POST https://dev-153154.oktapreview.com/api/v1/apps/0oamkldn3rdCcHuay0h7/users/00uq1y82kiVhkYUo20h7 with 8036-byte payload
VERBOSE: received -byte response of content type application/json
_oktaMakeCall : 
errorCode: E0000001; errorSummary: Api validation failed: assignment; errorId: oaeYXaUWSKuQUuF_BScTLI0MA
        causes:
                Property 'lastUpdated' not found
                Property 'passwordChanged' not found
                Property 'credentials' not found
                Property '_links' not found
                Property 'created' not found
                Property 'scope' not found
                Property 'syncState' not found
                Property 'profile' not found
                Property 'statusChanged' not found
                Property 'id' not found
                Property 'status' not found

At /Users/xxxxxxxxxxx/.local/share/powershell/Modules/Okta/Okta.psm1:704 char:25
+ ... $response = _oktaMakeCall -method $method -uri $uri -headers $headers ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,_oktaMakeCall