search

okta / okta-sdk-php

PHP SDK for the Okta API
Apache License 2.0
38 stars 71 forks source link

Group IT - Group Rule Operations #22

Closed bretterer closed 5 years ago

bretterer commented 7 years ago
  1. Create a user with credentials, activated by default → POST /api/v1/users?activate=true 
    const newUser = {
profile: {
    firstName: 'John',
    lastName: 'With-Group-Rule',
    email: 'john-with-group-rule@example.com',
    login: 'john-with-group-rule@example.com'
},
credentials: {
    password: { value: 'Abcd1234' }
}
};
  2. Create a new group → POST /api/v1/groups 
    const newGroup = {
profile: {
    name: 'Group-Member API Test Group'
}
};
  3. Create a group rule and verify rule executes → POST /api/v1/groups/rules The rule below adds the user created in step 1 to the group created in step 2 upon rule execution/activation 
    const rule = {
type: 'group_rule',
name: 'Test group rule',
conditions: {
    people: {
        users: {
            exclude: []
        },
        groups: {
            exclude: []
        }
    },
    expression: {
        value: `user.lastName=="${createdUser.profile.lastName}"`,
        type: 'urn:okta:expression:1.0'
    }
  },
    actions: {
        assignUserToGroups: {
        groupIds: [
            createdGroup.id
        ]
    }
}
};
  4. Activate the above rule and verify that user is added to the group → POST /api/v1/groups/rules/{{ruleId}}/lifecycle/activate

I have noted that there is a slight delay between the rule activation and triggering the rule action. Hence wait for 1-2 seconds before validating the rule execution, in this case, validating that user was added to the group.

  1. List the group rules and validate the above rule is present → POST /api/v1/groups/rules
  2. Deactivate the rule and update it (Rule can only be updated when it's deactivated) → POST /api/v1/groups/rules/{{ruleId}}/lifecycle/deactivate + POST /api/v1/groups/rules/{{ruleId}} rule.name = 'Test group rule updated'; rule.conditions.expression.value = 'user.lastName==\"incorrect\"';
  3. Activate the updated rule and verify that the user is removed from the group → POST /api/v1/groups/rules/{{ruleId}}/lifecycle/activate
  4. Delete the user, group and group rule → POST /api/v1/users/{{userId}}/lifecycle/deactivate + DELETE /api/v1/users/{{userId}} + DELETE /api/v1/groups/{{groupId}} + DELETE /api/v1/groups/rules/{{ruleId}}