search

okta / okta-sdk-php

PHP SDK for the Okta API
Apache License 2.0
38 stars 71 forks source link

User IT - User Group Target Role #32

Closed bretterer closed 4 years ago

bretterer commented 7 years ago
  1. Create a user with credentials, activated by default → POST /api/v1/users?activate=true 
    const newUser = {
profile: {
    firstName: 'John',
    lastName: 'Group-Target',
    email: 'john-group-target@example.com',
    login: 'john-group-target@example.com'
},
credentials: {
    password: { value: 'Abcd1234' }
}
};
  2. Create a new group → POST /api/v1/groups 
    const newGroup = {
profile: {
    name: 'Group-Target Test Group'
}
};
  3. Assign 'USER_ADMIN' role to the user → POST /api/v1/users/{{userId}}/roles (Body → { type: 'USER_ADMIN' })
  4. Add Group Target to 'USER_ADMIN' role → PUT /api/v1/users/{{userId}}/roles/{{roleId}}/targets/groups/{{groupId}}
  5. List Group Targets for role → GET /api/v1/users/{{userId}}/roles/{{roleId}}/targets/groups
  6. Remove Group Target from Admin User Role and verify removed → DELETE /api/v1/users/{{userId}}/roles/{{roleId}}/targets/groups/{{groupId}}

Don’t remove the last group target from a role assignment, as this causes an exception. To get around this, create a new group and add this group target to user admin role Create another group and add this group target to user admin role Now remove the group created in step 2 from the group target role

  1. Delete the group and user → POST /api/v1/users/{{userId}}/lifecycle/deactivate + DELETE /api/v1/users/{{userId}} + DELETE /api/v1/groups/{{groupId}}