API-Testing applications can edit roles in the Idaptive Directory through SCIM role endpoints. This includes:
-GET: access role information
-POST: add new roles
-PUT/PATCH: update roles or assign users to roles
-DELETE: delete roles
The terms "Groups" and "Roles" are interchangeable. Idaptive uses the term "role" when describing how users are categorized in the Idaptive Directory. The term "group" describes role provisioning through endpoints.
This endpoint returns the information of all the roles of the application. Role names, users involved in the role, and role specifications are outlined in the response.
All group provisioning endpoints use a header with bearer token and a tenant ID to navigate to the correct endpoint. The bearer token is listed in Actions in your SCIM App Settings, or you can use the same bearer token as the one used in the User Provisioning section.
Just like user IDs, each role has a unique corresponding role ID. This request navigates to the endpoint with a role ID and returns all information regarding that role. Examples include involved users, role display name, user display names, user IDs, and role administrative rights.
To collect the correct role ID, you can run the GET all groups request.
This request creates a role and optionally adds a user to that role. More than one user can be added to a created role as long as all of the user IDs are listed as members of the role. You can change information about the created role such as administrative privileges and assigned applications. No configuration is needed aside from the header, which includes the bearer token and tenant ID.
POST one group navigates to the Roles endpoint in the Admin Portal. After running, a newly created role appears there.
This request navigates to a specific role endpoint through the role ID and changes an informational aspect about the role or user associated with the role. The PUT one group method replaces an existing role with an updated version, or creates a new role entirely.
PUT requests edit the same amount of information as POST requests. Additional information can be listed, but it will not appear in the Admin Portal.
The PATCH method allows you to make a minor change to either a role or a user inside of the role. PATCH updates a part of the role without including the entire role information. A role ID is needed when calling uon the
DELETE one group deletes a role. The request uses a role ID to locate the role endpoint. DELETE one group is the only request that returns no information. Requesting DELETE twice will yield an error, since the role ID no longer exists.
Deleting a role will not delete the users involved, but will delete the connections the users have to the nonexistent role.
Updated 7 months ago