Reputation: 261
How can I get all groups a user belongs to using Okta's API?
I'm trying to sync users/groups that sit behind Okta in Active Directory. Specifically, I'd like to get all groups a user belongs to, upon login to a third party application.
Looking at the Okta API documentation (http://developer.okta.com/docs/api/resources/groups.html) I see that I could accomplish this by performing the following operations (in pseudo-code):
FETCH ALL GROUPS (using List Groups operation)
FOR EACH GROUP
FETCH A LIST OF USERS (using List Group Members operation)
For my purposes this seems very inefficient, but I can't find a better way of doing this by looking at the documentation.
Ideally, what I would like to do is:
FETCH ALL GROUPS FOR A GIVEN USER ID
Is there any way I could accomplish this ?
Any help is appreciated. Thanks.
Upvotes: 9
Views: 12168
Answers (4)
Reputation: 21
https://developer.okta.com/docs/reference/api/users/#get-user-s-groups how about that? [GET] /api/v1/users/$userid/groups
I also couldn't find a method in UserApi (I'm using Okta Java SDK lib). So I had a look at UserApi class source code and introduced the following method:
public List<Group> listUserGroups(ApiClient apiClient, String userId) throws ApiException {
Object localVarPostBody = null;
if (userId == null) {
throw new ApiException(400, "Missing the required parameter 'userId' when calling listUserBlocks");
} else {
String localVarPath = "/api/v1/users/{userId}/groups".replaceAll("\\{userId\\}", apiClient.escapeString(userId.toString()));
StringJoiner localVarQueryStringJoiner = new StringJoiner("&");
List<Pair> localVarQueryParams = new ArrayList();
List<Pair> localVarCollectionQueryParams = new ArrayList();
Map<String, String> localVarHeaderParams = new HashMap();
Map<String, String> localVarCookieParams = new HashMap();
Map<String, Object> localVarFormParams = new HashMap();
String[] localVarAccepts = new String[]{"application/json"};
String localVarAccept = apiClient.selectHeaderAccept(localVarAccepts);
String[] localVarContentTypes = new String[0];
String localVarContentType = apiClient.selectHeaderContentType(localVarContentTypes);
String[] localVarAuthNames = new String[]{"apiToken", "oauth2"};
TypeReference<List<Group>> localVarReturnType = new TypeReference<>() {
};
return apiClient.invokeAPI(localVarPath, "GET", localVarQueryParams, localVarCollectionQueryParams, localVarQueryStringJoiner.toString(), localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAccept, localVarContentType, localVarAuthNames, localVarReturnType);
}
}
I hope it will help someone.
Upvotes: 0
Reputation: 1257
https://developer.okta.com/docs/reference/api/users/#get-user-s-groups how about that?
[GET] /api/v1/users/$userid/groups
Upvotes: 3
Reputation: 8050
It's also possible to get this list when the user logs in into an app via SAML.
Add a Group Attribute Statement with filter Matches regex and value .*.
You will get the user's groups as part of the XML.
Upvotes: 1
Reputation: 261
I found the answer: the Get Member Groups API call does this exact thing. It's under Related Resources here: http://developer.okta.com/docs/api/resources/users.html
Upvotes: 4
Related Questions
- Get "groups" claims from Okta using the OpenID Connect Authorization Code Flow
- How to add user groups to ID token in Okta?
- How can we screen by user groups from Okta on .NET Core?
- Getting all groups an user is a member of through oauth (google)
- Getting list of groups user is associated with in Okta
- Okta how to pass groups in assertion SAML
- How can I efficiently find out if a user is a member of a group using the Okta API?
- Okta Group Attributes
- Add Okta user to Okta group Python sdk
- Get all the groups the user belongs to