<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7V7ASAVOkta Classic EngineIntegrationsAnswered2019-05-07T09:05:13.000Z2017-06-08T11:27:33.000Z2019-05-07T09:05:13.000Z

ChicoC.46931 (Customer) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:19 AM
Get groups that users belong to efficiently via the Okta API
Hi,

 

I am using the Okta API to list all users and groups, including what users belong to what group.

 

At the moment, I am doing the following:

 * Call List Users API to get all users

 * Call List Groups API to get all groups

 * Call List Group Members API for EACH group (as many API calls as there are groups!)

 

The issue with the above is that if there are many groups (e.g. 100 or more) then I would need to call the Okta API many times (e.g 100 times), which is not ideal! 😞

 

Is there a more efficient way of getting the groups that a user belongs to?

If not, then I would like to suggest either adding the groupIds for each user in the List Users API response, or adding the userIds for each group in the List Groups API response, or both.

 

Cheers,

Chico
  • 6 answers
  • 13.93K views
BohdanB.31736 likes this.

  • cosmin.olteanu1.4793088156579675E12 (Okta, Inc.)

    Please utilize the following API calls to obtain your desired results:

     

    GET subdomain.domain.com/api/v1/users

    GET subdomain.domain.com/api/v1/groups

    GET subdomain.domain.com/api/v1/groups/{{groupIs}}/users

     

    Note that these endpoints are rate limited and you will need to use pagination, grabbing the Link provided in the Headers response if you have too many results. Groups for instance has 10,000 results before pagination. The limit will be presented in the Link.

     

    Thank you for choosing Okta.
    Expand Post

  • ChicoC.46931 (Customer)

    Hi,

     

    Yes, I understand what API calls to make but I would have to call the last API many times (i.e. as many as there groups). For example, if there are 100 groups then I would have to call subdomain.domain.com/api/v1/groups/{{groupIs}}/users 100 times!

     

    Would it not be possible to include userIds for each group in the List Groups API response?

    Maybe it is best if I open a support case for this request.

     

    Chico
    Expand Post

  • SteveD.91642 (Customer)

    I'm trying to do the same thing and really don't want to have to test every group in my application for a user. I'm developing a multi-tenant system and wanted to use groups for the roles within each tenant and assign users to the groups they have access too... For example:

     

    tenant1.admin, tenant1.editor, tenant1.content

     

    There are potentially 1000+ tenants in our system with 3 or 4 roles in each tenant. Making 3000-4000 calls to find out that a user is in 2 groups seems ridiculous. There must be a way to query the groups a user belongs to!
    Expand Post
This question is closed.
Loading
Get groups that users belong to efficiently via the Okta API