BetterR.72133 (Customer) asked a question.
Which api endpoint should we use to obtain UserGroup id for a given Okta App Group, given we have data returned from api/v1/logs?filter=legacyEventType eq “app.user_management.app_group_member_import.delete_success”. This UserGroup id is returned in calls such as api/v1/groups in its response: id, and api/v1/logs?filter=legacyEventType eq “app.user_management.user_group_import.upsert_success” in its response: target[].type=‘UserGroup’.id.
There’s following issues with these aforementioned calls:
api/v1/logs only returns data published from the past 90 days, our use cases can need data published earlier.
api/v1/groups doesn’t take in any query parameters for unique app group identifiers returned from api/v1/logs?filter=legacyEventType eq “app.user_management.app_group_member_import.delete_success” such as AppGroup.Id, AppGroup.alternativeId. And although AppGroup.name returned from this call can be equal to profile.name returned from api/v1/groups, but name may not be unique across different Okta Groups under the same AppInstance.id, can you also confirm this?
More details from unanswered question > 2 years ago: https://devforum.okta.com/t/how-can-i-correlate-okta-app-group-ids-with-okta-user-group-ids/9021
Okta Version: Version 2022.12.3 C
So to clarify, you are looking for a way to identify app groups by Id?
I tried this particular search and the app group you are looking for can be searched within it: {{url}}/api/v1/logs?filter=EventType eq "app.user_management" and target.id eq "{insert app id here}"
These events will include the "legacyEventType" that you specified earlier. But again, I do want to make sure that I am answering your question, so please do let me know if I am off on what I think our goal is.
Please do let me know either way - thanks!
This call ^ gives 400 Invalid search attribute
Need way to query for UserGroup.id of an app group from either an endpoint that retains data > 90 days (for example returned from api/v1/groups) or api/v1/logs that's triggered by add user to app group (there's api/v1/logs?filter=legacyEventType eq "app.user_management.user_group_import.upsert_success" that returns appGroup and userGroup .id but is not triggered by add user to app group), given only data returned from api/v1/logs?filter=eventType eq "app.user_management" and legacyEventType eq "app.user_management.app_group_member_import.delete_success" which contains data that includes following, but none of which can be used to uniquely query for the app group's UserGroup.id, for example displayName where type = "AppGroup" may not be unique for app, and other ids such as id where type = "AppGroup" is not same value as returned from api/v1/groups.
"target": [
{
"id": "---",
"type": "AppUser",
"alternateId": "---",
"displayName": "---",
"detailEntry": null
},
{
"id": "---",
"type": "AppGroup",
"alternateId": "---",
"displayName": "Check this group out",
"detailEntry": null
},
{
"id": "---",
"type": "User",
"alternateId": "unknown",
"displayName": "unknown",
"detailEntry": null
},
{
"id": "---",
"type": "AppInstance",
"alternateId": "unknown",
"displayName": "unknown",
"detailEntry": null
}
]