<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z0000A6ceqFCQQOkta Classic EngineAPI Access ManagementAnswered2024-08-06T22:44:38.000Z2024-04-21T13:26:59.000Z2024-05-03T17:21:53.000Z

HavivO.09641 (Customer) asked a question.

April 21, 2024 at 1:26 PM
create okta group rule with API add users that members in group A to group B

Hello,

I'm trying to create with python group rule to assign all okta users that are members in group A to group B

in the okta UI it looks like this:

 

/help/servlet/rtaImage?refid=0EM4z000007Ia3e

I'm trying to get the syntax to create this API call with python

all I found in the documentation is the following example:

curl -v -X POST \

-H "Accept: application/json" \

-H "Content-Type: application/json" \

-H "Authorization: SSWS ${api_token}" \

-d '{

"type": "group_rule",

"name": "Engineering group rule",

"conditions": {

"people": {

"users": {

"exclude": [

"00u22w79JPMEeeuLr0g4"

]

},

"groups": {

"exclude": []

}

},

"expression": {

"value": "user.role==\"Engineer\"",

"type": "urn:okta:expression:1.0"

}

},

"actions": {

"assignUserToGroups": {

"groupIds": [

"00gjitX9HqABSoqTB0g3"

]

}

}

}' "https://${yourOktaDomain}/api/v1/groups/rules"

 

but failed to adjust it to my needs,

can you please assist?

 

Thanks, Or

  • 3 answers
  • 476 views

  • Mihai N. (Okta, Inc.)

    Hi @HavivO.09641 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

     

    Please note that providing custom scripting is outside of Okta Support scope. 

    That being said, I can try to provide some general advice.  

     

    If you are looking for a simple rule like 

    IF users are part of GroupA THEN Assign to GroupB

     

    You will need to leverage the involved group IDs in the request. 

    Here is an API request example where 00g144wasdfljB1r0x8 and 00g144xtwasdvcRcO0x8 are the respective group IDs : 

     

    curl -v -X POST \

    -H "Accept: application/json" \

    -H "Content-Type: application/json" \

    -H "Authorization: SSWS ${api_token}" \

    -d '{

      "type": "group_rule",

      "name": "API_GroupRuleTEST",

      "conditions": {

        "expression": {

          "value": "isMemberOfAnyGroup(\"00g144wasdfljB1r0x8\")",

          "type": "urn:okta:expression:1.0"

        }

      },

      "actions": {

        "assignUserToGroups": {

          "groupIds": [

            "00g144xtwasdvcRcO0x8"

          ]

        }

      },

      "allGroupsValid": true

    }

     

     

     

    Please note that newly created group rules are always INACTIVE. You'll need to run a separate request .  

    https://developer.okta.com/docs/reference/api/groups/#activate-a-group-rule

     

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

     

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best

  • Mihai N. (Okta, Inc.)

    Hi @HavivO.09641 (Customer)​ , Thank you for reaching out to the Okta Community! 

     

     

    Please note that providing custom scripting is outside of Okta Support scope. 

    That being said, I can try to provide some general advice.  

     

    If you are looking for a simple rule like 

    IF users are part of GroupA THEN Assign to GroupB

     

    You will need to leverage the involved group IDs in the request. 

    Here is an API request example where 00g144wasdfljB1r0x8 and 00g144xtwasdvcRcO0x8 are the respective group IDs : 

     

    curl -v -X POST \

    -H "Accept: application/json" \

    -H "Content-Type: application/json" \

    -H "Authorization: SSWS ${api_token}" \

    -d '{

      "type": "group_rule",

      "name": "API_GroupRuleTEST",

      "conditions": {

        "expression": {

          "value": "isMemberOfAnyGroup(\"00g144wasdfljB1r0x8\")",

          "type": "urn:okta:expression:1.0"

        }

      },

      "actions": {

        "assignUserToGroups": {

          "groupIds": [

            "00g144xtwasdvcRcO0x8"

          ]

        }

      },

      "allGroupsValid": true

    }

     

     

     

    Please note that newly created group rules are always INACTIVE. You'll need to run a separate request .  

    https://developer.okta.com/docs/reference/api/groups/#activate-a-group-rule

     

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

     

    --

    Help others in the community by liking or hitting Select as Best if this response helped you.

    Expand Post
    Selected as Best

  • GabrielS.99710 (Customer)

    i tried the Python example in the docs. it took a bit of work to get it to run.

     

    here's a better version. the lines that are commented out are optional. uncomment them (and complete them) if you like.

     

    i also recommend using requests.Session() for better performance.

     

    import requests

     

    your_okta_domain = "subdomain.okta.com"

    url = "https://" + your_okta_domain + "/api/v1/groups/rules"

    token = 'YOUR_API_TOKEN_HERE'

     

    # session has better performance

    session = requests.Session()

    session.headers['authorization'] = 'SSWS ' + token

     

    rule = {

     "name": "py group rule 1",

     "actions": {

      "assignUserToGroups": {

       "groupIds": [

        "00g..."

       ]

      }

     },

     "conditions": {

      "expression": {

       "type": "urn:okta:expression:1.0",

       "value": "..."

      },

      # "people": {

      #  "groups": {

      #   "exclude": [

      #    "string"

      #   ],

      #   "include": [

      #    "string"

      #   ]

      #  },

      #  "users": {

      #   "exclude": [

      #    "string"

      #   ],

      #   "include": [

      #    "string"

      #   ]

      #  }

      # }

     },

     "type": "group_rule"

    }

     

    response = session.post(url, json=rule)

     

    new_rule = response.json()

    print(new_rule)

    Expand Post
This question is closed.
Loading
create okta group rule with API add users that members in group A to group B