DELETE Identity/Group/(prefix)/{principal}

Deletes a group from an identity provider. The local group or team can contain users or other groups from local, AD, or LDAP identity providers. During deletion, Trust Protection Platform removes the local group and retains the identities.

Requirements

  • Permissions: The caller must have Owner permission or have Master Admin permission. However, results are limited to the identity provider that authenticated the caller. For example, if a LDAP caller tries to change information about an AD identity, the API call returns an empty JSON result.
  • Token scope:  Configuration:Delete

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

(prefix)

In the request URL, specify the word local. You can only delete groups in the local provider. To get {prefix} and {universal} information, call POST Identity/Browse.

{principal} In the request URL, specify the Universal Unique Identifier (UUID) of the local group. The format of the UUID, including the absence or presence of curly braces, depends on the settings from the identity provider.

Returns

Response description

Name

Description

HTTP 200

For valid requests, DELETE Identity/Group/(prefix)/{principal} returns a HTTP 200 message and the following data:

  • Message: The operation succeeded.

HTTP 400

For invalid requests, this method returns a Message and one of the following errors:

  • The prefix or principal for the group identity is missing.
  • The group identity is not valid or it doesn't exist.
  • Failed to read the group identity owners: [Identity Error].
  • Failed to read the group identity; owners are empty.
  • Only a Master Admin or an Owner can delete a group.
  • An unknown error occurred.

Example: Remove a local group but retain all user identities

Request for Example

DELETE https://tpp.venafi.example/vedsdk/Identity/Group/local/{8cac286a-0a54-4e10-8317-be5ed3e1c95a}
Authorization:Bearer 4MyGeneratedBearerTknz==

Response for Example

HTTP/1.1 200 OK
{
   "Message":"The operation succeeded."
}