POST Identity/AddGroup
Adds a group to an identity provider. The group or team resides in the local provider. However, members, which are Trust Protection Platform users or groups, can originate from a local, AD, or LDAP provider.
TIP If you are logged into an AD or LDAP provider with View permission and Read permission, you can see local users and groups. Otherwise, call POST Identity/GetMembers.
Requirements
- Permissions: The caller must have Master Admin permission. However, results are limited to the identity provider that authenticated the caller. For example, if a LDAP caller tries to change information about an AD identity, the API call returns an empty JSON result.
- Token scope: Configuration:Manage
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
Name |
Specify a PrefixedName for the new local group. For example, PrefixedName:local:Apache Team3. |
Members |
(Optional) An array of users and groups from one or more identity provider. The syntax varies based on the identity provider. For more information, see Identity Information:
|
Products |
(Optional) An array of Venafi product names: TLS, SSH, Code Signing. |
Returns
Name |
Description |
---|---|
ID |
|
Invalid Owners |
Appears only if an individual or group is not currently a group owner:
|
InvalidMembers |
Appears only if an individual or group member is missing from the identity tree.
|
Message |
If the response is a HTTP 400, it only contains Message and the reason for failure. Omits all other return values.
|
Example: Create a local group and add existing users
Request for Example
POST https://tpp.venafi.example/vedsdk/Identity/AddGroup Authorization:Bearer 4MyGeneratedBearerTknz== { "Name":{ "PrefixedName":"local:Apache Team4" }, "Members":[ { "PrefixedName":"AD+venqa:Bob" }, { "PrefixedName":"local:TestUser2", "PrefixedUniversal":"local:{14d4b717-4981-4e8b-a808-b76f5f768233}" }, { "PrefixedUniversal":"AD+venqa:11111a11111a11111a11111a1111111a" }, { "PrefixedUniversal":"AD+venqa:30ea418420122f4c84d2490b991e1294" } ] }
Response for Example
HTTP/1.1 200 OK { "ID":{ "FullName":"\\VED\\Identity\\Apache Team4", "IsGroup":true, "Name":"Apache Team4", "Prefix":"local", "PrefixedName":"local:Apache Team4", "PrefixedUniversal":"local:{f389989f-eb53-4b77-9ffa-620d8091cf20}", "Type":2, "Universal":"{f389989f-eb53-4b77-9ffa-620d8091cf20}" }, "InvalidMembers":[ { "Prefix":"AD+venqa", "PrefixedName":"AD+venqa:", "PrefixedUniversal":"AD+venqa:11111a11111a11111a11111a1111111a", "Universal":"11111a11111a11111a11111a1111111a" } ] }