PUT Identity/AddGroupMembers

Assigns members to a group in an identity provider. The group resides in the local provider. However, members, which are Trust Protection Platform users or groups, can originate from a local, AD, or LDAP provider.

TIP  If you are logged into an AD or LDAP provider with View permission and Read permission, you can see local users and groups. Otherwise, call POST Identity/GetMembers.

Requirements

  • Permissions:  The caller must have Owner permission or have Master Admin permission. However, results are limited to the identity provider that authenticated the caller. For example, if a LDAP caller tries to change information about an AD identity, the API call returns an empty JSON result.
  • Token scope:  Configuration:Manage

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

Group

The local, AD, or LDAP group. Specify PrefixedName or PrefixedUniversal values. For more information, see The Identity Entry object.

Members

An array of user or group identities that are not currently in the Group. At least one valid identity is required. To get this information, call POST Identity/Browse or use the UI.

The syntax varies based on the identity provider. For more information, see Identity Information.

  • All identity providers: Specify a value for PrefixedName or PrefixedUniversal.

ShowMembers

(Optional) List or omit owners and members from the response:

  • true: List the remaining members.
  • false: Default. Omit the members.

Returns

The response depends on the ShowMembers setting. If ShowMembers is false, this method returns only a HTTP 200 message. Otherwise, Identity/AddGroupMembers returns a HTTP 200 message and the following data.

Response Description

Name

Description

InvalidMembers

Appears only if an individual or group member is missing from the identity tree.

  • Prefix: The identity provider prefix that manages the account or group Name.
  • PrefixedName: The concatenated Prefix: and account Name.
  • PrefixedUniversal: The concatenated Prefix and Universal.
  • Universal: The Universal Unique ID that identifies a user or group identity.

Members

An array of every group member.

  • FullName:The Distinguished Name (DN) of the identity group.
  • IsGroup: The value is true if this instance is a group, otherwise false.
  • Name: The group name.
  • Prefix: The AD, LDAP or Identity provider. For more information, see Identity Information.
  • PrefixedName: The concatenated Prefix: and Group Name.
  • PrefixedUniversal: The concatenated Prefix: and Universal.
  • Type: The type of identity:
    • 1: User
    • 2: SecurityGroups
    • 8: DistributionGroups

      -OR-

    • [Combo value]. Any combination of identity types that are related to the Filter. For example: SecurityGroupsandDistributionGroups = 10.
  • Universal: The Universal Unique ID (UUID) that identifies a user or group identity. The formatting including curly braces depends on the settings from the identity provider. For example, Universal: {f32b5c37-c2d7-49aa-9ef4-2d38954a8b9b}.

Message

If the response is a HTTP 400, it only contains Message and the reason for failure. Omits all other return values.

  • Either the group identity is not valid or all of the members are not valid.
  • Either the group identity, the members or both are missing.

Example: Add users to a local identity group and list all members

Request

PUT https://tpp.venafi.example/vedsdk/Identity/AddGroupMembers
Authorization:Bearer 4MyGeneratedBearerTknz==
{
   "Group":{
      "PrefixedName":"local:Apache Team4"
   },
   "Members":[
      {
         "PrefixedName":"local:testuser3"
      },
      {
         "PrefixedName":"AD+venqa:bob.tomato"
      },
      {
         "PrefixedUniversal":"AD+venqa:11111a11111a11111a11111a1111111a"
      }
   ],
   "ShowMembers":true
}

Response

HTTP/1.1 200 OK
{
   "InvalidMembers":[
      {
         "Prefix":"AD+venqa",
         "PrefixedName":"AD+venqa:",
         "PrefixedUniversal":"AD+venqa:11111a11111a11111a11111a1111111a",
         "Universal":"11111a11111a11111a11111a1111111a"
      }
   ],
   "Members":[
      {
         "FullName":"\\VED\\Identity\\testuser3",
         "Name":"testuser3",
         "Prefix":"local",
         "PrefixedName":"local:testuser3",
         "PrefixedUniversal":"local:{02c6515f-69f0-4ccd-870b-9db436798221}",
         "Type":1,
         "Universal":"{02c6515f-69f0-4ccd-870b-9db436798221}"
      },
      {
         "FullName":"CN=bob,CN=Users,DC=venqa,DC=venafi,DC=com",
         "Name":"bob",
         "Prefix":"AD+venqa",
         "PrefixedName":"AD+venqa:bob",
         "PrefixedUniversal":"AD+venqa:77338c27877bd0418c62176f256abd4d",
         "Type":1,
         "Universal":"77338c27877bd0418c62176f256abd4d"
      },
      {
         "FullName":"CN=group1,OU=Groups,DC=venqa,DC=venafi,DC=com",
         "IsGroup":true,
         "Name":"group1",
         "Prefix":"AD+venqa",
         "PrefixedName":"AD+venqa:group1",
         "PrefixedUniversal":"AD+venqa:30ea418420122f4c84d2490b991e1294",
         "Type":2,
         "Universal":"30ea418420122f4c84d2490b991e1294"
      },
      {
         "FullName":"CN=Bob Tomato,OU=TPP Integration Test Users,
             DC=venqa,DC=venafi,DC=com",
         "Name":"bob.tomato",
         "Prefix":"AD+venqa",
         "PrefixedName":"AD+venqa:bob.tomato",
         "PrefixedUniversal":"AD+venqa:c0737e55e7bcc340aa426bfe2e639362",
         "Universal":"c0737e55e7bcc340aa426bfe2e639362"
      }
   ]
}