PUT Identity/AddGroupMembers
Assigns members to a group in an identity provider. The group resides in the local provider. However, members, which are Trust Protection Platform users or groups, can originate from a local, AD, or LDAP provider.
TIP If you are logged into an AD or LDAP provider with View permission and Read permission, you can see local users and groups. Otherwise, call POST Identity/GetMembers.
Requirements
- Permissions: The caller must have Owner permission or have Master Admin permission. However, results are limited to the identity provider that authenticated the caller. For example, if a LDAP caller tries to change information about an AD identity, the API call returns an empty JSON result.
- Token scope: Configuration:Manage
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
Group |
The local, AD, or LDAP group. Specify PrefixedName or PrefixedUniversal values. For more information, see The Identity Entry object. |
Members |
An array of user or group identities that are not currently in the Group. At least one valid identity is required. To get this information, call POST Identity/Browse or use the UI. The syntax varies based on the identity provider. For more information, see Identity Information.
|
ShowMembers |
(Optional) List or omit owners and members from the response:
|
Returns
The response depends on the ShowMembers setting. If ShowMembers is false, this method returns only a HTTP 200 message. Otherwise, Identity/AddGroupMembers returns a HTTP 200 message and the following data.
Name |
Description |
---|---|
InvalidMembers |
Appears only if an individual or group member is missing from the identity tree.
|
Members |
An array of every group member.
|
Message |
If the response is a HTTP 400, it only contains Message and the reason for failure. Omits all other return values.
|
Example: Add users to a local identity group and list all members
Request
PUT https://tpp.venafi.example/vedsdk/Identity/AddGroupMembers Authorization:Bearer 4MyGeneratedBearerTknz== { "Group":{ "PrefixedName":"local:Apache Team4" }, "Members":[ { "PrefixedName":"local:testuser3" }, { "PrefixedName":"AD+venqa:bob.tomato" }, { "PrefixedUniversal":"AD+venqa:11111a11111a11111a11111a1111111a" } ], "ShowMembers":true }
Response
HTTP/1.1 200 OK { "InvalidMembers":[ { "Prefix":"AD+venqa", "PrefixedName":"AD+venqa:", "PrefixedUniversal":"AD+venqa:11111a11111a11111a11111a1111111a", "Universal":"11111a11111a11111a11111a1111111a" } ], "Members":[ { "FullName":"\\VED\\Identity\\testuser3", "Name":"testuser3", "Prefix":"local", "PrefixedName":"local:testuser3", "PrefixedUniversal":"local:{02c6515f-69f0-4ccd-870b-9db436798221}", "Type":1, "Universal":"{02c6515f-69f0-4ccd-870b-9db436798221}" }, { "FullName":"CN=bob,CN=Users,DC=venqa,DC=venafi,DC=com", "Name":"bob", "Prefix":"AD+venqa", "PrefixedName":"AD+venqa:bob", "PrefixedUniversal":"AD+venqa:77338c27877bd0418c62176f256abd4d", "Type":1, "Universal":"77338c27877bd0418c62176f256abd4d" }, { "FullName":"CN=group1,OU=Groups,DC=venqa,DC=venafi,DC=com", "IsGroup":true, "Name":"group1", "Prefix":"AD+venqa", "PrefixedName":"AD+venqa:group1", "PrefixedUniversal":"AD+venqa:30ea418420122f4c84d2490b991e1294", "Type":2, "Universal":"30ea418420122f4c84d2490b991e1294" }, { "FullName":"CN=Bob Tomato,OU=TPP Integration Test Users, DC=venqa,DC=venafi,DC=com", "Name":"bob.tomato", "Prefix":"AD+venqa", "PrefixedName":"AD+venqa:bob.tomato", "PrefixedUniversal":"AD+venqa:c0737e55e7bcc340aa426bfe2e639362", "Universal":"c0737e55e7bcc340aa426bfe2e639362" } ] }