PUT Identity/RemoveGroupMembers

Removes a member from a group in an identity provider. Even though the user or group is removed from the local group, Trust Protection Platform retains the identities.

Requirements

  • Permissions:  The caller must have Owner permission or have Master Admin permission. However, results are limited to the identity provider that authenticated the caller. For example, if a LDAP caller tries to change information about an AD identity, the API call returns an empty JSON result.
  • Token scope:  Configuration:Manage

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

Group

The Identity Entry object of the local, AD, or LDAP group. Specify PrefixedName or PrefixedUniversal values.

Members

An array of user or group identities that are currently in the Group. At least one valid identity is required. To get this information, call POST Identity/GetMembers or use the UI. If the member identity is an owner, it is removed from both owners and members.

The syntax varies based on the identity provider. For more information, see Identity Information:

  • AD: Specify a value for PrefixedName or PrefixedUniversal.
  • LDAP: Specify a value for PrefixedName or PrefixedUniversal.
  • Local: Specify values for both a PrefixedName and PrefixedUniversal.

ShowMembers

(Optional) List or omit owners and members from the response:

  • true: List the remaining members.
  • false: Default. Omit the members.

Returns

The response depends on the ShowMembers setting. If ShowMembers is false, this method returns only a HTTP 200 message. Otherwise, Identity/RemoveGroupMembers returns a HTTP 200 message and the following data.

Response description

Name

Description

InvalidMembers

Appears only if there are invalid members. An array of Identity Entry objects. If a local member is invalid, the FullName value is omitted.

Members

An array of all group members. Each member has Identity Entry object.

Message

If the response is a HTTP 400, it only contains Message and the reason for failure. Omits all other return values.

  • Either the group identity is not valid or none of the members belong to the group.
  • Either the group identity, the members or both are missing.
  • The group identity is not valid or it doesn't exist.

Example: Remove members of a local identity group

In this example, Apache Group4 has identities for people and group1.

Request

PUT https://tpp.venafi.example/vedsdk/Identity/RemoveGroupMembers
Authorization:Bearer 4MyGeneratedBearerTknz==
{
   "Group":{
      "PrefixedName":"local:Apache Group4"
   },
   "Members":[
      {
         "PrefixedName":"local:testuser3",
         "PrefixedUniversal":"local:02c6515f-69f0-4ccd-870b-9db436798221"
      },
      {
         "PrefixedUniversal":"AD+venqa:c0737e55e7bcc340aa426bfe2e639362"
      },
      {
         "PrefixedName":"AD:NonExistent-AD-User"
      }
   ],
   "ShowMembers":true
}

Response

HTTP/1.1 200 OK
{
    "InvalidMembers": [
        {
            "Name": "NonExistent-AD-User",
            "Prefix": "AD",
            "PrefixedName": "AD:NonExistent-AD-User",
            "PrefixedUniversal": "AD:"
        }
    ],
    "Members": [
        {
            "FullName": "CN=bob,CN=Users,DC=venqa,DC=venafi,DC=com",
            "Name": "bob",
            "Prefix": "AD+venqa",
            "PrefixedName": "AD+venqa:bob",
            "PrefixedUniversal": "AD+venqa:77338c27877bd0418c62176f256abd4d",
            "Type": 1,
            "Universal": "77338c27877bd0418c62176f256abd4d" 

        },
        {
            "FullName": "CN=group1,OU=Groups,DC=venqa,DC=venafi,DC=com",
            "IsGroup": true,
            "Name": "group1",
            "Prefix": "AD+venqa",
            "PrefixedName": "AD+venqa:group1",
            "PrefixedUniversal": "AD+venqa:30ea418420122f4c84d2490b991e1294",
            "Type": 2,
            "Universal": "30ea418420122f4c84d2490b991e1294"
        }
    ]
}