group_assignments
Creates, updates, deletes, gets or lists a group_assignments resource.
Overview
| Name | group_assignments |
| Type | Resource |
| Id | okta.apps.group_assignments |
Fields
The following fields are returned by SELECT queries:
- list_application_group_assignments
- get_application_group_assignment
| Name | Datatype | Description |
|---|---|---|
id | string | ID of the group (example: 00g4hb1HChfUriNgW0g4) |
_embedded | object | Embedded resource related to the Application Group using the JSON Hypertext Application Language specification. If the expand=group query parameter is specified, then the group object is embedded. If the expand=metadata query parameter is specified, then the group assignment metadata is embedded. |
_links | object | Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
lastUpdated | string (date-time) | Timestamp when the object was last updated (example: 2014-06-24T15:28:14.000Z) |
priority | integer | Priority assigned to the group. If an app has more than one group assigned to the same user, then the group with the higher priority has its profile applied to the application user. If a priority value isn't specified, then the next highest priority is assigned by default. See Assign attribute group priority and the sample priority use case. |
profile | object | Specifies the profile properties applied to application users that are assigned to the app through group membership. Some reference properties are imported from the target app and can't be configured. See profile. |
| Name | Datatype | Description |
|---|---|---|
id | string | ID of the group (example: 00g4hb1HChfUriNgW0g4) |
_embedded | object | Embedded resource related to the Application Group using the JSON Hypertext Application Language specification. If the expand=group query parameter is specified, then the group object is embedded. If the expand=metadata query parameter is specified, then the group assignment metadata is embedded. |
_links | object | Specifies link relations (see Web Linking) available using the JSON Hypertext Application Language specification. This object is used for dynamic discovery of related resources and lifecycle operations. |
lastUpdated | string (date-time) | Timestamp when the object was last updated (example: 2014-06-24T15:28:14.000Z) |
priority | integer | Priority assigned to the group. If an app has more than one group assigned to the same user, then the group with the higher priority has its profile applied to the application user. If a priority value isn't specified, then the next highest priority is assigned by default. See Assign attribute group priority and the sample priority use case. |
profile | object | Specifies the profile properties applied to application users that are assigned to the app through group membership. Some reference properties are imported from the target app and can't be configured. See profile. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
list_application_group_assignments | select | subdomain | q, after, limit, expand | Lists all app group assignments |
get_application_group_assignment | select | subdomain | expand | Retrieves an app group assignment |
update_group_assignment_to_application | update | subdomain | Updates a group assignment to an app | |
assign_group_to_application | replace | subdomain | Assigns a Group to an app, which in turn assigns the app to each User that belongs to the group. The resulting application user scope is GROUP since the assignment was from the group membership. | |
unassign_application_from_group | delete | subdomain | Unassigns a Group from an app |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
subdomain | string | The domain of your organization. This can be a provided subdomain of an official okta domain (okta.com, oktapreview.com, etc) or one of your configured custom domains. (default: my-org) |
after | string | Specifies the pagination cursor for the next page of results. Treat this as an opaque value obtained through the next link relationship. See Pagination. |
expand | string | An optional query parameter to return the corresponding assigned group or the group assignment metadata details in the _embedded property. |
limit | integer (int32) | Specifies the number of objects to return per page. If there are multiple pages of results, the Link header contains a next link that you need to use as an opaque value (follow it, don't parse it). See [Pagination]https://developer.okta.com/docs/api#pagination. |
q | string | Specifies a filter for a list of assigned groups returned based on their names. The value of q is matched against the group name. This filter only supports the startsWith operation that matches the q string against the beginning of the group name. |
SELECT examples
- list_application_group_assignments
- get_application_group_assignment
Lists all app group assignments
SELECT
id,
_embedded,
_links,
lastUpdated,
priority,
profile
FROM okta.apps.group_assignments
WHERE subdomain = '{{ subdomain }}' -- required
AND q = '{{ q }}'
AND after = '{{ after }}'
AND limit = '{{ limit }}'
AND expand = '{{ expand }}';
Retrieves an app group assignment
SELECT
id,
_embedded,
_links,
lastUpdated,
priority,
profile
FROM okta.apps.group_assignments
WHERE subdomain = '{{ subdomain }}' -- required
AND expand = '{{ expand }}';
UPDATE examples
- update_group_assignment_to_application
Updates a group assignment to an app
UPDATE okta.apps.group_assignments
SET
-- No updatable properties
WHERE
subdomain = '{{ subdomain }}' --required
RETURNING
id,
_embedded,
_links,
lastUpdated,
priority,
profile;
REPLACE examples
- assign_group_to_application
Assigns a Group to an app, which in turn assigns the app to each User that belongs to the group.
The resulting application user scope is GROUP since the assignment was from the group membership.
REPLACE okta.apps.group_assignments
SET
data__priority = {{ priority }},
data__profile = '{{ profile }}'
WHERE
subdomain = '{{ subdomain }}' --required
RETURNING
id,
_embedded,
_links,
lastUpdated,
priority,
profile;
DELETE examples
- unassign_application_from_group
Unassigns a Group from an app
DELETE FROM okta.apps.group_assignments
WHERE subdomain = '{{ subdomain }}' --required;