TechQA.

How can I retrieve Idp Group Users using, oci python SDK?

787 views Asked by At

When I call list_users method for IdentityClient, It enlists the users (Including IDP users.) I have created the IDP Group Mapping in OCI Console. Now I want something where I can identify every specific IDP user's, IDP Group or the Permissions they have without using Identity Console or IDCS API.

Do we have any Provision, where I can enlist IDP group users, or any way to identify, this IDP user, belongs to this IDP group so that on the basis of IDP group mapping I can say this IDP user has these permissions.

oracle amazon-iam oracle-cloud-infrastructure oci-python-sdk
Original Q&A
2

There are 2 answers

0
MrE On

I have been running into the same problem.

You need the OCI SDK to get IDP groups, and IDP groupmappings, but to get the IDP users and IDP groups, you need to create use the IDP APIs. To do so you need to create an app that has the right credentials, autheticate as the app and then use the IDP API endpoint to get the info.

With IDCS, you need to use the API documented here:

https://docs.oracle.com/en/cloud/paas/identity-cloud/rest-api/api-identity-groups.html

and

https://docs.oracle.com/en/cloud/paas/identity-cloud/rest-api/api-identity-users.html

4
Vanja Oljaca On

You can get an IdP User's OCI group membership and then map the OCI group names to IdP group names. This only works if your OCI groups are mapped 1:1 with your IdP groups. Permissions can then be applied to OCI groups via Policies. Will this work for you?

ListUserGroupMemberships API will tell you all the OCI groups that a user belongs to.

If you need the IdP group name and can ensure that group mappings are created 1:1 you can also use ListIdPGroupMappings API to convert OCI group names to IdP group names.

ListUserGroupMemberships API: https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/api/identity/client/oci.identity.IdentityClient.html#oci.identity.IdentityClient.list_user_group_memberships

ListIdpGroupMappings API: https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/api/identity/client/oci.identity.IdentityClient.html#oci.identity.IdentityClient.list_idp_group_mappings

Related Questions in ORACLE

Related Questions in AMAZON-IAM

Related Questions in ORACLE-CLOUD-INFRASTRUCTURE

Related Questions in OCI-PYTHON-SDK

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions