Group Membership
For information about creating, updating, and removing groups, including nested groups and external groups, refer to Groups.
There are two ways to add users to a group. The first is to directly add them with the POST {{apiPath}}/environments/{{envID}}/users/{{userID}}/memberOfGroups operation. These members are included in both the directUserCounts and totalUserCounts properties.
The second method is to dynamically add users to a group with the userFilter filter property. You can use this filter with the POST {{apiPath}}/environments/{{envID}}/groups and PUT {{apiPath}}/environments/{{envID}}/groups/{{groupID}} operations. Place the filter in the body of the request as shown in the example below:
{
...
"userFilter": "title eq \'Manager\'",
...
}When the POST or PUT operations above are executed, all existing users that meet the filter criteria are dynamically added to the group. In addition, all subsequent new users that are added that meet the filter criteria are also added to the group. The filter supports all the operators and properties that are supported when searching user data. Refer to Users for a complete list. Members added in this way are included in the totalUserCounts property, but not the directUserCounts property.
A population-level group can contain users from that population only, but an environment-level group can contain users from different populations in the same environment.
|
You cannot delete or disable custom properties or disable standard properties in the user schema that is used by |
Learn more about managing group members in Managing group membership, in the PingOne Admin Guide.
Members directly added to a group with the POST {{apiPath}}/environments/{{envID}}/users/{{userID}}/memberOfGroups operation are removed from the group with the DELETE {{apiPath}}/environments/{{envID}}/users/{{userID}}/memberOfGroups/{{groupID}} operation.
|
If a user is a member of a group that is added to a population, changing the user’s population will remove the user from that group. |
Members dynamically added to a group with the userFilter filter property are automatically removed from the group when the filter criteria is no longer met. You can do this by changing the filter criteria with PUT {{apiPath}}/environments/{{envID}}/groups/{{groupID}} or by changing the user data to no longer match the filter criteria. You cannot remove these members with the DELETE {{apiPath}}/environments/{{envID}}/users/{{userID}}/memberOfGroups/{{groupID}} operation.