Step 4: Assign the Organization Admin role
POST {{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignmentsUse the POST {{apiPath}}/environments/{{envID}}/users/{{solutionUserID}}/roleAssignments request to assign to your user an Organization Admin role.
In this request:
-
{{apiPath}}is the geographic regional domain for the PingOne API endpoints for your PingOne environment. The PingOne top-level domain ishttps://api.pingone.com/v1for the U.S. -
{{envID}}is the ID of the environment you created. If you’re using Postman, this value is automatically set by the script in the Script tab. -
{{userID}}is the ID of the user you created. If you’re using Postman, this value is also automatically set by the script in the Script tab.
In the request body:
-
{{orgAdmRoleID}}is a String containing the role ID for the built-in Organization Admin role. If you’re using Postman, this variable was set automatically in the prior step. -
{{orgID}}is a String containing the organization ID for your PingOne account. -
scope.typeis a String containing the scope of the role assignment. In this case, it must be "ORGANIZATION".
When you’ve successfully completed this request, you’ll have assigned the user both the Environment Admin and Organization Admin roles.
Example Request
-
cURL
-
C#
-
Go
-
HTTP
-
Java
-
jQuery
-
NodeJS
-
Python
-
PHP
-
Ruby
-
Swift
curl --location --globoff '{{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignments' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer {{accessToken}}' \
--data '{
"role": {
"id": "{{orgAdmRoleID}}"
},
"scope": {
"id": "{{orgID}}",
"type": "ORGANIZATION"
}
}'var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignments")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Post);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Bearer {{accessToken}}");
var body = @"{" + "\n" +
@" ""role"": {" + "\n" +
@" ""id"": ""{{orgAdmRoleID}}""" + "\n" +
@" }," + "\n" +
@" ""scope"": {" + "\n" +
@" ""id"": ""{{orgID}}""," + "\n" +
@" ""type"": ""ORGANIZATION""" + "\n" +
@" }" + "\n" +
@"}";
request.AddStringBody(body, DataFormat.Json);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "{{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignments"
method := "POST"
payload := strings.NewReader(`{
"role": {
"id": "{{orgAdmRoleID}}"
},
"scope": {
"id": "{{orgID}}",
"type": "ORGANIZATION"
}
}`)
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/json")
req.Header.Add("Authorization", "Bearer {{accessToken}}")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}POST /environments/{{envID}}/users/{{userID}}/roleAssignments HTTP/1.1
Host: {{apiPath}}
Content-Type: application/json
Authorization: Bearer {{accessToken}}
{
"role": {
"id": "{{orgAdmRoleID}}"
},
"scope": {
"id": "{{orgID}}",
"type": "ORGANIZATION"
}
}OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n \"role\": {\n \"id\": \"{{orgAdmRoleID}}\"\n },\n \"scope\": {\n \"id\": \"{{orgID}}\",\n \"type\": \"ORGANIZATION\"\n }\n}");
Request request = new Request.Builder()
.url("{{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignments")
.method("POST", body)
.addHeader("Content-Type", "application/json")
.addHeader("Authorization", "Bearer {{accessToken}}")
.build();
Response response = client.newCall(request).execute();var settings = {
"url": "{{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignments",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer {{accessToken}}"
},
"data": JSON.stringify({
"role": {
"id": "{{orgAdmRoleID}}"
},
"scope": {
"id": "{{orgID}}",
"type": "ORGANIZATION"
}
}),
};
$.ajax(settings).done(function (response) {
console.log(response);
});var request = require('request');
var options = {
'method': 'POST',
'url': '{{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignments',
'headers': {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
},
body: JSON.stringify({
"role": {
"id": "{{orgAdmRoleID}}"
},
"scope": {
"id": "{{orgID}}",
"type": "ORGANIZATION"
}
})
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});import requests
import json
url = "{{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignments"
payload = json.dumps({
"role": {
"id": "{{orgAdmRoleID}}"
},
"scope": {
"id": "{{orgID}}",
"type": "ORGANIZATION"
}
})
headers = {
'Content-Type': 'application/json',
'Authorization': 'Bearer {{accessToken}}'
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignments');
$request->setMethod(HTTP_Request2::METHOD_POST);
$request->setConfig(array(
'follow_redirects' => TRUE
));
$request->setHeader(array(
'Content-Type' => 'application/json',
'Authorization' => 'Bearer {{accessToken}}'
));
$request->setBody('{\n "role": {\n "id": "{{orgAdmRoleID}}"\n },\n "scope": {\n "id": "{{orgID}}",\n "type": "ORGANIZATION"\n }\n}');
try {
$response = $request->send();
if ($response->getStatus() == 200) {
echo $response->getBody();
}
else {
echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
$response->getReasonPhrase();
}
}
catch(HTTP_Request2_Exception $e) {
echo 'Error: ' . $e->getMessage();
}require "uri"
require "json"
require "net/http"
url = URI("{{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignments")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Post.new(url)
request["Content-Type"] = "application/json"
request["Authorization"] = "Bearer {{accessToken}}"
request.body = JSON.dump({
"role": {
"id": "{{orgAdmRoleID}}"
},
"scope": {
"id": "{{orgID}}",
"type": "ORGANIZATION"
}
})
response = http.request(request)
puts response.read_bodylet parameters = "{\n \"role\": {\n \"id\": \"{{orgAdmRoleID}}\"\n },\n \"scope\": {\n \"id\": \"{{orgID}}\",\n \"type\": \"ORGANIZATION\"\n }\n}"
let postData = parameters.data(using: .utf8)
var request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/users/{{userID}}/roleAssignments")!,timeoutInterval: Double.infinity)
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")
request.httpMethod = "POST"
request.httpBody = postData
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
}
task.resume()Example Response
201 Created
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/2c2d7040-5b5b-4a76-a026-6c45e5b2b568/roleAssignments/d1f54c6b-53f0-4fcf-8c94-50bc0345ccc9"
},
"user": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/users/2c2d7040-5b5b-4a76-a026-6c45e5b2b568"
},
"environment": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
}
},
"id": "d1f54c6b-53f0-4fcf-8c94-50bc0345ccc9",
"scope": {
"id": "6ec753b0-6101-4999-a0e5-6735095cc78e",
"type": "ORGANIZATION"
},
"role": {
"id": "1813bc13-8d13-4e88-a825-d40bfe82777b"
},
"environment": {
"id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
},
"readOnly": false,
"type": "DIRECT",
"user": {
"id": "2c2d7040-5b5b-4a76-a026-6c45e5b2b568"
}
}