Generic SCIM Endpoint - Create Group
Last modified on October 25, 2022
The Create Group endpoint creates the requested role in StrongDM and assigns it to any designated users.
Request
Endpoint
/provisioning/generic/v2/Groups
HTTP method
POST
Parameters
None
Request body attributes
| Attribute | Requirement | Description | Notes | Example |
|---|---|---|---|---|
displayName | Required | Display name of the role | Returns a 400 if the provided value is empty; returns a 409 if the provided value is already in use | "RoleName" |
members | Required | List of the members of the group/role with subattributes value (user ID) and display (human-readable descriptor of the user, for your own use) of the user(s) to be assigned to the role from creation | Returns a 400 if the IDs are formatted incorrectly or are invalid; ignores IDs that are correctly formatted but cannot be found | [{"value": "a-66f584886171b51d", "display": "userEmail@example.test"}] |
schemas | Required | Schema URI for representing groups | Include the value as indicated in the example. | ["urn:ietf:params:scim:schemas:core:2.0:Group"] |
Example request
POST app.strongdm.com/provisioning/generic/v2/Groups
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
"displayName": "RoleName",
"members": [
{
"value": "a-66f584886171b51d",
"display": "userEmail@example.test"
}
]
}
Response
Example success response
{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:Group"],
"displayName": "RoleName",
"id": "r-027230536171b51d",
"members": [
{
"value": "a-66f584886171b51d",
"display": "userEmail@example.test"
}
],
"meta": { "resourceType": "Group", "location": "Groups/r-027230536171b51d" }
}
Example response if displayName was not provided
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:Error"],
"detail": "could not create role: cannot create role: invalid operation: name cannot be empty",
"status": "400"
}
Example response if displayName is already in use
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:Error"],
"scimType": "uniqueness",
"detail": "One or more of the attribute values are already in use or are reserved.",
"status": "409"
}