Manage groups using Graph API

Create a group and associate it with an organization

POST /graph

{
  "__objType": "ProfileGroup",
  "name": "Employees",
  "referenceFields": {
    "__objType": "HashMap",
    "Entries": [{
      "__objType": "KeyValue",
      "value": {
        "__objType": "String",
        "value": "${ORGANIZATION_ID}"
      },
      "key": {
        "__objType": "String",
        "value": "ref_Organization_id"
      }
      }]
	},
  "id": "a99f9f51-97cb-4486-86b9-2e08de5cfcd1",
  "type": "employees"
}

Query all ProfileGroup objects associated with an organization

/graph/Organization[@id='ORG_ID']/~OneToMany/ProfileGroup

Add a user to an organization

This example adds a user to a profile group associated with an organization.

POST /graph

operation=AddToProfileGroups&profileId=$PROFILE_ID&profileGroupId=$PROFILE_GROUP_ID_1...&profileGroupId=$PROFILE_GROUP_ID_N&allowAlreadyAdded=false
  • You can repeat the profileGroupId parameter several times to add the user to several groups.

  • allowAlreadyAdded=false makes sure that the same user is not added twice to the same group. Set the flag to true if you intentionally want to create duplicate group memberships.

  • You can use the “Query all ProfileGroup objects related to an organization” query to determine the ProfileGroup id.

Remove a user from an organization

POST /graph

operation=RemoveUserFromOrganization&profileId=$PROFILE_ID&organizationId=$ORGANIZATION_ID

Or alternatively, remove from specific profile groups:

POST /graph

operation=RemoveFromProfileGroups&profileId=$PROFILE_ID&profileGroupId=$PROFILE_GROUP_ID_1...&profileGroupId=$PROFILE_GROUP_ID_N&allowAlreadyRemoved=true
  • You can repeat the profileGroupId parameter several times to remove the user from several groups.

  • allowAlreadyRemoved=true controls whether or not the call returns an error if the user is not a member in the group specified in the call.

Accept or decline an organization group invitation

POST /graph HTTP/1.1
Host: INSERT_IDP_HOST

operation=AcceptOrganizationGroupInvitation&key=$INVITATION_TOKEN&invitationAction=$ACTION
  • $INVITATION_TOKEN is the plain text secret delivered to the user.

  • $ACTION can take the values accept and decline.

Example:

POST /graph HTTP/1.1
Host: INSERT_IDP_HOST

operation=AcceptOrganizationGroupInvitation&key=tgo0dmo48jnd&invitationAction=accept