Directories Integration

Note: Your Okta org needs to have the AD bidirectional group management feature enabled. Contact your Okta account team to enable this feature.

The Directories Integration API provides operations to manage Active Directory objects in a connected on-premises directory through Okta.

Update an AD Group membership
OAuth 2.0: okta.directories.groups.manage

Updates an AD Group membership directly in AD

Request
path Parameters
appInstanceId
required
string

ID of the AD AppInstance in Okta

Request Body schema: application/json
required
id
string

ID of the AD group to update

object (Parameters)

Attributes used for processing AD Group membership update

action
string

The update action to take

Enum: Description
ADD

Add to the membership of the group

REMOVE

Remove from the membership of the group

attribute
string

The attribute that tracks group memberships in AD. This should be member for AD.

values
Array of strings

List of user IDs whose group memberships to update

Responses
200

OK

400

Bad Request

403

Forbidden

404

Not Found

502

There are no connected agents.

504

Timed out waiting for agent.

post/api/v1/directories/{appInstanceId}/groups/modify
Request samples
application/json
{
  • "id": "string",
  • "parameters": {
    • "action": "ADD",
    • "attribute": "string",
    • "values": [
      ]
    }
}
Response samples
application/json
{
  • "errorCode": "E0000001",
  • "errorSummary": "Api validation failed: {0}",
  • "errorLink": "E0000001",
  • "errorId": "sampleiCF-8D5rLW6myqiPItW",
  • "errorCauses": [ ]
}