The Directories Integration API provides operations to manage Active Directory (AD) objects in a connected on-premises directory through Okta.
You can add or remove users from groups based on their identity and access requirements. This ensures that changes made to user access in Okta are reflected in AD. When you use Okta Access Certifications to revoke a user's membership to an AD group, the removal is reflected in AD.
Okta can only manage group memberships for users and groups imported into Okta using the AD integration. You can't use this API to manage users and groups that weren't imported through AD integration or are outside of the integration's org unit scope.
Updates an Active Directory group membership directly in Active Directory
Note: See Before you begin: Active Directory integration with the following setup in the Use Okta Access Certifications to manage AD group membership product documentation.
OK
Bad Request
Forbidden
Not Found
There are no connected agents.
Timed out waiting for agent
{- "id": "00g1xucgTZFrziXg10g4",
- "parameters": {
- "action": "ADD",
- "attribute": "member",
- "values": [
- "00u1bh5efGKMsSiLv0g4"
]
}
}{- "errorCode": "E0000001",
- "errorSummary": "Api validation failed: {0}",
- "errorLink": "E0000001",
- "errorId": "sampleiCF-8D5rLW6myqiPItW",
- "errorCauses": [ ]
}