Overview 
OVERVIEW
These API endpoint provides methods to manage user groups.
Please see Site Group Management, for site level group actions.
Site group management - Get all site groups
Site group management - Group models
Site group management - Get site group
Site group management - Add site group
Site group management - Add existing group to site
Site group management - Get group module permission
Site group management - Add / edit group module permission
Site group management - Add user to a group
Site group management - Delete user from a group
Site group management - Update site group
Site group management - Get users of a site group
Peter Simpson I was going to create an entirely new post with a question about SCIM provisioning with Azure AD, but I think you more or less answer it here in this nearly year old post, but I wanted to confirm, and it seemed most appropriate to reply here to do so. My question is if Azure AD is our IAM provider, and its a full cloud implementation, so no hybrid configuration/no on prem ad tenant, is it necessary to use the appliance and ad connector? If not required is there any benefit to using that besides not having to build our own SCIM endpoint and provisioning app in our AAD tenant? There is no limitation to simply calling the user and group apis to enable this functionality and no security or design advantage to using the appliance and connector from what I can tell. Is this accurate? Thanks.
Oya Koyukan hmmmm I don't think so, but will ultimately have to defer to Imran Aziz here as the product manager. Everything contained in this site is an http service. In support, I've never spoken to or helped an integrator of ours who is communicating with our system via LDAP...
The aforementioned Active Directory connector has used LDAP in the past, thought I believe we moved away from it. I still believe that protocol would have been between the LDAP server and the connector. The connector to HighQ is REST. Again, Imran Aziz / Nirav Raval please jump in if what I'm saying isn't entirely correct.
EDIT: I did speak to some of the developer's today and they confirmed my suspicions that the Appliance (which accommodates the AD synch) only used LDAP in the AD direction. Appliance --> HighQ is then REST
Thanks Peter, we set up OKTA and informed that it is not possible right now to control highQ user groups through OKTA, like AD. Now we are looking into LDAP, is it possible with LDAP?
Hi Oya Koyukan we do officially integrate with OKTA for SSO capabilities, but I don't think that is what you are asking for here. Its not a 'full sync' like our active directory connector https://knowledge.highq.com/help/apps-plugins-and-connectors/active-directory-connector ..
I am not familiar with the OKTA platform, but if you can make API calls from it then the answer is.... maybe?
More likely: I have seen developers use these endpoints to create a tertiary application (for want of a better phrase) to port users and groups from one system to another. So your integration would sit in-between HighQ and OKTA and make API calls to both.
I am deleting this 5 year old comment:
Please note that these methods are limited to AD groups, as these API methods were implemented for our AD integration, the generic methods to manage groups of all types and at site level have not been implemented and will be made available in our future release.
...because as I understand its no longer relevant. There is now a full compliment of API endpoints to manage site groups. CC Imran Aziz
Hi Imran, has this been implemented for OKTA? Can I use OKTA to create users and security groups for HighQ users so I don't have to create them in HighQ anymore.
Comments
10 Comments