Group Rules with Postman
Keeping user groups and permissions in order can be a hassle, but with Okta and Postman, it doesn't have to be.
In this post, I'll walk you through a simple process to manage Okta group rules using Postman. Whether you need to deactivate old rules, delete them, create new ones, or activate them, I've got you covered. Let's dive in and make group management a breeze!
Prerequisites:
- Postman: Ensure you have Postman installed. If not, you can use the online version.
- Okta API Token: Generate an API token in your Okta admin dashboard.
- Okta Domain: Note down your Okta domain.
Step 1: Create the CSV file
- Export Group Rules:
- Go to your Okta Admin Console and export your Group rules using Rockstar.
ruleName | name | status | if | assignToGroupIds |
0prfcnp0j4W36zlC31d7 | test rule
| ACTIVE | user.department == \"Sales\" | 00gfcmyea4gjTF8uU1d7 |
RuleName: The ID of the old rule from Okta. This helps identify which rule is being modified or replaced.
Name: The name of the rule. This makes it easier to identify the purpose or function of each rule.
If : The condition for the rule, using Okta Expression Language. This defines the criteria under which the rule is applied.
AssignToGroupIds : The new group ID where you want to apply the rule. This specifies the group(s) that the rule will be assigned to.
Modify the CSV File:
- Update the CSV file with your existing group rule IDs, rule name, status, conditions (using Okta Expression Language), and the group IDs where you want to apply these group rules.
Step 2. Create Postman Requests
Deactivate Rule Request:
- Create a new POST request in Postman.
- URL: https://{{yourOktaDomain}}/api/v1/groups/rules/{{id}}/lifecycle/deactivate
- Headers:
- Authorization: SSWS {{apiToken}}
- Content-Type: application/json
- Save the request.
Delete Rule Request:
- Create a new DELETE request in Postman.
- URL: https://{{yourOktaDomain}}/api/v1/groups/rules/{{id}}
- Headers:
- Authorization: SSWS {{apiToken}}
- Content-Type: application/json
- Save the request.
Create Rule using Okta Expression language:
- Create a new POST request in Postman.
- URL: https://{{yourOktaDomain}}/api/v1/groups/rules
- Headers:
- Authorization: SSWS {{apiToken}}
- Content-Type: application/json
- Add this script to save the new rule ID for later use:
const jsonResponse = pm.response.json();
pm.environment.set("new_grouprule_id", jsonResponse.id);
- your new rule ID will become - new_grouprule_id
- Save the request.
Activate Rule Request:
- Create a new POST request in Postman.
- URL: https://{{yourOktaDomain}}api/v1/groups/rules/{{{{new_grouprule_id}}}}/lifecycle/activate
- Headers:
- Authorization: SSWS {{apiToken}}
- Content-Type: application/json
- Save the request.
Step 3: Use Postman Runner to Execute the Requests
- Open Postman Runner:
- Click on the "Runner" button in Postman.
- Select Your Collection:
- Choose the collection you created with the requests (Deactivate Old Rule, Delete Old Rule, Create New Rule, Activate New Rule)
- Upload the CSV File:
- Click on "Select File" and upload your CSV file.
- Configure the Iteration:
- Ensure the "Iterations" field reflects the number of rows in your CSV file (Postman will automatically detect this).
- Check the mappings in the CSV Columns to Variables:
- Ensure the columns in your CSV file are mapped to the corresponding variables in your Postman requests. Postman will use the column names from your CSV to replace the placeholders in your requests.
- Run the Collection:
- Click on the "Run" button to start the collection runner.
Postman will execute the requests for each row in the CSV file, replacing the placeholders with the values from the CSV.
This guide provides a straightforward method for managing Okta Group Rules using Postman.
By following these steps, you can efficiently automate the deactivation, deletion, creation, and activation of group rules.
Happy automating!
About the Author
Oana Ianosiu (MSc Cybersecurity) is an IAM Consultant, Certified Okta Administrator at Distology Studios.