The Directories Integration API provides operations to manage Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) objects in a connected on-premises directory through Okta.
You can add or remove users from groups based on their identity and access requirements. This ensures that changes made to user access in Okta are reflected in AD or LDAP. When you use Okta Access Certifications to revoke a user's membership to an AD or LDAP group, the removal is reflected in AD or LDAP.
Okta can only manage group memberships for users and groups imported into Okta using the AD or LDAP integration. You can't use this API to manage users and groups that weren't imported through an AD or LDAP integration or are outside of the integration's org unit scope.
See AD Bidirectional Group Management and LDAP Bidirectional Group Management.
Updates an Active Directory or LDAP group membership directly in the Active Directory or LDAP server
OK
Bad Request
Forbidden
Not Found
There are no connected agents.
Timed out waiting for agent
{- "id": "00g1xucgTZFrziXg10g4",
- "parameters": {
- "action": "ADD",
- "attribute": "member",
- "values": [
- "00u1bh5efGKMsSiLv0g4"
]
}
}{- "errorCode": "E0000001",
- "errorSummary": "Api validation failed: {0}",
- "errorLink": "E0000001",
- "errorId": "sampleiCF-8D5rLW6myqiPItW",
- "errorCauses": [ ]
}