Groups and Users

I apologize if this question was already asked, but I couldn’t find a similar question.

I can call /api/v1/groups and then /api/v1/groups/<id>/users to get the list of groups and all of the users within those groups. Presumably, if a user is a member of multiple groups, then I will end up getting duplicates (which is fine for this discussion). I can also get the list of users via the /api/v1/users as well.

The question is: Is the unique list of users from /api/v1/groups/<id>/users for all of the groups the same as /api/v1/users? That is, is it possible for a user to exist without being in any group?

And as a follow-up question: Some users have a memberOf attribute in their profile that lists the group name that they belong to. If this attribute is missing, is it assumed that they are part of the Everyone group?

I’ll admit this question had me confused because I saw no memberOf attribute for any of my users. From checking with some others on my team it looks like it’s related to LDAP and/or Active Directory groups. So to answer your questions:

  1. Yup, users can exist without being in any groups (although technically every user is a member of the Okta Everyone group by default)

  2. If the memberOf attribute is missing, this means the user is not part of any LDAP or Active Directory groups, however it’s not indicative of what Okta-mastered groups they may belong to.

Thanks @Cale for the quick response. Your response confirms my assumption.

Can I also assume that if I grab members of every group that is returned from api/v1/groups via the api/v1/groups/<id>/users it would be the same as calling api/v1/users API (minus the duplicates if a user exists in multiple groups).

@dsh that is correct.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.