Groups
The managed group object is a default managed object type, and is defined like any other managed object type. Users are made members of groups through the relationships mechanism. You should understand how relationships work before you read about Identity Cloud groups.
A group can be assigned to a user manually, as a static value of the user’s groups
attribute, or dynamically, as a result of a condition or script. For example, a user might be assigned to a group such as sales
dynamically, if that user is in the sales
organization.
A user’s groups
attribute takes an array of references as a value, where the references point to the managed groups. For example, if user bjensen has been assigned to two groups (employees
and supervisors
), the value of bjensen’s groups
attribute would look something like the following:
"groups": [
{
"_ref": "managed/group/supervisors",
"_refResourceCollection": "managed/group",
"_refResourceId": "supervisors",
"_refProperties": {
"_id": "61315165-9269-4944-8db9-98f681c6b0a9",
"_rev": "00000000586a94fd"
}
},
{
"_ref": "managed/group/employees",
"_refResourceCollection": "managed/group",
"_refResourceId": "employees",
"_refProperties": {
"_id": "2a965519-5788-428c-92d1-19fac497db8f",
"_rev": "000000001e1793bc"
}
}
]
The _refResourceCollection
is the container that holds the group. The _refResourceId
is the ID of the group. The _ref
property is a resource path that is derived from the _refResourceCollection
and the URL-encoded _refResourceId
. _refProperties
provides more information about the relationship.
Some of the examples in this documentation set use client-assigned IDs (such as |