Setting auto-populated group as Primary

We have a User Group that’s auto populated using a SAML mapping in Single Sign On that we use for controlling POC testing of new features. This group is dynamic and is controlled by an Active Directory attribute. We use the group to turn on and test new features so the POC group of people can test before releasing to the general public.

The problem is that for this to work in controlling features it must be the person’s primary group. In the SAML mapping, we have the “POC Testing” group set as the first group in the mapping followed by the normal “Default Group” that everyone is on. This sometimes forces the “POC Testing” group to be made primary but not always. I’m trying to use the JWT API to set the “POC Testing” group as the primary group for everyone contained in the group. I’m trying to replicate the “Set As Primary Group” option in the web admin tool when viewing a user.

I’ve had no problem enumerating the members of the group using

            $response = Invoke-RestMethod -Method GET -Headers $headers -Uri "$groupID/members

Where I run into trouble is viewing or setting a user using the SCIM2 calls. When I look up the user it doesn’t list the auto-populated group in the array of groups. When I try to set the group as primary using the following code (Powershell), it doesn’t appear to do anything. In the response it returns back the same results I get when I look the person up. The groups object only returns the non-auto-populated group they’re in.

$body = @"
{ “groups”: [
{ “display”:“Micron IT - Auto Populated”,
} ]
$userResponse = Invoke-RestMethod -Method PUT -Headers $headers -Uri “$userId” -body $body

I suspect setting “type” to “Direct” could be one issue but the documentation doesn’t show being able to set it to anything else.

So I’m not trying to set the group membership in the group but am simply trying to make it the primary group for that person. This is something the web admin tool allows for so it’s certainly allowable. I just need to know the correct API call to perform the same task as the Web admin tool allows.

Hey @jferguson,

Thank you for reaching out to the Zoom Developer Forum. I appreciate all the detail as well, it sounds like there is an edge case we can fix when it comes to the SCIM2 API.

I’ll work with our team to resolve this but in the meantime, I’m wondering if the typical Groups APIs return the group that you’re looking for.

Have you tried calling the List Groups API to see if the group is available there? On that same token, does the typical Get a User API work here?

My thinking is that we may already have this functionality implemented but for some reason it hasn’t been added to the SCIM2 APIs.


I used the regular Groups API to enumerate all groups so I could get the GroupID so that API is working for dealing with the group itself. That API also enumerates the membership with no issue.

I didn’t try the regular User API to enumerate the groups a User is in since that’s not really what I’m looking for. What I need to do is set the dynamic group as the primary group on the User and I couldn’t find that in the regular User API.

The only place I could find to set the primary group is in the SCIM2 API.

Hey @jferguson,

Thanks for your patience. I’ve created a ticket with our engineering team and will get back to you ASAP with confirmation on if this can be done with the SCIM2 API.



This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.