We have a User Group that’s auto populated using a SAML mapping in Single Sign On that we use for controlling POC testing of new features. This group is dynamic and is controlled by an Active Directory attribute. We use the group to turn on and test new features so the POC group of people can test before releasing to the general public.
The problem is that for this to work in controlling features it must be the person’s primary group. In the SAML mapping, we have the “POC Testing” group set as the first group in the mapping followed by the normal “Default Group” that everyone is on. This sometimes forces the “POC Testing” group to be made primary but not always. I’m trying to use the JWT API to set the “POC Testing” group as the primary group for everyone contained in the group. I’m trying to replicate the “Set As Primary Group” option in the web admin tool when viewing a user.
I’ve had no problem enumerating the members of the group using
$response = Invoke-RestMethod -Method GET -Headers $headers -Uri "https://api.zoom.us/v2/groups/$groupID/members
Where I run into trouble is viewing or setting a user using the SCIM2 calls. When I look up the user it doesn’t list the auto-populated group in the array of groups. When I try to set the group as primary using the following code (Powershell), it doesn’t appear to do anything. In the response it returns back the same results I get when I look the person up. The groups object only returns the non-auto-populated group they’re in.
$body = @"
{ “groups”: [
{ “display”:“Micron IT - Auto Populated”,
“type”:“direct”,
“primary”:“True”
} ]
}
"@
$userResponse = Invoke-RestMethod -Method PUT -Headers $headers -Uri “https://api.zoom.us/scim2/Users/$userId” -body $body
I suspect setting “type” to “Direct” could be one issue but the documentation doesn’t show being able to set it to anything else.
So I’m not trying to set the group membership in the group but am simply trying to make it the primary group for that person. This is something the web admin tool allows for so it’s certainly allowable. I just need to know the correct API call to perform the same task as the Web admin tool allows.