This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Is there a way to associate my local enterprise identity management system with Apigee identity management so when I delete a user in my local IDM a corresponding Apigee Organization user in Apigee will also be deleted?

Posted on 01-22-2016 12:53 PM
Not applicable
Reply posted on --/--/---- --:-- AM
 
Solved Solved
0 6 434
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
sarthak
New Member
Reply posted on --/--/---- --:-- AM

@TIM

@Tim Mickol yes you should be able to do that using Edge's management APIs. Learn more about global user roles here: http://docs.apigee.com/api-services/content/about-global-users and APIs to manage them here: http://docs.apigee.com/api-services/content/creating-global-users.

If a user is removed in your local IDM you can just remove the user from the org and not delete the user globally. Just by removing access to the org I think you will be able to achieve your desired outcome. Specifically this api: http://docs.apigee.com/management/apis/delete/organizations/%7Borg_name%7D/userroles/%7Brole_name%7D...

View solution in original post

Jump to Solution
6 REPLIES 6

Posted on --/--/---- --:-- AM
sarthak
New Member
Reply posted on --/--/---- --:-- AM

@TIM

@Tim Mickol yes you should be able to do that using Edge's management APIs. Learn more about global user roles here: http://docs.apigee.com/api-services/content/about-global-users and APIs to manage them here: http://docs.apigee.com/api-services/content/creating-global-users.

If a user is removed in your local IDM you can just remove the user from the org and not delete the user globally. Just by removing access to the org I think you will be able to achieve your desired outcome. Specifically this api: http://docs.apigee.com/management/apis/delete/organizations/%7Borg_name%7D/userroles/%7Brole_name%7D...

Jump to Solution

Posted on --/--/---- --:-- AM
Not applicable
In response to sarthak
Reply posted on --/--/---- --:-- AM

@sarthakThe management APIs were the first place I looked but I did not find anything - methinks global user management API is only exposed if you are Edge for Private Cloud customer which we are not. From the global user administration doc: "Performing additional tasks to manage users; Many of these operations, such as deleting a global user, require system administrator privileges. For a Cloud-based installation of Edge, contact Apigee Support to perform these actions. For an Edge for Private Cloud installation, the system administrator can perform them."

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
sarthak
New Member
In response to
Reply posted on --/--/---- --:-- AM

I updated the answer. Let me know if this makes sense @Tim Mickol

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

@sarthak that last did the trick nicely :). 1) I created a new user with orgadmin role 2)validated the new user by logging in 3) used curl to execute the DELETE command you identified for me 4) validated that user was deleted. Thanks. Now I just have to write a little Java program that I can have triggered to be parameterized and executed by my enterprise IDM whenever a user with a correlated Apigee account is disabled or deleted locally to delete the correlated Apigee account. Thanks!

Jump to Solution

Posted on --/--/---- --:-- AM
sarthak
New Member
In response to
Reply posted on --/--/---- --:-- AM

Great to hear.

You can write that logic in node -> deploy in Apigee -> expose that as API and make your local code just call that API? Might even be easier. Just a thought.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

This is just my fast, dirty and ugly architects spike 😉 I'll hand it off to a genuine developer when it has to be done properly 🙂

Jump to Solution
0 Likes