Creating identity source role mappings via REST API

stephen.kolmann · September 12, 2022, 2:00am

I am wondering if anyone knows how to best update AD role mappings via the Morpheus REST API. I have tried updating AD role mappings via the /api/user-sources/:ID PUT REST API endpoint, and included a full list of roleMappings objects, which includes all my current role mappings, plus my additional new role mapping. The API call returns as successful, but my role mappings weren’t updated. I’m able to create the same role mapping via the GUI successfully. Does anyone know how to successfully update role mappings via the REST API?

aabraham · September 12, 2022, 9:19am

Can you share the JSON paylod you used for updating the Role Mappings?

stephen.kolmann · September 12, 2022, 12:48pm

I de-identified the active directory sourceRoleFqn OU structure in the below JSON, but it is otherwise my JSON payload for updated role mappings. The first 5 role mappings already exist and the last role mapping is the one I’m trying to add (zyxw-admin). The groups all exist in my AD and I’m able to add the zyxw-admins/zyxw-admin AD role mapping via the Morpheus GUI successfully.

{
    "userSource": {
        "roleMappings": [
            {
                "mappedRole": {
                    "authority": "abcd-admin",
                    "id": 37
                },
                "sourceRoleFqn": "CN=abcd-admins,OU=abcd,DC=contoso,DC=com",
                "sourceRoleName": "abcd-admins"
            },
            {
                "mappedRole": {
                    "authority": "User Admin",
                    "id": 3
                },
                "sourceRoleFqn": "CN=morpheus_user_admins,OU=CMP,DC=contoso,DC=com",
                "sourceRoleName": "morpheus_user_admins"
            },
            {
                "mappedRole": {
                    "authority": "Read Only",
                    "id": 4
                },
                "sourceRoleFqn": "CN=morpheus_readonly_users,OU=CMP,DC=contoso,DC=com",
                "sourceRoleName": "morpheus_readonly_users"
            },
            {
                "mappedRole": {
                    "authority": "System Admin",
                    "id": 1
                },
                "sourceRoleFqn": "CN=morpheus_sysadmins,OU=CMP,DC=contoso,DC=com",
                "sourceRoleName": "morpheus_sysadmins"
            },
            {
                "mappedRole": {
                    "authority": "App Users",
                    "id": 5
                },
                "sourceRoleFqn": "CN=morpheus_app_users,OU=CMP,DC=contoso,DC=com",
                "sourceRoleName": "morpheus_app_users"
            },
            {
                "mappedRole": {
                    "authority": "zyxw-admin",
                    "id": 44
                },
                "sourceRoleFqn": "CN=zyxw-admins,OU=zyxw,DC=contoso,DC=com",
                "sourceRoleName": "zyxw-admins"
            }
        ]
    }
}

aabraham · September 12, 2022, 2:09pm

Is the role id 44 for role name “zyxw-admin” in the subtenant where this is updated?

stephen.kolmann · September 13, 2022, 1:43am

The role zyxw-admin is in the master tenant. I haven’t created sub-tenants.

Topic		Replies	Views
Hitting an issue while attempting to use the /api/user-sources/#" end point API/CLI roles , api , identity-sources	3	109	November 29, 2023
User definition update through external SAML SSO identity source Administration users , user-profile , saml	3	148	January 5, 2024
Using Alternate SAML Claims to Map Roles Administration tenants , identity-sources , saml , azure	1	315	April 13, 2022
Trying to add AD identity source results in error 403 Administration roles	6	196	December 21, 2022
Default Role for unmapped users Administration roles	2	203	March 20, 2023

Creating identity source role mappings via REST API

Related Topics