We are finding some challenges in management of groups in Nintex Automation Cloud. Adding a removing users from a group requires manual steps through the administrative interface. Has anyone found a method that allows some degree of automation, maybe to connect into Active Directory groups?
Best answer by PabloL
View original
What are you trying to do for groups opposed to users in user management?
To my knowledge, there is no ability to leverage groups in Microsoft Entra - not sure if this is on the roadmap - but would be nice.
+8
first prize would be use SSO but if you really want to manage tenant users, we have a Tenant User management Xtension in the Gallery here: https://gallery.nintex.com/t/NAC-User-Management which you can use to create a NAC workflow to do the management.
Out of the gate it offers these:
It does not offer a delete user from group but you can easily extend the Xtension to include that, it is just a Group Update operation with an HTTP PATCH verb. (undocumented) Like this:
Wait, I think that is the answer! I knew about that NAC feature but it was missing the Delete from a Group functionality. Now, what is this “Extend the Xtension” instruction? I will have to look that up. But that gets me started in the right direction!
I may need some help with this. I am getting an error message when running this new custom Xtension method.
Perhaps you can help me next week. I’m taking a few days off.
[WorkflowExecution.IO.XtensionExecute.ConnectorErrorResponse] Received an error response from the connector: { "type": "https://tools.ietf.org/html/rfc9110#section-15.5.1", "title": "Bad Request", "status": 400, "detail": "[{\"user\":\"isOwner or isMember is required\"}]", "instance": "/tenants" }
Following up on this, I don’t think there is an answer. It does not matter if I can create a custom Xtension version of the NAC User Management tools because the underlying API from Nintex does not allow a user to be removed from a group. The API takes input parameters for isOwner and isMember and they cannot both be set to false. I tried it with a C# call directly into the API and it returned a “bad request.”
UPDATE --
https://ideas.nintex.com/ideas/CNV-I-180
See this “Idea” in Nintex Ideas -- “Remove users from group.”
+8
Hello
I have spent a bit of time on this and implemented my suggested extension to the NAC User Management Xtension. I have attached the Xtension to this post.
The way it has been implemented is though a group UPDATE operation. So you don’t really send in a user id to delete, you send in all Group Members, minus the user you want to remove - makes sense?
Example - You want to remove User 2 from this Group:
Test Group Members:
Step 1 - Get the Group Object. One of the properties of the Group Object is the Members Collection.
Step 2 - Iterate over the Members Collection and remove the user to be deleted.
Step 3 - Update the Group with the New Members Collection.
Step 3 uses the PATCH method I mentioned earlier, i.e. the addition to the Xtension.
Here is some s/shots of the Workflow I implemented to test this out:
I hope this makes sense.
Thanks,
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
