We are finding some challenges in management of groups in Nintex Automation Cloud. Adding a removing users from a group requires manual steps through the administrative interface. Has anyone found a method that allows some degree of automation, maybe to connect into Active Directory groups?
Solved
Nintex Group Management
Best answer by PabloL
Following up on this, I don’t think there is an answer. It does not matter if I can create a custom Xtension version of the NAC User Management tools because the underlying API from Nintex does not allow a user to be removed from a group. The API takes input parameters for isOwner and isMember and they cannot both be set to false. I tried it with a C# call directly into the API and it returned a “bad request.”
UPDATE --
What are you trying to do for groups opposed to users in user management?
To my knowledge, there is no ability to leverage groups in Microsoft Entra - not sure if this is on the roadmap - but would be nice.
+10first prize would be use SSO but if you really want to manage tenant users, we have a Tenant User management Xtension in the Gallery here: https://gallery.nintex.com/t/NAC-User-Management which you can use to create a NAC workflow to do the management.
Out of the gate it offers these:
It does not offer a delete user from group but you can easily extend the Xtension to include that, it is just a Group Update operation with an HTTP PATCH verb. (undocumented) Like this:
Wait, I think that is the answer! I knew about that NAC feature but it was missing the Delete from a Group functionality. Now, what is this “Extend the Xtension” instruction? I will have to look that up. But that gets me started in the right direction!
I may need some help with this. I am getting an error message when running this new custom Xtension method.
Perhaps you can help me next week. I’m taking a few days off.
[WorkflowExecution.IO.XtensionExecute.ConnectorErrorResponse] Received an error response from the connector: { "type": "https://tools.ietf.org/html/rfc9110#section-15.5.1", "title": "Bad Request", "status": 400, "detail": "[{\"user\":\"isOwner or isMember is required\"}]", "instance": "/tenants" }
Following up on this, I don’t think there is an answer. It does not matter if I can create a custom Xtension version of the NAC User Management tools because the underlying API from Nintex does not allow a user to be removed from a group. The API takes input parameters for isOwner and isMember and they cannot both be set to false. I tried it with a C# call directly into the API and it returned a “bad request.”
UPDATE --
https://ideas.nintex.com/ideas/CNV-I-180
See this “Idea” in Nintex Ideas -- “Remove users from group.”
+10Hello
I have spent a bit of time on this and implemented my suggested extension to the NAC User Management Xtension. I have attached the Xtension to this post.
The way it has been implemented is though a group UPDATE operation. So you don’t really send in a user id to delete, you send in all Group Members, minus the user you want to remove - makes sense?
Example - You want to remove User 2 from this Group:
Test Group Members:
- User 1
- User 2
- User 3
Step 1 - Get the Group Object. One of the properties of the Group Object is the Members Collection.
Step 2 - Iterate over the Members Collection and remove the user to be deleted.
Step 3 - Update the Group with the New Members Collection.
Step 3 uses the PATCH method I mentioned earlier, i.e. the addition to the Xtension.
Here is some s/shots of the Workflow I implemented to test this out:
I hope this makes sense.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.