Create a new user group

Cortex XSIAM Platform APIs
post /platform/iam/v1/user-group

This endpoint creates a new user group with the specified configuration. You can assign a role, add users, configure nested groups, and link identity provider groups. All fields except 'group_name' are optional.

CLIENT REQUEST
curl -X 'POST'
-H 'Accept: application/json'
-H 'Content-Type: application/json'
'https://api-cortex.paloaltonetworks.com/platform/iam/v1/user-group'
-d '{ "request_data" : { "group_name" : "test_group_name", "role_id" : "role_name_123", "description" : "Test Description", "users" : [ "user1@test.com" ], "nested_group_ids" : [ "7f3o5b2c-4d5e-4f6a-8b9c-1d3o5f4a5b6c_123" ], "idp_groups" : [ "test idp group" ] } }'
import http.client conn = http.client.HTTPSConnection("api-") payload = "{\"request_data\":{\"group_name\":\"test_group_name\",\"role_id\":\"role_name_123\",\"description\":\"Test Description\",\"users\":[\"user1@test.com\"],\"nested_group_ids\":[\"7f3o5b2c-4d5e-4f6a-8b9c-1d3o5f4a5b6c_123\"],\"idp_groups\":[\"test idp group\"]}}" headers = { 'content-type': "application/json" } conn.request("POST", "%7Bfqdn%7D/platform/iam/v1/user-group", payload, headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-/%7Bfqdn%7D/platform/iam/v1/user-group") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Post.new(url) request["content-type"] = 'application/json' request.body = "{\"request_data\":{\"group_name\":\"test_group_name\",\"role_id\":\"role_name_123\",\"description\":\"Test Description\",\"users\":[\"user1@test.com\"],\"nested_group_ids\":[\"7f3o5b2c-4d5e-4f6a-8b9c-1d3o5f4a5b6c_123\"],\"idp_groups\":[\"test idp group\"]}}" response = http.request(request) puts response.read_body
const data = JSON.stringify({ "request_data": { "group_name": "test_group_name", "role_id": "role_name_123", "description": "Test Description", "users": [ "user1@test.com" ], "nested_group_ids": [ "7f3o5b2c-4d5e-4f6a-8b9c-1d3o5f4a5b6c_123" ], "idp_groups": [ "test idp group" ] } }); const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("POST", "https://api-/%7Bfqdn%7D/platform/iam/v1/user-group"); xhr.setRequestHeader("content-type", "application/json"); xhr.send(data);
HttpResponse<String> response = Unirest.post("https://api-/%7Bfqdn%7D/platform/iam/v1/user-group") .header("content-type", "application/json") .body("{\"request_data\":{\"group_name\":\"test_group_name\",\"role_id\":\"role_name_123\",\"description\":\"Test Description\",\"users\":[\"user1@test.com\"],\"nested_group_ids\":[\"7f3o5b2c-4d5e-4f6a-8b9c-1d3o5f4a5b6c_123\"],\"idp_groups\":[\"test idp group\"]}}") .asString();
import Foundation let headers = ["content-type": "application/json"] let parameters = ["request_data": [ "group_name": "test_group_name", "role_id": "role_name_123", "description": "Test Description", "users": ["user1@test.com"], "nested_group_ids": ["7f3o5b2c-4d5e-4f6a-8b9c-1d3o5f4a5b6c_123"], "idp_groups": ["test idp group"] ]] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://api-/%7Bfqdn%7D/platform/iam/v1/user-group")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-/%7Bfqdn%7D/platform/iam/v1/user-group", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => "{\"request_data\":{\"group_name\":\"test_group_name\",\"role_id\":\"role_name_123\",\"description\":\"Test Description\",\"users\":[\"user1@test.com\"],\"nested_group_ids\":[\"7f3o5b2c-4d5e-4f6a-8b9c-1d3o5f4a5b6c_123\"],\"idp_groups\":[\"test idp group\"]}}", CURLOPT_HTTPHEADER => [ "content-type: application/json" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-/%7Bfqdn%7D/platform/iam/v1/user-group"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "content-type: application/json"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"group_name\":\"test_group_name\",\"role_id\":\"role_name_123\",\"description\":\"Test Description\",\"users\":[\"user1@test.com\"],\"nested_group_ids\":[\"7f3o5b2c-4d5e-4f6a-8b9c-1d3o5f4a5b6c_123\"],\"idp_groups\":[\"test idp group\"]}}"); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-/%7Bfqdn%7D/platform/iam/v1/user-group"); var request = new RestRequest(Method.POST); request.AddHeader("content-type", "application/json"); request.AddParameter("application/json", "{\"request_data\":{\"group_name\":\"test_group_name\",\"role_id\":\"role_name_123\",\"description\":\"Test Description\",\"users\":[\"user1@test.com\"],\"nested_group_ids\":[\"7f3o5b2c-4d5e-4f6a-8b9c-1d3o5f4a5b6c_123\"],\"idp_groups\":[\"test idp group\"]}}", ParameterType.RequestBody); IRestResponse response = client.Execute(request);
Body parameters
required
application/json

Request object for creating a new user group

request_dataobject

The data required to create a new user group

group_namestringrequired

The unique name for the user group

role_idstring

The unique identifier of the role to assign to this group

descriptionstring

A brief description of the user group's purpose

usersarray[string]

A list of user email addresses to add to the group

nested_group_idsarray[string]

A list of unique identifiers for groups to be nested within this group

idp_groupsarray[string]

A list of identity provider (IdP) group names to associate with this group

REQUEST
{ "request_data": { "group_name": "test_group_name", "role_id": "role_name_123", "description": "Test Description", "users": [ "user1@test.com" ], "nested_group_ids": [ "7f3o5b2c-4d5e-4f6a-8b9c-1d3o5f4a5b6c_123" ], "idp_groups": [ "test idp group" ] } }
Responses

User Group created successfully

Body
application/json
dataobject
messagestringrequired

Success message indicating the user group was created

RESPONSE
{ "data": { "message": "user group with group id 123-456 created successfully" } }

Bad request for user group create call

Body
application/json
dataobject
err_msgstringrequired

Error message describing the issue

metadataobject
err_extrastringrequired

Additional error details

err_codeintegerrequired

HTTP error code

RESPONSE
{ "data": { "err_msg": "The request contains invalid or missing parameters.", "metadata": { "err_extra": "This user group name is already being used in the tenant for existing_group_name.", "err_code": 400 } } }

Unauthorized access

Body
application/json
RESPONSE
{ "reply": { "err_code": 401, "err_msg": "Public API request unauthorized", "err_extra": null } }

Unauthorized access due to lack of sufficient permissions

Body
application/json
replyobject
err_msgstringrequired
err_extrastring
err_codeinteger
metadataobjectrequired
RESPONSE
{ "reply": { "err_code": 403, "err_msg": "Forbidden. Access was denied to this resource.", "err_extra": "Insufficient permissions for api key", "metadata": {} } }

Internal server error. A unified status for API communication type errors.