Bulk group management

The best approach to managing users and their groups is to derive them from an SSO system, and Omni supports many systems through its SAML and SCIM such as Okta, Active Directory and more.
But sometimes you have a need to bulk associate users to groups in a pinch, this script is for you.

The Python SDK now supports the api endpoints to make group assignment a piece of cake :birthday_cake: .

You can see the script for performing these updates here. But we’ll walk through the setup step by step.

First, install the python SDK. You may want to create a virtual environment first.

Optional Step 0 - Create a virtual environment

Starting in a folder you’d like the script to live in. Double check you have at least python 3.9+

python -m venv ./.venv

Activate the virtual environment:

source ./.venv/bin/activate

windows instructions

Step 1 - Pip install the sdk

pip install omni_python_sdk

Step 2 - Create the script and fill out API key and Omni Host

from omni_python_sdk import OmniAPI
import csv, time

api_key = '<<your api key>>'
base_url = 'https://<<your omni host>>'


# Initialize the API with your credentials
api = OmniAPI(api_key, base_url)

with open('user_groups.csv', newline='') as csvfile:
    user_groups = csv.DictReader(csvfile)
    for row in user_groups:
        time.sleep(4)
        email = row.pop('email')
        op = row.pop('op')
        if op == '+':
            user = api.return_user_by_email(email)
            api.add_user_to_group(
                row['group_name'],
                user['id']
            )
           print(f"{email} successfully added to {row['group_name']}")
        elif op == '-':
            user = api.return_user_by_email(email)
            api.remove_user_from_group(
                row['group_name'],
                user['id']
            )
           print(f"{email} successfully removed from {row['group_name']}")

Step 3 - Set up your CSV

  • The op column should either be ‘+’, which will add the user to the group, or ‘-’ which will remove a user from a group
  • The group_name column is the name, not the id, of the group
  • A user can be in multiple groups, they will be repeated rows, one for each group to add
  • Emails normally tie 1:1 to a user, but this script will fail if there is more than one user with the same email address

Step 4 – Run it

python <<name of your script>>.py

It will pause 2 seconds in between each update to ensure it doesn’t hit the API throttle and proceed silently

That’s it! you’ve updated your group membership

A few tips and notes:

  • Change time.sleep(2) to time.sleep(4). With the time delay between API calls set at 2, the script stopped at row 29 with the error Request Failed: 429 Client Error: Too Many Requests.
  • Add print(email + " completed") as the last line of the script. It should be indented to be under the for loop. This will give you feedback in the terminal window that something is indeed happening and make it easy for you to know how far it’s gotten.
  • If a user-to-user group connection for a row of the CSV already exists then the API call for that specific row will fail with Request Failed: 500 Server Error: Internal Server Error. Though the script will keep going. I moved the first 28 rows out to a separate file to keep track of what had been run and not go through each failure message.
  • If the email address does not exist as a user account then the script will fail with Found 0 users for email@email.com.
2 Likes

Thank you Alison! Very helpful suggestions I’ve modified in the script above :smiling_face_with_sunglasses:

this can act as an alternative to above if you dont want to run your own scripts: