SSO Management

SSO Configuration

If you want to use SAML for your application, you can configure SAML for each tenant independently. These settings can be configured either via Descope console, self-service provisioning, the API, or using the SDK as shown below.

SSO management using the management SDK

Install SDK

NodeJSPythonGoJavaRuby

npm i --save @descope/node-sdk

pip3 install descope

go get github.com/descope/go-sdk

// Include the following in your `pom.xml` (for Maven)
<dependency>
    <artifactId>java-sdk</artifactId>
    <groupId>com.descope</groupId>
    <version>sdk-version</version> // Check https://github.com/descope/descope-java/releases for the latest versions
</dependency>

gem install descope

Import and initialize Management SDK

NodeJSPythonGoJavaRuby

import DescopeClient from '@descope/node-sdk';

const managementKey = "xxxx"

try{
    //  baseUrl="<URL>" // When initializing the Descope clientyou can also configure the baseUrl ex: https://auth.company.com  - this is useful when you utilize CNAME within your Descope project.
    const descopeClient = DescopeClient({ projectId: '__ProjectID__', managementKey: managementKey });
} catch (error) {
    // handle the error
    console.log("failed to initialize: " + error)
}

// Note that you can handle async operation failures and capture specific errors to customize errors.
//     An example can be found here: https://github.com/descope/node-sdk?tab=readme-ov-file#error-handling

from descope import (
    REFRESH_SESSION_TOKEN_NAME,
    SESSION_TOKEN_NAME,
    AuthException,
    DeliveryMethod,
    DescopeClient,
    AssociatedTenant,
    RoleMapping,
    AttributeMapping
)

management_key = "xxxx"

try:
    # You can configure the baseURL by setting the env variable Ex: export DESCOPE_BASE_URI="https://auth.company.com  - this is useful when you utilize CNAME within your Descope project."
    descope_client = DescopeClient(project_id='__ProjectID__', management_key=management_key)
except Exception as error:
    # handle the error
    print ("failed to initialize. Error:")
    print (error)

import "github.com/descope/go-sdk/descope"
import "github.com/descope/go-sdk/descope/client"
import "fmt"

// Utilizing the context package allows for the transmission of context capabilities like cancellation
//      signals during the function call. In cases where context is absent, the context.Background()
//      function serves as a viable alternative.
//      Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
import (
	"context"
)

managementKey = "xxxx"

// DescopeBaseURL // within the client.Config, you can also configure the baseUrl ex: https://auth.company.com  - this is useful when you utilize CNAME within your Descope project.
descopeClient, err := client.NewWithConfig(&client.Config{ProjectID:"__ProjectID__", managementKey:managementKey})
if err != nil {
    // handle the error
    log.Println("failed to initialize: " + err.Error())
}

import com.descope.client;

// Initialized after setting the DESCOPE_PROJECT_ID env var (and optionally DESCOPE_MANAGEMENT_KEY)
var descopeClient = new DescopeClient();

// ** Or directly **
var descopeClient = new DescopeClient(Config.builder()
        .projectId("__ProjectID__")
        .managementKey("management-key")
        .build());

require 'descope'


descope_client = Descope::Client.new(
  {
    project_id: '__ProjectID__',
    management_key: 'management_key'
  }
)

Identity Provider(IdP) Details

You can either set the identity provider details using a metadata URL from the IdP or enter them in the console. The values for each field can be obtained from the admin console of the identity provider.

NodeJSPythonGoJava

// Configure SSO setting for a tenant manually. Alternatively, `configure_via_metadata` can be used instead.
// Args:
//    tenantId (str): The tenant ID to be configured
const tenantId = "xxxxxx"
//    idpURL (str): The URL for the identity provider.
const idpURL = "https://example_idpURL.com"
//    entityId (str): The entity ID (in the IDP).
const entityId = "descope"
//    idpCert (str): The certificate provided by the IDP.
const idpCert = "xxxxxx"
//    redirectURL (str): An Optional Redirect URL after successful authentication.
const redirectURL = "https://example_descope_app.com/saml"
//    domain (str): An optional domain used to associate users authenticating via SSO with this tenant
const domain = "example_descope_app.com"

let resp = await descopeClient.management.sso.configureSettings(tenantId, idpURL, idpCert, entityId, redirectURL, domain)
if (!resp.ok) {
  console.log("Unable to configure tenant sso.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully configured sso configuration for tenant manually.")
  console.log(resp.data)
}

// Configure SSO setting for am IDP metadata URL. Alternatively, `configure` can be used instead.
// Args:
//   tenantId (str): The tenant ID to be configured
const tenantId = "xxxxxx"
//   idpMetadataURL (str): The URL to fetch SSO settings from.
const idpMetadataURL = "https://example_idpURL.com/api/v1/apps/xxxxxxx/sso/saml/metadata?"
//    redirectURL (str): An Optional Redirect URL after successful authentication.
const redirectURL = "https://example_descope_app.com/saml"
//    domain (str): An optional domain used to associate users authenticating via SSO with this tenant
const domain = "example_descope_app.com"

let resp = await descopeClient.management.sso.configureMetadata(tenantId, idpMetadataURL, redirectURL, domain)
if (!resp.ok) {
  console.log("Unable to configure tenant sso.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully configured sso configuration for tenant via metadata url.")
  console.log(resp.data)
}

# Configure SSO setting for a tenant manually. Alternatively, `configure_via_metadata` can be used instead.
# Args:
#    tenant_id (str): The tenant ID to be configured
tenant_id = "xxxxxx"
#    idp_url (str): The URL for the identity provider.
idp_url = "https://example_idp_url.com"
#    entity_id (str): The entity ID (in the IDP).
entity_id = "descope"
#    idp_cert (str): The certificate provided by the IDP.
idp_cert = "xxxxxx"
#    redirect_url (str): An Optional Redirect URL after successful authentication.
redirect_url = "https://example_descope_app.com/saml"
#    domain (str): An optional domain used to associate users authenticating via SSO with this tenant
domain = "example_descope_app.com"

try:
  resp = descope_client.mgmt.sso.configure(tenant_id=tenant_id, idp_url=idp_url, entity_id=entity_id, idp_cert=idp_cert, redirect_url=redirect_url, domain=domain)
  print ("Successfully configured sso configuration for tenant manually")
except AuthException as error:
  print ("Unable to configure tenant sso.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))

# Configure SSO setting for am IDP metadata URL. Alternatively, `configure` can be used instead.
# Args:
#   tenant_id (str): The tenant ID to be configured
tenant_id = "xxxxxx"
#   idp_metadata_url (str): The URL to fetch SSO settings from.
idp_metadata_url = "https://example_idp_url.com/api/v1/apps/xxxxxxx/sso/saml/metadata?"
#    redirect_url (str): An Optional Redirect URL after successful authentication.
redirect_url = "https://example_descope_app.com/saml"
#    domain (str): An optional domain used to associate users authenticating via SSO with this tenant
domain = "example_descope_app.com"

try:
  resp = descope_client.mgmt.sso.configure_via_metadata(tenant_id=tenant_id, idp_metadata_url=idp_metadata_url, redirect_url=redirect_url, domain=domain)
  print ("Successfully configured sso configuration for tenant via metadata url")
except AuthException as error:
  print ("Unable to configure tenant sso.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))

// Configure SSO setting for a tenant manually. Alternatively, `configure_via_metadata` can be used instead.
// Args:
//    ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//    tenantID (str): The tenant ID to be configured
tenantID := "xxxxxx"
//    idpURL (str): The URL for the identity provider.
idpURL := "https://example_idp_url.com"
//    idpCert (str): The certificate provided by the IDP.
idpCert := "xxxxxx"
//    entityID (str): The entity ID (in the IDP).
entityID := "descope"
//    redirectURL (str): An Optional Redirect URL after successful authentication.
redirectURL := "https://example_descope_app.com/saml"
//    domain (str): An optional domain used to associate users authenticating via SSO with this tenant
domain := "example_descope_app.com"

err := descopeClient.Management.SSO().ConfigureSettings(ctx, tenantID, idpURL, idpCert, entityID, redirectURL, domain)
if  (err != nil){
  fmt.Println("Unable to configure tenant sso: ", err)
} else {
  fmt.Println("Successfully configured sso configuration for tenant manually.")
}

// Configure SSO setting for a tenant manually. Alternatively, `configure_via_metadata` can be used instead.
// Args:
//    ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//    tenantID (str): The tenant ID to be configured
tenantID := "xxxxxx"
//   idpMetadataURL (str): The URL to fetch SSO settings from.
idpMetadataURL := "https://example_idp_url.com/api/v1/apps/xxxxxxx/sso/saml/metadata?"
//    redirectURL (str): An Optional Redirect URL after successful authentication.
redirectURL := "https://example_descope_app.com/saml"
//    domain (str): An optional domain used to associate users authenticating via SSO with this tenant
domain := "example_descope_app.com"

err := descopeClient.Management.SSO().ConfigureMetadata(ctx, tenantID, idpMetadataURL, redirectURL, domain)
if  (err != nil){
  fmt.Println("Unable to configure tenant sso: ", err)
} else {
  fmt.Println("Successfully configured sso configuration for tenant via metadata url.")
}

SsoService ss = descopeClient.getManagementServices().getSsoService();
// You can configure SSO settings manually by setting the required fields directly
String tenantId = "tenant-id"; // Which tenant this configuration is for
String idpUrl = "https://idp.com";
String entityId = "my-idp-entity-id";
String idpCert = "<your-cert-here>";
String redirectUrl = "https://my-app.com/handle-saml"; // Global redirect URL for SSO/SAML
String domain = "domain.com"; // Users logging in from this domain will be logged in to this tenant

try {
    ss.configureSettings(tenantId, idpUrl, idpCert, entityId, redirectUrl, domain);
} catch (DescopeException de) {
    // Handle the error
}

// Alternatively, configure using an SSO metadata URL
try {
    ss.configureMetadata(tenantId, "https://idp.com/my-idp-metadata");
} catch (DescopeException de) {
    // Handle the error
}

Get SSO Configuration

Descope allows you to delete the SSO config for a specified tenant. Use caution with this SDK call as it will remove the configuration and is irreversible.

NodeJSPythonGoJava

// Args:
//   tenantId (str): The tenant ID to get the SSO configuration from.
const tenantId = "xxxxxx"

let resp = await descopeClient.management.sso.getSettings(tenantId)
if (!resp.ok) {
  console.log("Unable to receive the sso configuration from tenant.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully received sso configuration from tenant.")
  console.log(resp.data)
}

# Args:
#    tenant_id (str): The tenant ID to get the SSO configuration from.
tenant_id = "xxxxxxx"

try:
  descope_client.mgmt.sso.get_settings(tenant_id=tenant_id)
  print ("Successfully received sso configuration from tenant.")
  print(resp)
except AuthException as error:
  print ("Unable to receive the sso configuration from tenant.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))

// Args:
//    ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//    tenantID (str): The tenant ID to get the SSO configuration from.
tenantID := "xxxxxxx"

resp, err := descopeClient.Management.SSO().GetSettings(ctx, tenantID)
if  (err != nil){
  fmt.Println("Unable to receive the sso configuration from tenant: ", err)
} else {
  fmt.Println("Successfully received sso configuration from tenant: ", resp)
}

SsoService ss = descopeClient.getManagementServices().getSsoService();
// You can get SSO settings for a specific tenant ID
try {
    SSOSettingsResponse resp = ss.getSettings("tenant-id");
} catch (DescopeException de) {
    // Handle the error
}

Delete SSO Configuration

Descope allows you to delete the SSO config for a specified tenant. Use caution with this SDK call as it will remove the configuration and is irreversible.

NodeJSPythonGoJava

// Args:
//   tenantId (str): The tenant ID to delete the SSO configuration from.
const tenantId = "xxxxxx"

let resp = await descopeClient.management.sso.deleteSettings(tenantId)
if (!resp.ok) {
  console.log("Unable to delete the sso configuration from tenant.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully deleted sso configuration from tenant.")
}

# Args:
#    tenant_id (str): The tenant ID to delete the SSO configuration from.
tenant_id = "xxxxxxx"

try:
  descope_client.mgmt.sso.delete_settings(tenant_id=tenant_id)
  print ("Successfully deleted sso configuration from tenant.")
except AuthException as error:
  print ("Unable to delete the sso configuration from tenant.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))

// Args:
//    ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//    tenantID (str): The tenant ID to delete the SSO configuration from.
tenantID := "xxxxxxx"

err := descopeClient.Management.SSO().DeleteSettings(ctx, tenantID)
if  (err != nil){
  fmt.Println("Unable to delete the sso configuration from tenant: ", err)
} else {
  fmt.Println("Successfully deleted sso configuration from tenant.")
}

SsoService ss = descopeClient.getManagementServices().getSsoService();
// You can get SSO settings for a specific tenant ID
try {
    SSOSettingsResponse resp = ss.deleteSettings("tenant-id");
} catch (DescopeException de) {
    // Handle the error
}

SSO Mapping

SSO User Attribute Mapping

In this section of the console, you can setup mapping for user attributes. After you set up the mapping, each user that signs into your application will get these attributes assigned from the IdP.

Note: Descope also allows you to map attributes from your IdP to custom user attributes when configuring your attribute mapping.

Groups Mapping

In this part of SSO configuration, you can map SSO groups from your IdP to roles defined in Descope service. The group-to-role mapping will automatically populate the user's roles at the time of sign-in. The roles are included in the session token after successful authentication. It is important to note, this function overrides any previous mapping (even when empty).

NodeJSPythonGoJava

// Args:
//   tenantId (str): The tenant ID to be configured
const tenantId = "xxxxxx"
//    roleMappings (RoleMapping): A mapping between IDP groups and Descope roles.
const roleMapping = { groups: ['IDP_ADMIN'], roleName: 'Tenant Admin'}
//    attributeMapping (AttributeMapping): A mapping between IDP user attributes and descope attributes.
const attributeMapping = {name: "IDP_NAME", phoneNumber: "IDP_PHONE",}

let resp = await descopeClient.management.sso.configureMapping(tenantId, roleMapping, attributeMapping)
if (!resp.ok) {
  console.log("Unable to configured sso role and attribute mapping.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully configured sso role and attribute mapping.")
}

# Args:
#    tenant_id (str): The tenant ID to be configured
tenant_id = "xxxxxxx"
#    role_mappings (List[RoleMapping]): A mapping between IDP groups and Descope roles.
role_mappings = [RoleMapping(["IDP_ADMIN"], "Tenant Admin")]
#    attribute_mapping (AttributeMapping): A mapping between IDP user attributes and descope attributes.
attribute_mapping = AttributeMapping(name="IDP_NAME", phone_number="IDP_PHONE")

try:
  descope_client.mgmt.sso.mapping(tenant_id=tenant_id, role_mappings=role_mappings, attribute_mapping=attribute_mapping)
  print ("Successfully configured sso role and attribute mapping.")
except AuthException as error:
  print ("Unable to configured sso role and attribute mapping.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))

// Args:
//    ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//    tenantID (str): The tenant ID to be configured
tenantID := "xxxxxxx"
//    roleMappings (List[RoleMapping]): A mapping between IDP groups and Descope roles.
roleMappings := []*descope.RoleMapping{{Groups: []string{"IDP_ADMIN"}, Role: "Tenant Admin"}}
//    attributeMapping (AttributeMapping): A mapping between IDP user attributes and descope attributes.
attributeMapping := &descope.AttributeMapping {Name: "IDP_NAME", PhoneNumber: "IDP_PHONE",}

err := descopeClient.Management.SSO().ConfigureMapping(ctx, tenantID, roleMappings, attributeMapping)
if  (err != nil){
  fmt.Println("Unable to configured sso role and attribute mapping: ", err)
} else {
  fmt.Println("Successfully configured sso role and attribute mapping.")
}

SsoService ss = descopeClient.getManagementServices().getSsoService();
// Map IDP groups to Descope roles, or map user attributes.
// This function overrides any previous mapping (even when empty). Use carefully.
List<RoleMapping> rm = Arrays.asList(new RoleMapping(Arrays.asList("Groups"), "Tenant Role"));
AttributeMapping am = new AttributeMapping("Tenant Name", "Tenant Email", "Tenant Phone Num", "Tenant Group");
try {
    ss.configureMapping(tenantId, rm, am);
} catch (DescopeException de) {
    // Handle the error
}

SSO Group Management

The Descope SDKs make the SSO Groups available for being loaded. The below covers the available functions.

Load All Groups

Descopers can load all groups for a given tenant, the below covers examples of this.

NodeJSPythonGoJava

// Args:
//  tenantId (str): Tenant ID to load groups from.
const tenantId = "xxxxx"

const resp = await descopeClient.management.group.loadAllGroups(tenantId)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to load all groups.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully loaded all groups.")
  console.log(resp.data)
}

# Args:
#   tenant_id (str): Tenant ID to load groups from.
tenant_id = "xxxxx"

try:
    resp = descope_client.mgmt.group.load_all_groups(tenant_id=tenant_id)
    print ("Successfully loaded all groups.")
    print(resp)
except AuthException as error:
    print ("Unable to load all groups.")
    print ("Status Code: " + str(error.status_code))
    print ("Error: " + str(error.error_message))

// Args:
//  ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//  tenantID (str): Tenant ID to load groups from.
tenantID := "xxxx"

resp, err := descopeClient.Management.Group().LoadAllGroups(ctx, tenantID)
if  (err != nil){
  fmt.Println("Unable to load all groups: ", err)
} else {
  fmt.Println("Successfully loaded all groups: ", resp)
}

// Load all groups for a given tenant id
GroupService gs = descopeClient.getManagementServices().getGroupService();
try {
    List<Group> groups = gs.loadAllGroups("tenant-id");
    for (Group g : groups) {
        // Do something
    }
} catch (DescopeException de) {
    // Handle the error
}

Load All Groups for Members

Descopers can load all groups for members based on login IDs and user IDs, the below covers examples of this.

NodeJSPythonGoJava

// Args:
//  tenantId (str): Tenant ID to load groups from.
const tenantId = "xxxxx"
//  userIDs (List[str]): Optional List of user IDs, with the format of "U2J5ES9S8TkvCgOvcrkpzUgVTEBM" (example), which can be found on the user's JWT.
const userIds = []
//  loginIDs (List[str]): Optional List of login IDs, how the users identify when logging in.
const loginIds = []

const resp = await descopeClient.management.group.loadAllGroupsForMembers(tenantId, userIds, loginIds)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to load all groups for members.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully loaded all groups for members.")
  console.log(resp.data)
}

# Args:
#   tenant_id (str): Tenant ID to load groups from.
tenant_id = "xxxxx"
#   login_ids (List[str]): Optional List of login IDs, how the users identify when logging in.
login_ids = ["TestUser1","TestUser1"]
#   user_ids (List[str]): Optional List of user IDs, with the format of "U2J5ES9S8TkvCgOvcrkpzUgVTEBM" (example), which can be found on the user's JWT.
user_ids = ["U2J5ES9S8TkvCgOvcrkpzUgVTEBM","U2J5ES9S8TkvCgOvcrkpzUgVxtz"]


try:
  resp = descope_client.mgmt.group.load_all_groups_for_members(tenant_id=tenant_id, login_ids=login_ids, user_ids=user_ids)
  print ("Successfully loaded all groups for members.")
  print(resp)
except AuthException as error:
  print ("Unable to load all groups for members.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))

// Args:
//  ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//  tenantID (str): Tenant ID to load groups from.
tenantID := "xxxx"
//  userIDs (List[str]): Optional List of user IDs, with the format of "U2J5ES9S8TkvCgOvcrkpzUgVTEBM" (example), which can be found on the user's JWT.
userIDs := []string{"U2J5ES9S8TkvCgOvcrkpzUgVTEBM","U2J5ES9S8TkvCgOvcrkpzUgVxtz"}
//  loginIDs (List[str]): Optional List of login IDs, how the users identify when logging in.
loginIDs := []string{"TestUser1","TestUser1"}

resp, err := descopeClient.Management.Group().LoadAllGroupsForMembers(ctx, tenantID, userIDs, loginIDs)
if  (err != nil){
  fmt.Println("Unable to load all groups for members: ", err)
} else {
  fmt.Println("Successfully loaded all groups for members: ", resp)
}

// Load all groups for the given user/login IDs (can be found in the user's JWT, used for sign-in)
try {
    List<Group> groups = gs.loadAllGroupsForMembers("tenant-id",
            Arrays.asList("user-id-1", "user-id-2"),
            Arrays.asList("login-id-1", "login-id-2"));
    for (Group g : groups) {
        // Do something
    }
} catch (DescopeException de) {
    // Handle the error
}

Load All Group Members

Descopers can load all groups members based on tenant ID and group ID, the below covers examples of this.

NodeJSPythonGoJava

// Args:
//  tenantId (str): Tenant ID to load groups from.
const tenantId = "xxxxx"
//  groupId (str): Group ID to load members for.
const groupId = "xxxx"

const res = await descopeClient.management.group.loadAllGroupMembers(tenantId, groupId)
if (!resp.ok) {
  console.log(resp)
  console.log("Unable to load all group members.")
  console.log("Status Code: " + resp.code)
  console.log("Error Code: " + resp.error.errorCode)
  console.log("Error Description: " + resp.error.errorDescription)
  console.log("Error Message: " + resp.error.errorMessage)
}
else {
  console.log("Successfully loaded all group members.")
  console.log(resp.data)
}

# Args:
#   tenant_id (str): Tenant ID to load groups from.
tenant_id = "xxxxx"
#   group_id (str): Group ID to load members for.
group_id = "xxxx"

try:
  resp = descope_client.mgmt.group.load_all_group_members(tenant_id=tenant_id, group_id=group_id)
  print ("Successfully loaded all group members.")
  print(resp)
except AuthException as error:
  print ("Unable to load all group members.")
  print ("Status Code: " + str(error.status_code))
  print ("Error: " + str(error.error_message))

// Args:
//  ctx: context.Context - Application context for the transmission of context capabilities like
//        cancellation signals during the function call. In cases where context is absent, the context.Background()
//        function serves as a viable alternative.
//        Utilizing context within the Descope GO SDK is supported within versions 1.6.0 and higher.
ctx := context.Background()
//  tenantID (str): Tenant ID to load groups from.
tenantID := "xxxx"
//  groupID (str): Group ID to load members for.
groupID := "xxxx"

resp, err := descopeClient.Management.Group().LoadAllGroupMembers(ctx, tenantID, groupID)
if  (err != nil){
  fmt.Println("Unable to load all group members: ", err)
} else {
  fmt.Println("Successfully loaded all group members: ", resp)
}

// Load all group's members by the given group id
try {
    List<Group> groups = gs.loadAllGroupMembers("tenant-id", "group-id");
    for (Group g : groups) {
        // Do something
    }
} catch (DescopeException de) {
    // Handle the error
}

Was this article helpful?Yes No