arazzo: 1.0.1
info:
  title: Okta Assign Group to Application
  summary: Find a group by name and assign it to an application for bulk access.
  description: >-
    Grants an entire group access to an application in one flow. The workflow
    searches for a group by name, branches based on whether a match was found,
    and when found assigns that group to the target application so every member
    inherits the assignment. The resolved group id is chained from the search
    into the assignment call. Every step spells out its request inline,
    including the SSWS API token header, so the flow can be read and executed
    without opening the underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: oktaApi
  url: ../openapi/okta-openapi-original.yml
  type: openapi
workflows:
- workflowId: assign-group-to-application
  summary: Resolve a group by name and assign it to an application.
  description: >-
    Searches for a group by name and, when found, creates an application group
    assignment so the group's members gain app access.
  inputs:
    type: object
    required:
    - oktaApiToken
    - groupName
    - appId
    properties:
      oktaApiToken:
        type: string
        description: Okta API token used for the SSWS Authorization header.
      groupName:
        type: string
        description: The name of the group to search for and assign.
      appId:
        type: string
        description: The id of the application to assign the group to.
      priority:
        type: integer
        description: Optional priority for the group assignment.
  steps:
  - stepId: findGroup
    description: >-
      Search for a group whose name matches the supplied value, returning at
      most one result.
    operationId: listGroups
    parameters:
    - name: Authorization
      in: header
      value: SSWS $inputs.oktaApiToken
    - name: q
      in: query
      value: $inputs.groupName
    - name: limit
      in: query
      value: 1
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      groupId: $response.body#/0/id
    onSuccess:
    - name: groupFound
      type: goto
      stepId: assignGroup
      criteria:
      - context: $response.body
        condition: $.length > 0
        type: jsonpath
    - name: groupMissing
      type: end
      criteria:
      - context: $response.body
        condition: $.length == 0
        type: jsonpath
  - stepId: assignGroup
    description: >-
      Assign the resolved group to the application so its members gain access.
    operationId: createApplicationGroupAssignment
    parameters:
    - name: Authorization
      in: header
      value: SSWS $inputs.oktaApiToken
    - name: appId
      in: path
      value: $inputs.appId
    - name: groupId
      in: path
      value: $steps.findGroup.outputs.groupId
    requestBody:
      contentType: application/json
      payload:
        priority: $inputs.priority
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      assignmentId: $response.body#/id
  outputs:
    groupId: $steps.findGroup.outputs.groupId
    assignmentId: $steps.assignGroup.outputs.assignmentId