arazzo: 1.0.1
info:
  title: Okta Create User with Group Membership
  summary: Create a user pre-seeded with groups, then verify their memberships.
  description: >-
    Creates a user that is born into one or more groups in a single call. The
    createUser request carries a groupIds array so the new user is added to
    those groups on creation, and the workflow then lists the user's groups to
    confirm the memberships took effect. The new user id is chained from
    creation into the verification step. Every step spells out its request
    inline, including the SSWS API token header, so the flow can be read and
    executed without opening the underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: oktaApi
  url: ../openapi/okta-openapi-original.yml
  type: openapi
workflows:
- workflowId: create-user-with-group-membership
  summary: Create a user seeded with groups and verify memberships.
  description: >-
    Creates and activates a user with a groupIds array, then lists the user's
    groups to confirm membership.
  inputs:
    type: object
    required:
    - oktaApiToken
    - login
    - email
    - firstName
    - lastName
    - groupIds
    properties:
      oktaApiToken:
        type: string
        description: Okta API token used for the SSWS Authorization header.
      login:
        type: string
        description: The unique login (username) for the new user.
      email:
        type: string
        description: The primary email address for the new user.
      firstName:
        type: string
        description: The given name for the new user.
      lastName:
        type: string
        description: The family name for the new user.
      groupIds:
        type: array
        description: The ids of the groups to add the new user to on creation.
        items:
          type: string
  steps:
  - stepId: createUser
    description: >-
      Create and activate a user, seeding their initial group memberships via
      the groupIds array.
    operationId: createUser
    parameters:
    - name: Authorization
      in: header
      value: SSWS $inputs.oktaApiToken
    - name: activate
      in: query
      value: true
    requestBody:
      contentType: application/json
      payload:
        profile:
          login: $inputs.login
          email: $inputs.email
          firstName: $inputs.firstName
          lastName: $inputs.lastName
        groupIds: $inputs.groupIds
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      userId: $response.body#/id
  - stepId: verifyGroups
    description: >-
      List the new user's groups to confirm the seeded memberships took effect.
    operationId: listUserGroups
    parameters:
    - name: Authorization
      in: header
      value: SSWS $inputs.oktaApiToken
    - name: userId
      in: path
      value: $steps.createUser.outputs.userId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      firstGroupId: $response.body#/0/id
  outputs:
    userId: $steps.createUser.outputs.userId
    firstGroupId: $steps.verifyGroups.outputs.firstGroupId