Lattice - Disable User
Disable a Lattice user using a two step custom action with the SCIM protocol
This guide documents a 2 step custom action using SCIM protocol to disable a user in Lattice. This type of action could be used to enhance your off-boarding process to automate disabling accounts in Lattice. Two custom actions are required to implement the disable, the first action retrieves a user's details using their email address. From the response data in the initial request, their unique ID is mapped to a variable in Torii. The 2nd action uses the unique ID extracted from the initial request to disable the user. A screenshot of the two actions as they would need to be implemented in the workflow is below, the configuration of each action follows.
To use these actions, you will first have to create an API key in Lattice. Details for creating an API key in Lattice can be found here. The SCIM API in Lattice will need to be enabled, you can find details on how to do that here. Once you have created the API key in Lattice, it is recommended that you store it in the Torii Secrets Vault and reference it using a variable. Details on how to use the Secrets Vault in Torii can be found here.
Custom Action Configuration (Get Lattice User with Email)
Method : GET
URL : https://api.latticehq.com/scim/V2/Users
Query Parameters
Parameter | Value |
---|---|
filter | emails eq "[Trigger.User.Email]" |
Headers
Header | Value |
---|---|
Content-Type | application/json |
Accept | / |
Authorization | Bearer [SecretsVault.Lattice_API_Key] |
Body
Response Mapping
Parameter | Value |
---|---|
latticeUserID | Resources[0].id |
Custom Action Configuration (Disable User)
Method : PATCH
Query Parameters
Parameter | Value |
---|---|
Headers
Header | Value |
---|---|
Content-Type | application/json |
Accept | / |
Authorization | Bearer [SecretsVault.Lattice_API_Key] |
Body
{
"schemas":["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations":[
{
"op": "replace",
"path": "active",
"value": false
}
]
}
Updated 5 months ago