Restrict the visibility of users from Microsoft Entra groups in the Learn365 Admin Center via API

By creating and managing group restrictions via API, you can change the visibility and availability of users and their groups in the Learn365 Admin Center. For example, if the group restrictions are on, only the users from particular Microsoft Entra (Azure Active Directory) groups will be shown while enrolling learners in training.

You can apply restrictions to as many Microsoft Entra (Azure Active Directory) groups as you like. You can also limit the restrictions to particular course catalogs.

To create and manage group restrictions via API:

1. Create or edit a group of users in the Microsoft Entra admin center. You’ll also need the object ID of the group.

2. Using the group object ID, add the group to the restriction list for your environment via the Learn365 API.

3. View a list of groups in your restriction list.

4. Turn the group restrictions on.

5. If needed, delete a restriction from your restriction list.

6. If needed, add a restriction to your list by using the group ID in Learn365.

 

Add Microsoft Entra (Azure Active Directory) groups to a restriction list

To add a Microsoft Entra (Azure Active Directory) group to a restriction list in Learn365, you’ll need the object ID of the Microsoft Entra group. You can find it in the Microsoft Entra admin center. For more information, see this Microsoft article.

If you want to apply restrictions to a particular course catalog, you’ll need the course catalog ID. You can find this via the API by following the steps in this article.

To add a Microsoft Entra (Azure Active Directory) group to a restriction list:

1. Go to https://api.365.systems/ and make sure you are authorized with the relevant API key.

2. In the GroupRestrictions section, select the POST /groupRestrictions/addADGroup endpoint and select Try it out in the top right-hand corner.

3. In the objectId field, enter an object ID of a Microsoft Entra (Azure Active Directory) group.

4. If you want to add a restriction to a particular course catalog only, in the courseCatalogId field, enter the course catalog ID. Leaving this field empty will apply the restriction across the whole environment.

5. Select Execute to run the request.

6. Go to the Response block to check the results:

  • 200 code with an empty body indicates a successful response.
  • In case of an error, the response body contains the error object with the code and message keys explaining the issue.

 

View a list of groups in a restriction list

To view a list of all group restrictions that were added to your environment:

1. Go to https://api.365.systems/ and make sure you are authorized with the relevant API key.

2. In the GroupRestrictions section, select the GET /groupRestrictions endpoint and select Try it out in the top right-hand corner.

3. Select Execute to run the request.

4. Go to the Response block to check the results:

  • 200 code with an array of restrictions indicates a successful response. Each separate item in the array has three parameters:
    • Id is an ID of a separate restriction in Learn365.
    • CourseCatalogId is an ID of the course catalog to which the restriction applies. If it’s empty, the restriction applies to the whole environment.
    • GroupId is an ID of a restriction group in Learn365. You can use it, for example, for adding the group restriction to one more course catalogs via the POST /groupRestrictions/addGroup request. Also, you can use the group ID to add the restriction back after previously removing it.

      Group restriction API response

  • 200 code with an empty body means there are no group restrictions in your environment.
  • In case of an error, the response body contains the error object with the code and message keys explaining the issue.

 

Turn group restrictions on and off

To turn group restrictions on and off for your environment:

1. Go to https://api.365.systems/ and make sure you are authorized with the relevant API key.

2. In the GroupRestrictions section, select the PUT /groupRestrictions/state endpoint and select Try it out in the top right-hand corner.

3. In the isEnabled field, select true to turn on the restrictions or false to turn them off.

4. Select Execute to run the request.

5. Go to the Response block to check the results:

  • 200 code with an empty body indicates a successful response.
  • In case of an error, the response body contains the error object with the code and message keys explaining the issue.

Restrictions apply only to the restriction from a restriction list. You can check the list via the GET /groupRestrictions request.

When the group restrictions are turned on, only the users from the group included in the restrictions list are available in the people picker in the Learn365 Admin Center. In other words, only the users from particular Microsoft Entra (Azure Active Directory) groups included in the restriction list for your environment will be shown when you:

 

EXAMPLE

Let’s say:

1. You create the Human Resources group in Microsoft Entra (Azure Active Directory).

2. You add the Human Resources group to your restriction list in Learn365, but only for the People Development course catalog.

3. You turn on the group restriction.

4. When you’re enrolling learners in training for the People Development course catalog, only the users from the Human Resources group are available for selection.

 

Delete a restriction from a restriction list

To delete a specific restriction, you’ll need its ID. You can find it by sending the GET /groupRestrictions request and by checking the Id parameter in the response.

To delete a specific restriction from a restriction list:

1. Go to https://api.365.systems/ and make sure you are authorized with the relevant API key.

2. In the GroupRestrictions section, select the DELETE /groupRestrictions endpoint and select Try it out in the top right-hand corner.

3. In the id field, enter a restriction ID.

4. Select Execute to run the request.

5. Go to the Response block to check the results:

  • 200 code with an empty body indicates a successful response.
  • In case of an error, the response body contains the error object with the code and message keys explaining the issue.

 

Add a restriction group to a restriction group list

To add a restriction group to a restriction list, you’ll need the group ID. You can find it in the GroupId parameter in the response for the GET /groupRestrictions request.

If you want to apply restrictions to a particular course catalog, you’ll need the course catalog ID. You can find this via the API by following the steps in this article.

By knowing the group ID, you can either:

  • Spread your existing restriction to another course catalog; or
  • Add a group restriction back to the restriction list after removing it for some reason.

To add a restriction group to a restriction list via API:

1. Go to https://api.365.systems/ and make sure you are authorized with the relevant API key.

2. In the GroupRestrictions section, select the POST /groupRestrictions/addGroup endpoint and select Try it out in the top right-hand corner.

3. In the groupId field, enter a restriction group ID.

4. If you want to add a restriction for a particular course catalog only, in the courseCatalogId field, enter the course catalog ID. Leaving this field empty will apply the restriction across the whole environment.

5. Select Execute to run the request.

6. Go to the Response block to check the results:

  • 200 code with an empty body indicates a successful response.
  • In case of an error, the response body contains the error object with the code and message keys explaining the issue.

 

Was this article helpful?
1 out of 1 found this helpful

Comments

Article is closed for comments.