IIdentityStoreClient
Interface in AWS.IdentityStore
Interface for IdentityStore service client.
Methods
CreateGroup
function CreateGroup( const ARequest: IIdentityStoreCreateGroupRequest): IIdentityStoreCreateGroupResponse; overload;
IIdentityStoreCreateGroupRequest → IIdentityStoreCreateGroupResponse
Creates a new group within the specified identity store.
This operation adds a new group resource to the identity store. Each group is assigned a unique identifier and can later be referenced by this ID when managing memberships or retrieving group attributes. The IdentityStoreId parameter must match the target AWS SSO identity store instance.
Parameters
| Name | Description |
|---|---|
ARequest | The request object containing the group name, description, and identity store ID. |
Returns
A response object containing the unique identifier of the newly created group.
function CreateGroup(const AIdentityStoreId, ADisplayName: string; const ADescription: string = ''): IIdentityStoreCreateGroupResponse; overload;
IIdentityStoreCreateGroupResponse
Creates a new group with the specified name in the given identity store.
This overload is a convenience for callers who do not require a group description.
Parameters
| Name | Description |
|---|---|
AIdentityStoreId | The identifier of the AWS SSO identity store where the group will be created. |
ADisplayName | The name of the group to create. |
ADescription | A brief description of the group and its purpose. |
Returns
A response object containing the unique identifier of the newly created group.
CreateGroupMembership
function CreateGroupMembership( const ARequest: IIdentityStoreCreateGroupMembershipRequest): IIdentityStoreCreateGroupMembershipResponse; overload;
IIdentityStoreCreateGroupMembershipRequest → IIdentityStoreCreateGroupMembershipResponse
Creates a membership that associates a user with a group in the specified identity store.
This operation adds a user to a group by creating a new membership resource in the identity store. The IdentityStoreId, GroupId, and UserId must all refer to valid existing resources in the same identity store instance.
Parameters
| Name | Description |
|---|---|
ARequest | The request object containing the identity store ID, group ID, and member ID to associate. |
Returns
A response object containing the unique identifier of the created group membership.
function CreateGroupMembership(const AIdentityStoreId, AGroupId, AUserId: string): IIdentityStoreCreateGroupMembershipResponse; overload;
IIdentityStoreCreateGroupMembershipResponse
Creates a group membership using the specified identity store ID, group ID, and user ID.
This overload is a convenience for callers who directly specifying the identity store, group and user and do not require constructing a separate request object.
Parameters
| Name | Description |
|---|---|
AIdentityStoreId | The identifier of the AWS SSO identity store. |
AGroupId | The unique identifier of the group to add the user to. |
AUserId | The unique identifier of the user to associate with the group. |
Returns
A response object containing the unique identifier of the created group membership.
CreateUser
function CreateUser( const ARequest: IIdentityStoreCreateUserRequest): IIdentityStoreCreateUserResponse; overload;
IIdentityStoreCreateUserRequest → IIdentityStoreCreateUserResponse
Creates a new user in the specified identity store.
This operation adds a user resource to the identity store. Each user is assigned a unique identifier and may include multiple attributes such as user name, display name, and contact information. The IdentityStoreId must match the AWS SSO identity store instance in which the user will be created.
Parameters
| Name | Description |
|---|---|
ARequest | The request object containing user attributes and the target identity store ID. |
Returns
A response object containing the unique identifier of the newly created user.
function CreateUser(const AIdentityStoreId, AUserName: string; const ADisplayName: string = ''): IIdentityStoreCreateUserResponse; overload;
IIdentityStoreCreateUserResponse
Creates a new user with the specified user name and display name in the given identity store.
This overload allows setting both the login user name and a friendly display name. Additional attributes such as email or phone number can be added via the full request interface.
Parameters
| Name | Description |
|---|---|
AIdentityStoreId | The identifier of the AWS SSO identity store where the user will be created. |
AUserName | The login user name for the new user. |
ADisplayName | A friendly name to display for the user in UIs and directory listings. |
Returns
A response object containing the unique identifier of the newly created user.
DeleteGroup
function DeleteGroup( const ARequest: IIdentityStoreDeleteGroupRequest): IIdentityStoreDeleteGroupResponse; overload;
IIdentityStoreDeleteGroupRequest → IIdentityStoreDeleteGroupResponse
Deletes a group from the specified identity store.
This operation permanently removes a group from the identity store, including all associated metadata. Any memberships related to the group are also removed. The request must specify both the IdentityStoreId and the GroupId of the group to delete.
Parameters
| Name | Description |
|---|---|
ARequest | The request object containing the identity store ID and group ID for the group to be deleted. |
Returns
A response object indicating the result of the deletion operation.
function DeleteGroup(const AIdentityStoreId, AGroupId: string): IIdentityStoreDeleteGroupResponse; overload;
IIdentityStoreDeleteGroupResponse
Deletes a group from the specified identity store using its identifier.
This overload simplifies group deletion by allowing direct specification of the identity store ID and group ID, without requiring manual construction of a request object.
Parameters
| Name | Description |
|---|---|
AIdentityStoreId | The identifier of the identity store containing the group. |
AGroupId | The unique identifier of the group to delete. |
Returns
A response object indicating the result of the deletion operation.
DeleteGroupMembership
function DeleteGroupMembership( const ARequest: IIdentityStoreDeleteGroupMembershipRequest): IIdentityStoreDeleteGroupMembershipResponse; overload;
IIdentityStoreDeleteGroupMembershipRequest → IIdentityStoreDeleteGroupMembershipResponse
Deletes a group membership from the specified identity store.
This operation removes an existing association between a user and a group within the identity store. The group and user resources themselves are not affected. Both the IdentityStoreId and MembershipId must be provided to identify the membership to delete.
Parameters
| Name | Description |
|---|---|
ARequest | The request object containing the identity store ID and membership ID to delete. |
Returns
A response object indicating the result of the deletion operation.
function DeleteGroupMembership(const AIdentityStoreId, AMembershipId: string): IIdentityStoreDeleteGroupMembershipResponse; overload;
IIdentityStoreDeleteGroupMembershipResponse
Deletes a group membership from the identity store using its identifier.
This overload allows direct removal of a group membership by specifying the identity store ID and membership ID, without needing to construct a request object manually.
Parameters
| Name | Description |
|---|---|
AIdentityStoreId | The identifier of the identity store containing the group membership. |
AMembershipId | The unique identifier of the group membership to delete. |
Returns
A response object indicating the result of the deletion operation.
DeleteUser
function DeleteUser( const ARequest: IIdentityStoreDeleteUserRequest): IIdentityStoreDeleteUserResponse; overload;
IIdentityStoreDeleteUserRequest → IIdentityStoreDeleteUserResponse
Deletes a user from the specified identity store.
This operation permanently removes a user resource from the identity store, including all associated attributes and metadata. Any group memberships referencing the user will also be removed. The request must include both the IdentityStoreId and the UserId of the user to delete.
Parameters
| Name | Description |
|---|---|
ARequest | The request object containing the identity store ID and user ID for the user to be deleted. |
Returns
A response object indicating the result of the deletion operation.
function DeleteUser(const AIdentityStoreId, AUserId: string): IIdentityStoreDeleteUserResponse; overload;
IIdentityStoreDeleteUserResponse
Deletes a user from the specified identity store using its identifier.
This overload simplifies user deletion by allowing direct specification of the identity store ID and user ID, without requiring manual construction of a request object.
Parameters
| Name | Description |
|---|---|
AIdentityStoreId | The identifier of the identity store containing the user. |
AUserId | The unique identifier of the user to delete. |
Returns
A response object indicating the result of the deletion operation.
DescribeGroup
function DescribeGroup( const ARequest: IIdentityStoreDescribeGroupRequest): IIdentityStoreDescribeGroupResponse; overload;
IIdentityStoreDescribeGroupRequest → IIdentityStoreDescribeGroupResponse
Retrieves metadata and attribute details for a specified group in the identity store.
This operation returns detailed information about a group, such as its display name and description, given its unique identifier and associated identity store. The request must include both the IdentityStoreId and the GroupId.
Parameters
| Name | Description |
|---|---|
ARequest | The request object containing the identity store ID and group ID to describe. |
Returns
A response object containing the group's metadata and attributes.
function DescribeGroup(const AIdentityStoreId, AGroupId: string): IIdentityStoreDescribeGroupResponse; overload;
IIdentityStoreDescribeGroupResponse
Retrieves metadata and attributes for a group using its identity store and group identifier.
This overload allows retrieving group details without needing to manually construct a request object.
Parameters
| Name | Description |
|---|---|
AIdentityStoreId | The identifier of the identity store that contains the group. |
AGroupId | The unique identifier of the group to describe. |
Returns
A response object containing the group's metadata and attributes.
DescribeGroupMembership
function DescribeGroupMembership( const ARequest: IIdentityStoreDescribeGroupMembershipRequest): IIdentityStoreDescribeGroupMembershipResponse; overload;
IIdentityStoreDescribeGroupMembershipRequest → IIdentityStoreDescribeGroupMembershipResponse
Retrieves metadata for a specified group membership in the identity store.
This operation returns details about an existing group membership, including the associated user and group IDs. Both the IdentityStoreId and MembershipId must be provided to identify the membership record.
Parameters
| Name | Description |
|---|---|
ARequest | The request object containing the identity store ID and membership ID. |
Returns
A response object containing details about the group membership.
function DescribeGroupMembership(const AIdentityStoreId, AMembershipId: string): IIdentityStoreDescribeGroupMembershipResponse; overload;
IIdentityStoreDescribeGroupMembershipResponse
Retrieves metadata for a group membership using its identity store and membership identifier.
This overload simplifies the request by allowing direct input of the identity store ID and membership ID, without requiring a full request object.
Parameters
| Name | Description |
|---|---|
AIdentityStoreId | The identifier of the identity store containing the group membership. |
AMembershipId | The unique identifier of the group membership to describe. |
Returns
A response object containing details about the group membership.
DescribeUser
function DescribeUser( const ARequest: IIdentityStoreDescribeUserRequest): IIdentityStoreDescribeUserResponse; overload;
IIdentityStoreDescribeUserRequest → IIdentityStoreDescribeUserResponse
Retrieves metadata and attributes for a specified user in the identity store.
This operation returns details about a user such as user name, structured name fields, contact information, and profile metadata. Both the IdentityStoreId and UserId must be provided to locate the user.
Parameters
| Name | Description |
|---|---|
ARequest | The request object containing the identity store ID and user ID to describe. |
Returns
A response object containing the user's metadata and attributes.
function DescribeUser(const AIdentityStoreId, AUserId: string): IIdentityStoreDescribeUserResponse; overload;
IIdentityStoreDescribeUserResponse
Retrieves metadata and attributes for a user using the identity store ID and user ID.
This overload allows for simple user lookup without explicitly constructing a request object.
Parameters
| Name | Description |
|---|---|
AIdentityStoreId | The identifier of the identity store containing the user. |
AUserId | The unique identifier of the user to describe. |
Returns
A response object containing the user's metadata and attributes.
GetGroupId
function GetGroupId( const ARequest: IIdentityStoreGetGroupIdRequest): IIdentityStoreGetGroupIdResponse; overload;
IIdentityStoreGetGroupIdRequest → IIdentityStoreGetGroupIdResponse
Resolves the unique identifier of a group using an alternate identifier, such as display name.
This operation searches the identity store for a group matching the provided alternate identifier and returns its stable GroupId. Alternate identifiers are typically based on attributes such as DisplayName, depending on the configuration and capabilities of the identity store.
Parameters
| Name | Description |
|---|---|
ARequest | The request object containing the identity store ID and the group’s alternate identifier. |
Returns
A response object containing the resolved group ID, if a match is found.
function GetGroupId(const AIdentityStoreId: string; const AAlternateIdentifier: IIdentityStoreAlternateIdentifier): IIdentityStoreGetGroupIdResponse; overload;
IIdentityStoreAlternateIdentifier → IIdentityStoreGetGroupIdResponse
Resolves a group's unique identifier using an alternate identifier such as display name.
This overload simplifies group resolution by allowing direct input of the identity store ID and alternate identifier, without manually constructing a request object.
Parameters
| Name | Description |
|---|---|
AIdentityStoreId | The identifier of the identity store to search within. |
AAlternateIdentifier | The alternate identifier used to locate the group, such as a display name. |
Returns
A response object containing the resolved group ID.
GetGroupMembershipId
function GetGroupMembershipId( const ARequest: IIdentityStoreGetGroupMembershipIdRequest): IIdentityStoreGetGroupMembershipIdResponse; overload;
IIdentityStoreGetGroupMembershipIdRequest → IIdentityStoreGetGroupMembershipIdResponse
Resolves the unique identifier of a group membership using member and group identifiers.
This operation returns the stable MembershipId for a specific combination of MemberId and GroupId in the specified identity store. The user and group must both exist, and the user must be a current member of the group.
Parameters
| Name | Description |
|---|---|
ARequest | The request object containing the identity store ID, user ID, and group ID. |
Returns
A response object containing the resolved membership ID.
function GetGroupMembershipId(const AIdentityStoreId: string; const AMemberId: IIdentityStoreMemberId; const AGroupId: string): IIdentityStoreGetGroupMembershipIdResponse; overload;
IIdentityStoreMemberId → IIdentityStoreGetGroupMembershipIdResponse
Resolves a group's membership ID using identity store, member, and group identifiers.
This overload simplifies lookup of a MembershipId when the group and user are already known, without requiring the caller to manually construct a full request object. To construct a member identifier from a user ID, use TIdentityStoreMemberId.WithUserId('abc-123').
Parameters
| Name | Description |
|---|---|
AIdentityStoreId | The identifier of the identity store containing the group membership. |
AMemberId | A structured identifier representing the user to resolve within the group. Typically created using. |
AGroupId | The unique identifier of the group that the user is a member of. |
Returns
A response object containing the resolved membership ID.
GetUserId
function GetUserId( const ARequest: IIdentityStoreGetUserIdRequest): IIdentityStoreGetUserIdResponse; overload;
IIdentityStoreGetUserIdRequest → IIdentityStoreGetUserIdResponse
Resolves the unique identifier of a user using an alternate identifier, such as user name.
This operation searches the identity store for a user matching the provided alternate identifier and returns its stable UserId. Alternate identifiers are typically based on attributes such as UserName, but may also use external IDs or other supported fields depending on the store configuration.
Parameters
| Name | Description |
|---|---|
ARequest | The request object containing the identity store ID and the user’s alternate identifier. |
Returns
A response object containing the resolved user ID, if a match is found.
function GetUserId(const AIdentityStoreId: string; const AAlternateIdentifier: IIdentityStoreAlternateIdentifier): IIdentityStoreGetUserIdResponse; overload;
IIdentityStoreAlternateIdentifier → IIdentityStoreGetUserIdResponse
Resolves a user's unique identifier using an alternate identifier such as user name.
This overload simplifies user resolution by allowing direct input of the identity store ID and alternate identifier, without manually constructing a request object.
Parameters
| Name | Description |
|---|---|
AIdentityStoreId | The identifier of the identity store to search within. |
AAlternateIdentifier | The alternate identifier used to locate the user, such as a user name. |
Returns
A response object containing the resolved user ID.
IsMemberInGroups
function IsMemberInGroups( const ARequest: IIdentityStoreIsMemberInGroupsRequest): IIdentityStoreIsMemberInGroupsResponse; overload;
IIdentityStoreIsMemberInGroupsRequest → IIdentityStoreIsMemberInGroupsResponse
Determines whether a user is a member of one or more specified groups in the identity store.
This operation checks the membership of the specified MemberId against a list of GroupIds in the given identity store. It returns a list of boolean results, one for each group checked. This operation is useful for authorization scenarios or audit checks involving group-based access control.
Parameters
| Name | Description |
|---|---|
ARequest | The request object containing the identity store ID, member identifier, and list of group IDs to check. |
Returns
A response object containing the membership results for each group.
function IsMemberInGroups(const AIdentityStoreId: string; const AMemberId: IIdentityStoreMemberId; const AGroupIds: TArray<string>): IIdentityStoreIsMemberInGroupsResponse; overload;
IIdentityStoreMemberId → IIdentityStoreIsMemberInGroupsResponse
Determines whether a user is a member of one or more groups using direct identifiers.
This overload accepts the identity store ID, structured member ID, and a list of group IDs and returns the membership results without requiring manual construction of a request object.
Parameters
| Name | Description |
|---|---|
AIdentityStoreId | The identifier of the identity store in which to check group memberships. |
AMemberId | A structured identifier for the user to check, typically created using. |
AGroupIds | A list of group identifiers to check for membership. |
Returns
A response object containing the membership results for each group.
ListGroupMemberships
function ListGroupMemberships( const ARequest: IIdentityStoreListGroupMembershipsRequest): IIdentityStoreListGroupMembershipsResponse; overload;
IIdentityStoreListGroupMembershipsRequest → IIdentityStoreListGroupMembershipsResponse
Lists the memberships of a specified group in the identity store.
This operation returns a paginated list of all users who are members of the specified group in the given identity store.
Parameters
| Name | Description |
|---|---|
ARequest | The request object containing the identity store ID, group ID, and optional pagination parameters. |
Returns
A response object containing a list of group memberships and a pagination token if more results are available.
function ListGroupMemberships(const AIdentityStoreId, AGroupId: string; const ANextToken: string = ''; const AMaxResults: Integer = 0): IIdentityStoreListGroupMembershipsResponse; overload;
IIdentityStoreListGroupMembershipsResponse
Lists group memberships for a specified group in the identity store using direct parameters.
This overload allows listing memberships in a group by specifying the identity store ID and group ID, along with optional pagination parameters.
Parameters
| Name | Description |
|---|---|
AIdentityStoreId | The identifier of the identity store containing the group. |
AGroupId | The identifier of the group whose memberships are to be listed. |
ANextToken | (Optional) A pagination token from a previous call, if applicable. |
AMaxResults | (Optional) The maximum number of results to return in a single response. |
Returns
A response object containing the group's memberships and a pagination token if more results are available.
ListGroupMembershipsForMember
function ListGroupMembershipsForMember( const ARequest: IIdentityStoreListGroupMembershipsForMemberRequest): IIdentityStoreListGroupMembershipsForMemberResponse; overload;
IIdentityStoreListGroupMembershipsForMemberRequest → IIdentityStoreListGroupMembershipsForMemberResponse
Lists all group memberships for a specified user in the identity store.
This operation returns a paginated list of groups that the given MemberId belongs to within the specified identity store.
Parameters
| Name | Description |
|---|---|
ARequest | The request object containing the identity store ID, member identifier, and optional pagination parameters. |
Returns
A response object containing the user's group memberships and a pagination token if more results are available.
function ListGroupMembershipsForMember(const AIdentityStoreId: string; const AMemberId: IIdentityStoreMemberId; const ANextToken: string = ''; const AMaxResults: Integer = 0): IIdentityStoreListGroupMembershipsForMemberResponse; overload;
IIdentityStoreMemberId → IIdentityStoreListGroupMembershipsForMemberResponse
Lists the group memberships for a user using the identity store ID and member identifier.
This overload simplifies listing group memberships for a user by allowing direct input of parameters without manually constructing a request object.
Parameters
| Name | Description |
|---|---|
AIdentityStoreId | The identifier of the identity store to query. |
AMemberId | A structured identifier for the user, typically created using. |
ANextToken | (Optional) A token from a previous call to continue pagination. |
AMaxResults | (Optional) The maximum number of results to return in this call. |
Returns
A response object containing the group memberships for the specified user and a pagination token if more results are available.
ListGroups
function ListGroups( const ARequest: IIdentityStoreListGroupsRequest): IIdentityStoreListGroupsResponse; overload;
IIdentityStoreListGroupsRequest → IIdentityStoreListGroupsResponse
Lists all groups in the specified identity store.
This operation returns a paginated list of groups defined in the given identity store. You can use the NextToken to retrieve additional pages of results.
Parameters
| Name | Description |
|---|---|
ARequest | The request object containing the identity store ID and optional pagination parameters. |
Returns
A response object containing group summaries and a pagination token if more results are available.
function ListGroups(const AIdentityStoreId: string; const ANextToken: string = ''; const AMaxResults: Integer = 0): IIdentityStoreListGroupsResponse; overload;
IIdentityStoreListGroupsResponse
Lists all groups in the identity store using direct parameters for pagination.
This overload provides a streamlined way to retrieve groups by specifying the identity store ID and optional pagination values.
Parameters
| Name | Description |
|---|---|
AIdentityStoreId | The identifier of the identity store containing the groups. |
ANextToken | (Optional) A token from a previous call to continue pagination. |
AMaxResults | (Optional) The maximum number of results to return in this call. |
Returns
A response object containing the list of groups and a pagination token if more results are available.
ListUsers
function ListUsers( const ARequest: IIdentityStoreListUsersRequest): IIdentityStoreListUsersResponse; overload;
IIdentityStoreListUsersRequest → IIdentityStoreListUsersResponse
Lists all users in the specified identity store, optionally filtered by user attributes.
This operation returns a paginated list of users. You can apply filters to narrow the results to users matching specific attributes, such as UserName.
Parameters
| Name | Description |
|---|---|
ARequest | The request object containing the identity store ID, optional filters, and pagination parameters. |
Returns
A response object containing user summaries and a pagination token if additional results are available.
function ListUsers(const AIdentityStoreId: string; const ANextToken: string = ''; const AMaxResults: Integer = 0): IIdentityStoreListUsersResponse; overload;
IIdentityStoreListUsersResponse
Lists users in the specified identity store with optional pagination and attribute filtering.
This overload allows direct specification of the identity store ID, pagination options, and optional filters such as UserName, without manually constructing a request object.
Parameters
| Name | Description |
|---|---|
AIdentityStoreId | The identifier of the identity store to query. |
ANextToken | (Optional) A token from a previous request to continue pagination. |
AMaxResults | (Optional) The maximum number of results to return in this call. |
Returns
A response object containing user summaries and a pagination token if additional results are available.
UpdateGroup
function UpdateGroup( const ARequest: IIdentityStoreUpdateGroupRequest): IIdentityStoreUpdateGroupResponse; overload;
IIdentityStoreUpdateGroupRequest → IIdentityStoreUpdateGroupResponse
Updates the specified attributes of a group in the identity store.
This operation allows updating the group's DisplayName, Description, or both. The request must include the IdentityStoreId and GroupId of the target group. Attributes not specified in the request remain unchanged.
Parameters
| Name | Description |
|---|---|
ARequest | The request object containing the identity store ID, group ID, and the attributes to update. |
Returns
A response object indicating that the update was successfully accepted.
function UpdateGroup(const AIdentityStoreId, AGroupId: string; const AOperations: TArray<TArray<string>>): IIdentityStoreUpdateGroupResponse; overload;
IIdentityStoreUpdateGroupResponse
Updates one or more group attributes using a list of update operations.
This overload accepts a list of operations where each item specifies an attribute path and a new value. For example, to change the group's display name: [['DisplayName', 'Howard Hughes']] Attributes not included in the operations list remain unchanged.
Parameters
| Name | Description |
|---|---|
AIdentityStoreId | The identifier of the identity store containing the group. |
AGroupId | The unique identifier of the group to update. |
AOperations | A list of attribute update operations, where each item is a tuple containing the attribute path and the new value. |
Returns
A response object indicating that the update was successfully accepted.
UpdateUser
function UpdateUser( const ARequest: IIdentityStoreUpdateUserRequest): IIdentityStoreUpdateUserResponse; overload;
IIdentityStoreUpdateUserRequest → IIdentityStoreUpdateUserResponse
Updates the specified attributes of a user in the identity store.
This operation allows modifying user attributes such as DisplayName, Emails, PhoneNumbers, and others, depending on which operations are supplied. The request must specify the IdentityStoreId, UserId, and a list of one or more attribute update operations.
Parameters
| Name | Description |
|---|---|
ARequest | The request object containing the identity store ID, user ID, and update operations. |
Returns
A response object indicating that the update was accepted.
function UpdateUser(const AIdentityStoreId, AUserId: string; const AOperations: TArray<TArray<string>>): IIdentityStoreUpdateUserResponse; overload;
IIdentityStoreUpdateUserResponse
Updates one or more user attributes using a list of update operations.
This overload allows specifying the user and update operations directly as an array of attribute path/value pairs, such as: [['DisplayName', 'Howard Hughes'], ['UserType', 'contractor']]
Parameters
| Name | Description |
|---|---|
AIdentityStoreId | The identifier of the identity store containing the user. |
AUserId | The unique identifier of the user to update. |
AOperations | A list of attribute updates, where each entry is a tuple of attribute path and new value (as strings). |
Returns
A response object indicating the update was accepted.