{"files":{"SKILL.md":"---\nname: aws-sso-identity-store\ndescription: \"AWS SSO Identity Store API skill. Use when working with AWS SSO Identity Store for root. Covers 19 endpoints.\"\nversion: 1.0.0\ngenerator: lapsh\n---\n\n# AWS SSO Identity Store\nAPI version: 2020-06-15\n\n## Auth\nAWS SigV4\n\n## Base URL\nNot specified.\n\n## Setup\n1. Configure auth: AWS SigV4\n2. Verify API access with a test request\n3. POST / -- create first resource\n\n## Endpoints\n19 endpoints across 1 group. See references/api-spec.lap for full details.\n\n### Root\n| Method | Path | Description |\n|--------|------|-------------|\n| POST | / | Creates a group within the specified identity store. |\n| POST | / | Creates a relationship between a member and a group. The following identifiers must be specified: GroupId, IdentityStoreId, and MemberId. |\n| POST | / | Creates a user within the specified identity store. |\n| POST | / | Delete a group within an identity store given GroupId. |\n| POST | / | Delete a membership within a group given MembershipId. |\n| POST | / | Deletes a user within an identity store given UserId. |\n| POST | / | Retrieves the group metadata and attributes from GroupId in an identity store.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide. |\n| POST | / | Retrieves membership metadata and attributes from MembershipId in an identity store.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide. |\n| POST | / | Retrieves the user metadata and attributes from the UserId in an identity store.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide. |\n| POST | / | Retrieves GroupId in an identity store.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide. |\n| POST | / | Retrieves the MembershipId in an identity store.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide. |\n| POST | / | Retrieves the UserId in an identity store.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide. |\n| POST | / | Checks the user's membership in all requested groups and returns if the member exists in all queried groups.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide. |\n| POST | / | For the specified group in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide. |\n| POST | / | For the specified member in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide. |\n| POST | / | Lists all groups in the identity store. Returns a paginated list of complete Group objects. Filtering for a Group by the DisplayName attribute is deprecated. Instead, use the GetGroupId API action.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide. |\n| POST | / | Lists all users in the identity store. Returns a paginated list of complete User objects. Filtering for a User by the UserName attribute is deprecated. Instead, use the GetUserId API action.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide. |\n| POST | / | For the specified group in the specified identity store, updates the group metadata and attributes. |\n| POST | / | For the specified user in the specified identity store, updates the user metadata and attributes. |\n\n## Common Questions\nMatch user requests to endpoints in references/api-spec.lap. Key patterns:\n- \"Create a resource?\" -> POST /\n- \"How to authenticate?\" -> See Auth section above\n\n## Response Tips\n- Check response schemas in references/api-spec.lap for field details\n- Create/update endpoints return the modified resource on success\n\n## References\n- Full spec: See references/api-spec.lap for complete endpoint details, parameter tables, and response schemas\n\n> Generated from the official API spec by [LAP](https://lap.sh)\n","references/api-spec.lap":"@lap v0.3\n# Machine-readable API spec. Each @endpoint block is one API call.\n@api AWS SSO Identity Store\n@version 2020-06-15\n@auth AWS SigV4\n@endpoints 19\n@toc root(19)\n\n@endpoint POST /\n@desc Creates a group within the specified identity store.\n@required {IdentityStoreId: str}\n@optional {DisplayName: str, Description: str}\n@returns(200) {GroupId: str, IdentityStoreId: str}\n\n@endpoint POST /\n@desc Creates a relationship between a member and a group. The following identifiers must be specified: GroupId, IdentityStoreId, and MemberId.\n@required {IdentityStoreId: str, GroupId: str, MemberId: MemberId}\n@returns(200) {MembershipId: str, IdentityStoreId: str}\n\n@endpoint POST /\n@desc Creates a user within the specified identity store.\n@required {IdentityStoreId: str}\n@optional {UserName: str, Name: Name, DisplayName: str, NickName: str, ProfileUrl: str, Emails: [Email], Addresses: [Address], PhoneNumbers: [PhoneNumber], UserType: str, Title: str, PreferredLanguage: str, Locale: str, Timezone: str}\n@returns(200) {UserId: str, IdentityStoreId: str}\n\n@endpoint POST /\n@desc Delete a group within an identity store given GroupId.\n@required {IdentityStoreId: str, GroupId: str}\n\n@endpoint POST /\n@desc Delete a membership within a group given MembershipId.\n@required {IdentityStoreId: str, MembershipId: str}\n\n@endpoint POST /\n@desc Deletes a user within an identity store given UserId.\n@required {IdentityStoreId: str, UserId: str}\n\n@endpoint POST /\n@desc Retrieves the group metadata and attributes from GroupId in an identity store.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.\n@required {IdentityStoreId: str, GroupId: str}\n@returns(200) {GroupId: str, DisplayName: str?, ExternalIds: [ExternalId]?, Description: str?, IdentityStoreId: str}\n\n@endpoint POST /\n@desc Retrieves membership metadata and attributes from MembershipId in an identity store.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.\n@required {IdentityStoreId: str, MembershipId: str}\n@returns(200) {IdentityStoreId: str, MembershipId: str, GroupId: str, MemberId: MemberId{UserId: str?}}\n\n@endpoint POST /\n@desc Retrieves the user metadata and attributes from the UserId in an identity store.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.\n@required {IdentityStoreId: str, UserId: str}\n@returns(200) {UserName: str?, UserId: str, ExternalIds: [ExternalId]?, Name: Name?{Formatted: str?, FamilyName: str?, GivenName: str?, MiddleName: str?, HonorificPrefix: str?, HonorificSuffix: str?}, DisplayName: str?, NickName: str?, ProfileUrl: str?, Emails: [Email]?, Addresses: [Address]?, PhoneNumbers: [PhoneNumber]?, UserType: str?, Title: str?, PreferredLanguage: str?, Locale: str?, Timezone: str?, IdentityStoreId: str}\n\n@endpoint POST /\n@desc Retrieves GroupId in an identity store.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.\n@required {IdentityStoreId: str, AlternateIdentifier: AlternateIdentifier}\n@returns(200) {GroupId: str, IdentityStoreId: str}\n\n@endpoint POST /\n@desc Retrieves the MembershipId in an identity store.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.\n@required {IdentityStoreId: str, GroupId: str, MemberId: MemberId}\n@returns(200) {MembershipId: str, IdentityStoreId: str}\n\n@endpoint POST /\n@desc Retrieves the UserId in an identity store.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.\n@required {IdentityStoreId: str, AlternateIdentifier: AlternateIdentifier}\n@returns(200) {UserId: str, IdentityStoreId: str}\n\n@endpoint POST /\n@desc Checks the user's membership in all requested groups and returns if the member exists in all queried groups.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.\n@required {IdentityStoreId: str, MemberId: MemberId, GroupIds: [str]}\n@returns(200) {Results: [GroupMembershipExistenceResult]}\n\n@endpoint POST /\n@desc For the specified group in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.\n@required {IdentityStoreId: str, GroupId: str}\n@optional {MaxResults: int, NextToken: str}\n@returns(200) {GroupMemberships: [GroupMembership], NextToken: str?}\n\n@endpoint POST /\n@desc For the specified member in the specified identity store, returns the list of all GroupMembership objects and returns results in paginated form.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.\n@required {IdentityStoreId: str, MemberId: MemberId}\n@optional {MaxResults: int, NextToken: str}\n@returns(200) {GroupMemberships: [GroupMembership], NextToken: str?}\n\n@endpoint POST /\n@desc Lists all groups in the identity store. Returns a paginated list of complete Group objects. Filtering for a Group by the DisplayName attribute is deprecated. Instead, use the GetGroupId API action.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.\n@required {IdentityStoreId: str}\n@optional {MaxResults: int, NextToken: str, Filters: [Filter]}\n@returns(200) {Groups: [Group], NextToken: str?}\n\n@endpoint POST /\n@desc Lists all users in the identity store. Returns a paginated list of complete User objects. Filtering for a User by the UserName attribute is deprecated. Instead, use the GetUserId API action.  If you have administrator access to a member account, you can use this API from the member account. Read about member accounts in the Organizations User Guide.\n@required {IdentityStoreId: str}\n@optional {MaxResults: int, NextToken: str, Filters: [Filter]}\n@returns(200) {Users: [User], NextToken: str?}\n\n@endpoint POST /\n@desc For the specified group in the specified identity store, updates the group metadata and attributes.\n@required {IdentityStoreId: str, GroupId: str, Operations: [AttributeOperation]}\n\n@endpoint POST /\n@desc For the specified user in the specified identity store, updates the user metadata and attributes.\n@required {IdentityStoreId: str, UserId: str, Operations: [AttributeOperation]}\n\n@end\n"}}