Api to delete terminated users
Ogheneruona Dibie
Tyro
We are currently looking into automating the process of reclaiming unused licenses as well as provisioning the licenses the LinkedIn employees. After chatting with our app owner, he explained to me that users automatically become in active after 6 months and the license is subsequently freed. This approach works but a lot of licenses would not be leverage well. Licenses of users that are no longer at the company would not be freed on time. Here are my asks:
- Is there an api endpoint that we can use make users inactive. I have looked through the api docs online, but I can’t seem to see any endpoint to use in making users inactive. Please can you share that endpoint if any?
- When users are inactive, does it count toward the licenses allotted to LinkedIn?
- What if we delete the user (admins). Can that also be used? Please can u also share that endpoint if any.
Best Answers
-
Options
Kevin Baum
Panopto Employee
Hi Ruona,
Python should support libraries that can be used to call SOAP APIs. We also have a sample SOAP API wrapper and examples of how to call the SOAP API from Python on our public GitHub page. Please take a look at this example for calling the SOAP API from Python: https://github.com/Panopto/python-soap
If you have any questions on the example, or run into any issues please let me know.
Thanks,
Kevin
0 -
OptionsKevin Baum
Panopto Employee
Hi Ruona,
The host should be the domain for the Panopto site you using to call the API (for example, demo.hosted.panopto.com).
The example provided above is designed to be used with users who log into Panopto directly with a user name and password, rather than through an external Identity Provider such as Okta. Our SOAP API does provide a method to log in using an external user instead, using the AuthCode property of the AuthenticationInfo section of the SOAP call. You will need administrator access to Panopto to get the information needed to create the AuthCode, including the Instance Name for the Identity Provider, and the Application Key for that identity provider.
To log in using an AuthCode instead of a username and password, you would use the Identity Provider instance name and the username together to create a UserKey like this:
[instance_name]\[user_name]The actual AuthCode to send is then created using the following formula:
SHA1(UserKey + "@" + WebServerFQDN.ToLower() + "|" + applicationKey.ToLower())For example, if the instance name is "test", the user name is "myUser", the site is demo.hosted.panopto.com, and the Identity Provider application key is "00000000-0000-0000-0000-000000000000", you would construct the AuthCode as:
SHA1("test\[email protected]|00000000-0000-0000-0000-000000000000")The actual call would send "test\myUser" as the UserKey value, and the constructed value from above as the AuthCode value.
The sample code in the Git repository above can be modified to use this instead by changing the
authenticate_factoryfunction in AuthenticatedClientFactory.py to instead call the IAuth.LogOnWithExternalProvider function by changing line 105 to the following:response = auth_service.LogOnWithExternalProvider(userKey=self.username, authCode=self.authcode)You would also want to change the initialization to have an authCode parameter instead of a password parameter. The username parameter can be constructed with the Identity Provider instance name as above, and you would construct and pass in the authCode.
The rest of the sample code should work as expected then.
I hope that this helps. Please let me know if you have any other questions.
Thanks,
Kevin
0 -
OptionsKevin Baum
Panopto Employee
Hi Ruona,
I'm very happy to hear that you've been able to successfully delete users now.
Panopto has not implemented any SCIM APIs or endpoints for use at this time, so we would be unable to support those workflows.
Please let me know if you have any other questions.
Thanks,
Kevin
0
Answers
Hi Ruona,
We do not have any API endpoint to make a user inactive, or remove their license, but our public SOAP API does have an endpoint to delete a user. If the user is deleted, the license would be reclaimed.
You can use the IUserManagement.DeleteUsers SOAP API endpoint to delete a user. The calling user must be an admin in Panopto, but any user type can be deleted.
I hope that helps. Please let me know if you have any other questions.
Thanks,
Kevin
Thank you so much Kevin. I have taken a look at the SOAP API and I believe that would work in my case. But how would I use this SOAP API? My goal is to make a call to the endpoint from a python script to run the workflow to trigger the user removal process.
Thank you so much Kevin. I looked up the github repo that you shared with me in your previous reply but I still have a few questions. On the sample example, I am a little confused on what the host, username and password should be. What exactly should I be using to do the authentication.
I believe linkedin host is linkedin.hosted.panopto.com, and I used my login username and password but it didn't work for me. We typically don't directly login through the host since we have it integrated with Okta.
Please would you be able to assist here?
Thank you so much Kevin. I really appreciate all your help. I have successfully been able to authenticate and delete users using the SOAP Api. Would you happen to know if there is any SCIM APIs for Panopto? Some of the other apps I've worked with seem to support SCIM integration where there are endpoint that I am able to user for user manage. For example, here is the docs for slack: https://api.slack.com/admins/scim
Thanks again Kevin!
Hi kevin,
Is there a way for me to get usage data from each user on our Linkedin's panopto instance? I am hoping I can get information like the last time a user logged in and the how active each user on panopto have been.
Ruona
What did you find out regarding SCIM provisioning?
Hi Chaz, unfortunately there is no SCIM integration currently available for Panopto. I ended up using the SOAP api for User Management.
That's pretty much what I assumed.
Too bad we still have to use SOAP for this and can't use REST.
Thanks!