If you create custom AdminGroup for your application and are using Okta for authentication you might find this useful.
AdminGroup attribution is usually managed through those APIs:
UserAdmin.addUserToGroup(userId, adminGroupId) UserAdmin.removeUserFromGroup(userId, adminGroupId)
Since Okta is tight to C3’s AdminGroup you also want to keep them synced.
UserAdmin.addUserToOktaGroupInEnv(user.id, adminGroup.id, env); UserAdmin.removeUserFromOktaGroupInEnv(user.id, adminGroup.id, env);
Where env is specific to your setup. For me it is:
Cluster.hosts().host.split('-app') + '/tenant'
If you dont keep Okta and C3 groups synced you might experience weird things, like users getting back on groups you removed them from or even users not able to access the app.