--- - name: Check for {{ login }} okta_users: organization: "{{ organization }}" api_key: "{{ api_key }}" action: list login: "{{ login }}" register: oktalist # if the account is not found, make it - name: Create {{ login }} okta_users: organization: "{{ organization }}" api_key: "{{ api_key }}" action: create login: "{{ login }}" email: "{{ email }}" first_name: "{{ first_name }}" last_name: "{{ last_name }}" when: - oktalist['json'] is not defined - isActive|bool == True - name: Update {{ login }} first_name okta_users: organization: "{{ organization }}" api_key: "{{ api_key }}" action: update id: "{{ oktalist.json.0.id }}" first_name: "{{ first_name }}" when: - oktalist.json.0.profile.firstName != first_name - isActive|bool == True - name: Update {{ login }} last_name okta_users: organization: "{{ organization }}" api_key: "{{ api_key }}" action: update id: "{{ oktalist.json.0.id }}" last_name: "{{ last_name }}" when: - oktalist.json.0.profile.lastName != last_name - isActive|bool == True - name: Update {{ login }} email okta_users: organization: "{{ organization }}" api_key: "{{ api_key }}" action: update id: "{{ oktalist.json.0.id }}" email: "{{ email }}" when: - oktalist.json.0.profile.email != email - isActive|bool == True - name: Disable {{ login }} okta_users: organization: "{{ organization }}" api_key: "{{ api_key }}" action: deactivate id: "{{ oktalist.json.0.id }}" when: - oktalist.json is defined - isActive|bool == False - name: debug debug: msg: "{{ item }}" with_items: "{{ add_groups }}" - name: add groups okta_groups: action: add_user organization: "{{ organization }}" api_key: "{{ api_key }}" user_id: "{{ oktalist.json.0.id }}" id: "{{ item }}" with_items: "{{ add_groups }}" ignore_errors: yes - name: remove groups okta_groups: action: remove_user organization: "{{ organization }}" api_key: "{{ api_key }}" user_id: "{{ oktalist.json.0.id }}" id: "{{ item }}" with_items: "{{ remove_groups }}" ignore_errors: yes