When I call list_users method for IdentityClient, It enlists the users (Including IDP users.) I have created the IDP Group Mapping in OCI Console. Now I want something where I can identify every specific IDP user's, IDP Group or the Permissions they have without using Identity Console or IDCS API.
Do we have any Provision, where I can enlist IDP group users, or any way to identify, this IDP user, belongs to this IDP group so that on the basis of IDP group mapping I can say this IDP user has these permissions.
You can get an IdP User's OCI group membership and then map the OCI group names to IdP group names. This only works if your OCI groups are mapped 1:1 with your IdP groups. Permissions can then be applied to OCI groups via Policies. Will this work for you?
ListUserGroupMemberships API will tell you all the OCI groups that a user belongs to.
If you need the IdP group name and can ensure that group mappings are created 1:1 you can also use ListIdPGroupMappings API to convert OCI group names to IdP group names.
ListUserGroupMemberships API: https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/api/identity/client/oci.identity.IdentityClient.html#oci.identity.IdentityClient.list_user_group_memberships
ListIdpGroupMappings API: https://oracle-cloud-infrastructure-python-sdk.readthedocs.io/en/latest/api/identity/client/oci.identity.IdentityClient.html#oci.identity.IdentityClient.list_idp_group_mappings