WickrAdminAPI / Client / create_security_group
create_security_group¶
- WickrAdminAPI.Client.create_security_group(**kwargs)¶
Creates a new security group in a Wickr network. Security groups allow you to organize users and control their permissions, features, and security settings.
See also: AWS API Documentation
Request Syntax
response = client.create_security_group( networkId='string', name='string', securityGroupSettings={ 'lockoutThreshold': 123, 'permittedNetworks': [ 'string', ], 'enableGuestFederation': True|False, 'globalFederation': True|False, 'federationMode': 123, 'enableRestrictedGlobalFederation': True|False, 'permittedWickrAwsNetworks': [ { 'region': 'string', 'networkId': 'string' }, ], 'permittedWickrEnterpriseNetworks': [ { 'domain': 'string', 'networkId': 'string' }, ] }, clientToken='string' )
- Parameters:
networkId (string) –
[REQUIRED]
The ID of the Wickr network where the security group will be created.
name (string) –
[REQUIRED]
The name for the new security group.
securityGroupSettings (dict) –
[REQUIRED]
The configuration settings for the security group, including permissions, federation settings, and feature controls.
lockoutThreshold (integer) –
The number of failed password attempts before a user account is locked out.
permittedNetworks (list) –
A list of network IDs that are permitted for local federation when federation mode is set to restricted.
(string) –
enableGuestFederation (boolean) –
Guest users let you work with people outside your organization that only have limited access to Wickr. Only valid when federationMode is set to Global.
globalFederation (boolean) –
Allow users to securely federate with all Amazon Web Services Wickr networks and Amazon Web Services Enterprise networks.
federationMode (integer) –
The local federation mode. Values: 0 (none), 1 (federated - all networks), 2 (restricted - only permitted networks).
enableRestrictedGlobalFederation (boolean) –
Enables restricted global federation to limit communication to specific permitted networks only. Requires globalFederation to be enabled.
permittedWickrAwsNetworks (list) –
A list of permitted Amazon Web Services Wickr networks for restricted global federation.
(dict) –
Identifies a Amazon Web Services Wickr network by region and network ID, used for configuring permitted networks for global federation.
region (string) – [REQUIRED]
The Amazon Web Services region identifier where the network is hosted (e.g., ‘us-east-1’).
networkId (string) – [REQUIRED]
The network ID of the Wickr Amazon Web Services network.
permittedWickrEnterpriseNetworks (list) –
A list of permitted Wickr Enterprise networks for restricted global federation.
(dict) –
Identifies a Wickr enterprise network that is permitted for global federation, allowing users to communicate with members of the specified network.
domain (string) – [REQUIRED]
The domain identifier for the permitted Wickr enterprise network.
networkId (string) – [REQUIRED]
The network ID of the permitted Wickr enterprise network.
clientToken (string) –
A unique identifier for this request to ensure idempotency.
This field is autopopulated if not provided.
- Return type:
dict
- Returns:
Response Syntax
{ 'securityGroup': { 'activeMembers': 123, 'botMembers': 123, 'activeDirectoryGuid': 'string', 'id': 'string', 'isDefault': True|False, 'name': 'string', 'modified': 123, 'securityGroupSettings': { 'alwaysReauthenticate': True|False, 'atakPackageValues': [ 'string', ], 'calling': { 'canStart11Call': True|False, 'canVideoCall': True|False, 'forceTcpCall': True|False }, 'checkForUpdates': True|False, 'enableAtak': True|False, 'enableCrashReports': True|False, 'enableFileDownload': True|False, 'enableGuestFederation': True|False, 'enableNotificationPreview': True|False, 'enableOpenAccessOption': True|False, 'enableRestrictedGlobalFederation': True|False, 'filesEnabled': True|False, 'forceDeviceLockout': 123, 'forceOpenAccess': True|False, 'forceReadReceipts': True|False, 'globalFederation': True|False, 'isAtoEnabled': True|False, 'isLinkPreviewEnabled': True|False, 'locationAllowMaps': True|False, 'locationEnabled': True|False, 'maxAutoDownloadSize': 123, 'maxBor': 123, 'maxTtl': 123, 'messageForwardingEnabled': True|False, 'passwordRequirements': { 'lowercase': 123, 'minLength': 123, 'numbers': 123, 'symbols': 123, 'uppercase': 123 }, 'presenceEnabled': True|False, 'quickResponses': [ 'string', ], 'showMasterRecoveryKey': True|False, 'shredder': { 'canProcessManually': True|False, 'intensity': 123 }, 'ssoMaxIdleMinutes': 123, 'federationMode': 123, 'lockoutThreshold': 123, 'permittedNetworks': [ 'string', ], 'permittedWickrAwsNetworks': [ { 'region': 'string', 'networkId': 'string' }, ], 'permittedWickrEnterpriseNetworks': [ { 'domain': 'string', 'networkId': 'string' }, ] } } }
Response Structure
(dict) –
securityGroup (dict) –
The details of the newly created security group, including its ID, name, and settings.
activeMembers (integer) –
The number of active user members currently in the security group.
botMembers (integer) –
The number of bot members currently in the security group.
activeDirectoryGuid (string) –
The GUID of the Active Directory group associated with this security group, if synchronized with LDAP.
id (string) –
The unique identifier of the security group.
isDefault (boolean) –
Indicates whether this is the default security group for the network. Each network has only one default group.
name (string) –
The human-readable name of the security group.
modified (integer) –
The timestamp when the security group was last modified, specified in epoch seconds.
securityGroupSettings (dict) –
The comprehensive configuration settings that define capabilities and restrictions for members of this security group.
alwaysReauthenticate (boolean) –
Requires users to reauthenticate every time they return to the application, providing an additional layer of security.
atakPackageValues (list) –
Configuration values for ATAK (Android Team Awareness Kit) package integration, when ATAK is enabled.
(string) –
calling (dict) –
The calling feature permissions and settings that control what types of calls users can initiate and participate in.
canStart11Call (boolean) –
Specifies whether users can start one-to-one calls.
canVideoCall (boolean) –
Specifies whether users can make video calls (as opposed to audio-only calls). Valid only when audio call(canStart11Call) is enabled.
forceTcpCall (boolean) –
When enabled, forces all calls to use TCP protocol instead of UDP for network traversal.
checkForUpdates (boolean) –
Enables automatic checking for Wickr client updates to ensure users stay current with the latest version.
enableAtak (boolean) –
Enables ATAK (Android Team Awareness Kit) integration for tactical communication and situational awareness.
enableCrashReports (boolean) –
Allow users to report crashes.
enableFileDownload (boolean) –
Specifies whether users can download files from messages to their devices.
enableGuestFederation (boolean) –
Allows users to communicate with guest users from other Wickr networks and federated external networks.
enableNotificationPreview (boolean) –
Enables message preview text in push notifications, allowing users to see message content before opening the app.
enableOpenAccessOption (boolean) –
Allow users to avoid censorship when they are geo-blocked or have network limitations.
enableRestrictedGlobalFederation (boolean) –
Enables restricted global federation, limiting external communication to only specified permitted networks.
filesEnabled (boolean) –
Enables file sharing capabilities, allowing users to send and receive files in conversations.
forceDeviceLockout (integer) –
Defines the number of failed login attempts before data stored on the device is reset. Should be less than lockoutThreshold.
forceOpenAccess (boolean) –
Automatically enable and enforce Wickr open access on all devices. Valid only if enableOpenAccessOption settings is enabled.
forceReadReceipts (boolean) –
Allow user approved bots to read messages in rooms without using a slash command.
globalFederation (boolean) –
Allows users to communicate with users on other Wickr instances (Wickr Enterprise) outside the current network.
isAtoEnabled (boolean) –
Enforces a two-factor authentication when a user adds a new device to their account.
isLinkPreviewEnabled (boolean) –
Enables automatic preview of links shared in messages, showing webpage thumbnails and descriptions.
locationAllowMaps (boolean) –
Allows map integration in location sharing, enabling users to view shared locations on interactive maps. Only allowed when location setting is enabled.
locationEnabled (boolean) –
Enables location sharing features, allowing users to share their current location with others.
maxAutoDownloadSize (integer) –
The maximum file size in bytes that will be automatically downloaded without user confirmation. Only allowed if fileDownload is enabled. Valid Values [512000 (low_quality), 7340032 (high_quality) ]
maxBor (integer) –
The maximum burn-on-read (BOR) time in seconds, which determines how long messages remain visible before auto-deletion after being read.
maxTtl (integer) –
The maximum time-to-live (TTL) in seconds for messages, after which they will be automatically deleted from all devices.
messageForwardingEnabled (boolean) –
Enables message forwarding, allowing users to forward messages from one conversation to another.
passwordRequirements (dict) –
The password complexity requirements that users must follow when creating or changing passwords.
lowercase (integer) –
The minimum number of lowercase letters required in passwords.
minLength (integer) –
The minimum password length in characters.
numbers (integer) –
The minimum number of numeric characters required in passwords.
symbols (integer) –
The minimum number of special symbol characters required in passwords.
uppercase (integer) –
The minimum number of uppercase letters required in passwords.
presenceEnabled (boolean) –
Enables presence indicators that show whether users are online, away, or offline.
quickResponses (list) –
A list of pre-defined quick response message templates that users can send with a single tap.
(string) –
showMasterRecoveryKey (boolean) –
Users will get a master recovery key that can be used to securely sign in to their Wickr account without having access to their primary device for authentication. Available in SSO enabled network.
shredder (dict) –
The message shredder configuration that controls secure deletion of messages and files from devices.
canProcessManually (boolean) –
Specifies whether users can manually trigger the shredder to delete content.
intensity (integer) –
Prevents Wickr data from being recovered by overwriting deleted Wickr data. Valid Values: Must be one of [0, 20, 60, 100]
ssoMaxIdleMinutes (integer) –
The duration for which users SSO session remains inactive before automatically logging them out for security. Available in SSO enabled network.
federationMode (integer) –
The local federation mode controlling how users can communicate with other networks. Values: 0 (none), 1 (federated), 2 (restricted).
lockoutThreshold (integer) –
The number of failed password attempts before a user account is locked out.
permittedNetworks (list) –
A list of network IDs that are permitted for local federation when federation mode is set to restricted.
(string) –
permittedWickrAwsNetworks (list) –
A list of permitted Wickr networks for global federation, restricting communication to specific approved networks.
(dict) –
Identifies a Amazon Web Services Wickr network by region and network ID, used for configuring permitted networks for global federation.
region (string) –
The Amazon Web Services region identifier where the network is hosted (e.g., ‘us-east-1’).
networkId (string) –
The network ID of the Wickr Amazon Web Services network.
permittedWickrEnterpriseNetworks (list) –
A list of permitted Wickr Enterprise networks for global federation, restricting communication to specific approved networks.
(dict) –
Identifies a Wickr enterprise network that is permitted for global federation, allowing users to communicate with members of the specified network.
domain (string) –
The domain identifier for the permitted Wickr enterprise network.
networkId (string) –
The network ID of the permitted Wickr enterprise network.
Exceptions
WickrAdminAPI.Client.exceptions.ValidationErrorWickrAdminAPI.Client.exceptions.BadRequestErrorWickrAdminAPI.Client.exceptions.ResourceNotFoundErrorWickrAdminAPI.Client.exceptions.ForbiddenErrorWickrAdminAPI.Client.exceptions.UnauthorizedErrorWickrAdminAPI.Client.exceptions.InternalServerErrorWickrAdminAPI.Client.exceptions.RateLimitError