API docs by Redocly

PingOne Advanced Identity Cloud - Identity Governance (IGA) (1.0.0)

Download OpenAPI specification:Download

This is the API specification for the Access Request related endpoints and data model for PingOne Advanced Identity Cloud - Identity Governance (IGA).

Access Request

Access request endpoints.

Create or validate new access request for list of users.

For submitting a new request for access, which will validate the contents of the request, and if there are no issues, create a request for each user-to-catalog item pairing that the request contains. To only check validation an _action of validate is supported, which will allow the caller to see any errors that exist with the current request payload. Regardless of result, no requests will be created when that action is used.

query Parameters
_action
required
string
Enum: "create" "validate"

Action to be performed for requests endpoint.

runPreventativeScan
boolean

Check whether the requested access violates any policies.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
users
Array of strings

List of unique user IDs for whom the access is being requested.

Array of objects

List of catalog items being requested for the users.

startDate
string

The date that the granted access will take effect. The value should be provided in ISO8601 format.

endDate
string

The date that the granted access will end for the user. The value should be provided in ISO8601 format.

expiryDate
integer

The expiry date of the access request, by which if the request is not completed it will be cancelled automatically by the system. The value should be provided in ISO8601 format.

priority
string
Default: "low"
Enum: "low" "medium" "high"

The priority of the request, either low, medium, or high.

justification
string

The reason for which this request is being submitted.

accessModifier
string
Enum: "add" "remove"

The access modifier of this request, i.e., is this an add request or a remove request.

externalRequestId
string

If using an external service (e.g., SNOW) to manage any portion of the access request flow, you can include an ID reference to that external process using this field.

requestIdPrefix
string

This field can be used to assign an additional prefix to the generated UUID for the request(s) that are created from this call. For example, a requestIdPrefix of REQ would result in a UUID like REQ-f8c8f9ae-12b3-4316-b011-c117a9c3f1a2.

Responses

Request samples

Content type
application/json
{
  • "users": [
    ],
  • "catalogs": [
    ],
  • "startDate": "2023-09-11T12:00:00+00:00",
  • "endDate": "2023-12-11T12:00:00+00:00",
  • "expiryDate": "2023-09-05T12:00:00+00:00",
  • "priority": "low",
  • "justification": "I need this access to start working on a new project.",
  • "accessModifier": "add",
  • "externalRequestId": "c926c10f-300a-4222-876f-348e0ca07d63",
  • "requestIdPrefix": "REQ"
}

Response samples

Content type
application/json
{
  • "result": [
    ],
  • "errors": [
    ]
}

Create request of the given request type.

Create request

path Parameters
requestTypeId
required
string

The ID of the request type

Request Body schema: application/json
required

The payload for creating request. Properties must match the request type schema definition.

id
string

The unique identifier of the request.

object (User)

The properties of a user object.

requestType
string
Enum: "applicationGrant" "applicationRemove" "entitlementGrant" "entitlementRemove" "roleGrant" "roleRemove"

The identifier of the request type.

object (AccessRequest)

This information appears under the request key on any request object. It contains all of the relevant information submitted by an end user for the request. The fields startDate, endDate, justification, externalRequestId, isDraft and requestIdPrefix under the common key will appear for all requests. Depending on the request type, there will also be additional request type specific details that appear within this object.

application
object (Application)

An application object, as stored in IGA

Array of objects (ApplicationOwner)

A list of user objects whom are assigned as the owners of an application

Array of objects (User)

If applicable, the user who is listed as the owner of the entitlement for which this request is for.

Array of objects (User)

If applicable, the user who is listed as the owner of the role for which this request is for.

object (User)

The properties of a user object.

object

The decision key contains all of the information related to the request lifecycle, such as the status, the task information, comments, and more.

object

Responses

Request samples

Content type
application/json
{
  • "id": "string",
  • "requester": {
    },
  • "requestType": "applicationGrant",
  • "request": {
    },
  • "application": {
    },
  • "applicationOwner": [
    ],
  • "entitlementOwner": [
    ],
  • "roleOwner": [
    ],
  • "user": {
    },
  • "decision": {
    },
  • "metadata": {
    }
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "requester": {
    },
  • "requestType": "applicationGrant",
  • "request": {
    },
  • "application": {
    },
  • "applicationOwner": [
    ],
  • "entitlementOwner": [
    ],
  • "roleOwner": [
    ],
  • "user": {
    },
  • "decision": {
    },
  • "metadata": {
    }
}

Get access request by ID.

Retrieve the details of a single access request using its unique identifier.

path Parameters
requestId
required
string

The unique identifier of the request to get.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "id": "string",
  • "requester": {
    },
  • "requestType": "applicationGrant",
  • "request": {
    },
  • "application": {
    },
  • "applicationOwner": [
    ],
  • "entitlementOwner": [
    ],
  • "roleOwner": [
    ],
  • "user": {
    },
  • "decision": {
    },
  • "metadata": {
    }
}

Replace the content of a request. The only properties that it can be changed are properties that are defined in the request schema, and not in the notModifiableProperties.

Replace request

path Parameters
requestId
required
string

The ID of the request

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

The payload for replacing request content. Properties must match the request type schema definition of this request

id
string

The unique identifier of the request.

object (User)

The properties of a user object.

requestType
string
Enum: "applicationGrant" "applicationRemove" "entitlementGrant" "entitlementRemove" "roleGrant" "roleRemove"

The identifier of the request type.

object (AccessRequest)

This information appears under the request key on any request object. It contains all of the relevant information submitted by an end user for the request. The fields startDate, endDate, justification, externalRequestId, isDraft and requestIdPrefix under the common key will appear for all requests. Depending on the request type, there will also be additional request type specific details that appear within this object.

application
object (Application)

An application object, as stored in IGA

Array of objects (ApplicationOwner)

A list of user objects whom are assigned as the owners of an application

Array of objects (User)

If applicable, the user who is listed as the owner of the entitlement for which this request is for.

Array of objects (User)

If applicable, the user who is listed as the owner of the role for which this request is for.

object (User)

The properties of a user object.

object

The decision key contains all of the information related to the request lifecycle, such as the status, the task information, comments, and more.

object

Responses

Request samples

Content type
application/json
{
  • "id": "string",
  • "requester": {
    },
  • "requestType": "applicationGrant",
  • "request": {
    },
  • "application": {
    },
  • "applicationOwner": [
    ],
  • "entitlementOwner": [
    ],
  • "roleOwner": [
    ],
  • "user": {
    },
  • "decision": {
    },
  • "metadata": {
    }
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "requester": {
    },
  • "requestType": "applicationGrant",
  • "request": {
    },
  • "application": {
    },
  • "applicationOwner": [
    ],
  • "entitlementOwner": [
    ],
  • "roleOwner": [
    ],
  • "user": {
    },
  • "decision": {
    },
  • "metadata": {
    }
}

Update the content of a request. The only properties that it can be updated are properties that are defined in the request schema, and not in the notModifiableProperties.

Update request

path Parameters
requestId
required
string

The ID of the request

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

The payload for updating request

Array
operation
string
Enum: "add" "replace" "copy" "move" "increment" "remove" "transform"

The operation apply to the field

field
string

The field that will be updated

value
any

The value of the field

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "id": "string",
  • "requester": {
    },
  • "requestType": "applicationGrant",
  • "request": {
    },
  • "application": {
    },
  • "applicationOwner": [
    ],
  • "entitlementOwner": [
    ],
  • "roleOwner": [
    ],
  • "user": {
    },
  • "decision": {
    },
  • "metadata": {
    }
}

Take action on a request.

Perform various actions on a specific request, such as approve, reject, comment, cancel, update, or reassign. Each action may have different payloads depending on the information the caller needs to provide.

path Parameters
requestId
required
string

The unique identifier of the request to act on.

query Parameters
phaseName
string

For approval task specific actions, the name of the task that the action applies to.

_action
required
string
Enum: "cancel" "approve" "reject" "comment" "reassign" "update" "modify"

Action to be performed on a single request.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
Any of
comment
string

The comment text that will be added to the request.

Responses

Request samples

Content type
application/json
Example
{
  • "comment": "Can someone please expedite this approval?"
}

Get requests user has permissions to view.

Get requests for which the authenticated user has permissions to view. For additional search capabilities, use the POST /governance/user/{userId}/requests?_action=search API.

path Parameters
userId
required
string
Example: 3f9aeffb-dec7-484d-9031-a9e28646d284

Unique identifier of the user.

query Parameters
_fields
string
Example: _fields=user.userName,application.name,id

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_sortType
string
Enum: "date" "integer"
Example: _sortType=date

The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.

_searchAfter
string
Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59

The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "result": [
    ],
  • "searchAfterKey": [
    ],
  • "totalCount": 0,
  • "resultCount": 0
}

Get requests user has permissions to view.

Get requests for which the authenticated user has permissions to view. The targetFilter property in the API payload can be used to filter the requests based on the desired criteria.

path Parameters
userId
required
string
Example: 3f9aeffb-dec7-484d-9031-a9e28646d284

Unique identifier of the user.

query Parameters
_action
required
string
Value: "search"

Action to be performed on user requests endpoint.

_fields
string
Example: _fields=user.userName,application.name,id

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_sortType
string
Enum: "date" "integer"
Example: _sortType=date

The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.

_searchAfter
string
Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59

The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: */*
object (TargetFilterNode)

A targetFilter object, used to build a custom search filter to retrieve desired results.

Responses

Response samples

Content type
application/json
{
  • "result": [
    ],
  • "searchAfterKey": [
    ],
  • "totalCount": 0,
  • "resultCount": 0
}

Get requests for which the user is assigned to act on.

Get requests the authenticated user is assigned, either directly, through a role, or through a delegate. The targetFilter property in the API payload can be used to filter the requests based on the desired criteria.

path Parameters
userId
required
string
Example: 3f9aeffb-dec7-484d-9031-a9e28646d284

Unique identifier of the user.

query Parameters
_action
required
string
Value: "search"

Action to be performed on user approvals endpoint.

_fields
string
Example: _fields=user.userName,application.name,id

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_sortType
string
Enum: "date" "integer"
Example: _sortType=date

The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.

_searchAfter
string
Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59

The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

actorStatus
string

Status of the approver to search on, e.g. "active", "inactive". Active will show tasks which are currenty assigned to the user, while inactive will show tasks that they were assigned and have been completed.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: */*
object (TargetFilterNode)

A targetFilter object, used to build a custom search filter to retrieve desired results.

Responses

Response samples

Content type
application/json
{
  • "result": [
    ],
  • "searchAfterKey": [
    ],
  • "totalCount": 0,
  • "resultCount": 0
}

Account

Account endpoints

Search IGA for account objects.

This endpoint is used to search IGA for account objects that have been on-boarded as part of any application.

query Parameters
_fields
string
Example: _fields=user.userName,application.name,id

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_sortType
string
Enum: "date" "integer"
Example: _sortType=date

The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.

_searchAfter
string
Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59

The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "result": [
    ],
  • "searchAfterKey": [
    ],
  • "totalCount": 1,
  • "resultCount": 1
}

Search IGA for account objects using additional filters.

This endpoint is used to search IGA for account objects that have been on-boarded as part of any application. Additional filter criteria can be provided to allow searching by application, user, or glossary data.

query Parameters
_action
required
string
Value: "search"

Action to be performed for account endpoint.

_fields
string
Example: _fields=user.userName,application.name,id

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_sortType
string
Enum: "date" "integer"
Example: _sortType=date

The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.

_searchAfter
string
Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59

The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
Any of
object (TargetFilterNode)

A targetFilter object, used to build a custom search filter to retrieve desired results.

Responses

Request samples

Content type
application/json
{
  • "targetFilter": {
    }
}

Response samples

Content type
application/json
{
  • "result": [
    ],
  • "searchAfterKey": [
    ],
  • "totalCount": 1,
  • "resultCount": 1
}

Get an account object by ID.

Retrieve the details of a single account object using its unique identifier.

path Parameters
accountId
required
string

The unique identifier of the account to get.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "id": "system/TargetADApp/User/8df77c8b-dac0-4cc5-9f38-b4a467983609",
  • "keys": {
    },
  • "account": {
    },
  • "user": {
    },
  • "application": {
    },
  • "applicationOwner": [
    ],
  • "descriptor": {
    },
  • "glossary": {
    },
  • "item": {
    },
  • "metadata": {
    }
}

Get an account's glossary metadata by ID.

Retrieve the glossary specific details of a single account object using its unique identifier.

path Parameters
accountId
required
string

The unique identifier of the account to get glossary information for.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "accountType": "normal",
  • "accountStatus": "active"
}

Create an account's glossary metadata by ID.

Create glossary entry for a single account object using its unique identifier.

path Parameters
accountId
required
string

The unique identifier of the account to get.

query Parameters
_action
required
string
Value: "create"

Action to be performed for account endpoint.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
Any of
object (AccountGlossaryDetail)

This is an object of arbitrary key-value pairs for account glossary metadata that has been stored for a given account object.

Responses

Request samples

Content type
application/json
{
  • "accountType": "normal",
  • "accountStatus": "active"
}

Response samples

Content type
application/json
{
  • "accountType": "normal",
  • "accountStatus": "active"
}

Create or update an account's glossary metadata by ID.

Create or update a glossary entry for a single account object using its unique identifier.

path Parameters
accountId
required
string

The unique identifier of the account to get.

query Parameters
_action
required
string
Value: "create"

Action to be performed for account endpoint.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
Any of
object (AccountGlossaryDetail)

This is an object of arbitrary key-value pairs for account glossary metadata that has been stored for a given account object.

Responses

Request samples

Content type
application/json
{
  • "accountType": "normal",
  • "accountStatus": "active"
}

Response samples

Content type
application/json
{
  • "accountType": "normal",
  • "accountStatus": "active"
}

Audit

Endpoints associated with IDM's audit functionality

Get audit reports

Get audit reports

query Parameters
objectId
string

Id of the object to retrieve report.

startDate
string

First date to inlcude in the report

endDate
string

Last date to inlcude in the report

queryId
string

Required parameter for pagination, use value from previous response.

dataSetId
string

Required parameter for pagination, use value from previous response.

_pagedResultCookie
string

Used for pagination of results.

Responses

Response samples

Content type
application/json
{
  • "result": [
    ],
  • "resultCount": 0,
  • "totalCount": 0,
  • "queryId": "string",
  • "dataSetId": "string",
  • "pageToken": "string"
}

Get audit reports for user.

Get audit reports for user.

path Parameters
userId
required
string

Id of the user to retrieve report.

query Parameters
queryId
string

Required parameter for pagination, use value from previous response.

dataSetId
string

Required parameter for pagination, use value from previous response.

_pagedResultCookie
string

Used for pagination of results.

Responses

Response samples

Content type
application/json
{
  • "result": [
    ],
  • "resultCount": 0,
  • "totalCount": 0,
  • "queryId": "string",
  • "dataSetId": "string",
  • "pageToken": "string"
}

Catalog

Catalog endpoints.

Get catalog items.

Get a list of items from the IGA Access Catalog. Each entry represents a single type of requestable access that can be added to a request. The current supported types of access that are requestable are application, entitlement, and role.

query Parameters
_fields
string
Example: _fields=user.userName,application.name,id

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_sortType
string
Enum: "date" "integer"
Example: _sortType=date

The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.

_searchAfter
string
Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59

The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

ignoreRequestable
string
Example: ignoreRequestable=false

For admin use, will allow admin to view catalog items not marked as requestable when set to true

userId
string
Example: userId=3f9aeffb-dec7-484d-9031-a9e28646d284

For admin use, when provided will return the scoped catalog access that matches the given user id.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
Example
{
  • "id": "26f2bd6b-3d23-4fbb-92f7-9aecd0183852",
  • "item": {
    },
  • "application": {
    },
  • "applicationOwner": [
    ]
}

Search catalog items.

Get a list of items from the IGA Access Catalog using additional filter criteria. Each entry represents a single type of requestable access that can be added to a request. The current supported types of access that are requestable are application, entitlement, and role.

query Parameters
_fields
string
Example: _fields=user.userName,application.name,id

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_sortType
string
Enum: "date" "integer"
Example: _sortType=date

The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.

_searchAfter
string
Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59

The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

ignoreRequestable
string
Example: ignoreRequestable=false

For admin use, will allow admin to view catalog items not marked as requestable when set to true

userId
string
Example: userId=3f9aeffb-dec7-484d-9031-a9e28646d284

For admin use, when provided will return the scoped catalog access that matches the given user id.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
Any of
object (TargetFilterNode)

A targetFilter object, used to build a custom search filter to retrieve desired results.

Responses

Request samples

Content type
application/json
{
  • "targetFilter": {
    }
}

Response samples

Content type
application/json
{
  • "result": [
    ],
  • "searchAfterKey": [
    ],
  • "totalCount": 1,
  • "resultCount": 1
}

Get the properties available to filter by/search when using the catalog API.

This endpoint will retrieve all of the currently configured properties that are eligible to be used for search/sort when searching against the catalog API. Each property will include some additional metadata about the property, such as whether or not the property is multi value and its data type.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "application": [
    ],
  • "entitlement": [
    ],
  • "role": [
    ]
}

Get the properties available to filter by/search for a specific object when using the catalog API.

This endpoint will retrieve all of the currently configured properties that are eligible to be used for search/sort for a single object when searching against the catalog API. For example, all of the entitlement specific properties you can use to search. Each property will include some additional metadata about the property, such as whether or not the property is multi value and its data type.

path Parameters
objectType
required
string
Enum: "application" "entitlement" "role"

Type of object to get filter properties for.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
Example
[
  • {
    },
  • {
    }
]

Certification

Certification endpoints

Query existing certification templates.

Returns certification templates, based on a set of query parameters.

query Parameters
queryString
string

String to search against name and description.

pageSize
string

Number of results per page.

pageNumber
string

Page number of results to show.

searchAfter
string

An alternate of page number, corresponds to the searchAfterKey value sent in previous page's results.

sortBy
string

Property to sort results by.

sortDesc
string

Direction to sort results by.

certificationType
string
Enum: "identity" "roleMembership" "entitlement"

Filter by certification type.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create a new certification template.

Creates a new certification template based on the given payload.

Request Body schema: */*
required

The contents of the new template.

id
string

ID of template

name
string

Campaign template name

description
string

Description of the certification template

certificationType
string
Value: "identity"

Type of certification (identity, etc.)

ownerId
string

Owner of the certification

object (Schedule)
object (TargetFilter)
Array of objects (CertificationStage)

List of stage definitions

stageDuration
integer

Duration of stage in days

expirationAction
string
Enum: "certify" "revoke" "exception" "reassign" "none"

Action to take on certification line items on expiration

expirationActionDelay
string

Duration to wait before taking expiration action in days

expirationReassignee
string

User or role to reassign task to on expiration

stagingEnabled
boolean

If enabled, certification will sit in staging phase until activated

defaultCertifierId
string

ID of user that will be assigned as certifier when one cannot be calculated

allowBulkCertify
boolean

Allow users to bulk certify line items in this campaign

allowPartialSignoff
boolean

Allow users to sign off decision items in a campaign before all have been acted on

remediationRule
string

Script to run on sign off of line items; for example calling an external workflow

remediationDelay
integer

Duration to wait in days before executing remediation

exceptionDuration
integer

Maximum length of time, in days, that exceptions are allowed on line items

enableForward
boolean

Enable certifier forwarding of line items

enableReassign
boolean

Enable certifier reassign of line items

object (CertificationPermissions)

Permissions certification actor has assigned to them

selfCertificationRule
string
Enum: "all" "restricted" "none"

What users can certify their own access (restricted is owners/admins only)

assignmentNotification
string

Notification template to send to certifier on assignment

reassignNotification
string

Notification template to send to new certifiers on re-assignment

expirationNotification
string

Notification template to send to certifier on expiration

expirationNotificationDay
string

Length of time, in days, before a certification expires that an expiring notification is sent out to users.

reminderNotification
string

Notification template to send to certifier as a reminder

reminderFrequency
integer

How often to send reminder notification to certifier

escalationNotification
string

Notification template to send to escalation owner

escalationFrequency
integer

How often to send escalation notifications, in days

escalationOwner
string

ID of owner who receives escalation notifications

excludeConditionalAccess
boolean

Exclude role memberships that are granted conditionally

excludeRoleBasedAccess
boolean

Exclude entitlement or account grants that are granted via role

includeChildOrganizations
boolean

When organizations are provided in the filter, also include child organizations of those provided

Array of objects (CertificationTemplateParameter)

List of parameters this campaign template expects to be provided at runtime

templateEventType
string
Value: "user"

For event based templates, this is the type of entity the event references

Responses

Request samples

Content type
*/*
{
  "name": "Active Directory Certification",
  "description": "Certifying the accounts within active directory applications",
  "stagingEnabled": false,
  "schedule": null,
  "allowSelfCertification": false,
  "selfCertificationRule": "none",
  "enableForward": true,
  "enableReassign": true,
  "reassignPermissions": {
    "certify": true,
    "comment": true,
    "exception": true,
    "forward": true,
    "reassign": true,
    "reset": true,
    "revoke": true,
    "signoff": true
  },
  "exceptionDuration": 7,
  "allowBulkCertify": true,
  "allowPartialSignoff": true,
  "remediationRule": "",
  "certificationType": "identity",
  "ownerId": "managed/user/926de311-0949-415d-a9e4-94a87632b0f6",
  "stageDuration": 14,
  "expirationAction": "revoke",
  "expirationActionDelay": 0,
  "expirationReassignee": null,
  "stages": [
    {
      "certifierType": "user",
      "certifierId": "managed/user/79cc9f29-8d89-4958-8074-ce0df88979a2"
    }
  ],
  "defaultCertifierId": null,
  "assignmentNotification": null,
  "reassignNotification": null,
  "expirationNotification": null,
  "reminderNotification": null,
  "reminderFrequency": 0,
  "escalationNotification": null,
  "escalationFrequency": null,
  "escalationOwner": null,
  "remediationDelay": 0,
  "targetFilter": {
    "user": {
      "operator": "ALL",
      "operand": []
    },
    "type": [
      "accountGrant"
    ],
    "application": {
      "operator": "CONTAINS",
      "operand": {
        "targetName": "name",
        "targetValue": "Active Directory"
      }
    }
  },
  "excludeConditionalAccess": true,
  "excludeRoleBasedAccess": true,
  "includeChildOrganizations": true
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "name": "string",
  • "description": "string",
  • "certificationType": "identity",
  • "ownerId": "string",
  • "schedule": {
    },
  • "targetFilter": {
    },
  • "stages": [
    ],
  • "stageDuration": 0,
  • "expirationAction": "certify",
  • "expirationActionDelay": "string",
  • "expirationReassignee": "string",
  • "stagingEnabled": true,
  • "defaultCertifierId": "string",
  • "allowBulkCertify": true,
  • "allowPartialSignoff": true,
  • "remediationRule": "string",
  • "remediationDelay": 0,
  • "exceptionDuration": 0,
  • "enableForward": true,
  • "enableReassign": true,
  • "reassignPermissions": {
    },
  • "selfCertificationRule": "all",
  • "assignmentNotification": "string",
  • "reassignNotification": "string",
  • "expirationNotification": "string",
  • "expirationNotificationDay": "string",
  • "reminderNotification": "string",
  • "reminderFrequency": 0,
  • "escalationNotification": "string",
  • "escalationFrequency": 0,
  • "escalationOwner": "string",
  • "excludeConditionalAccess": true,
  • "excludeRoleBasedAccess": true,
  • "includeChildOrganizations": true,
  • "parameters": [
    ],
  • "templateEventType": "user",
  • "status": "active",
  • "scheduleId": "string",
  • "ownerInfo": {
    },
  • "defaultCertifierInfo": {
    },
  • "escalationOwnerInfo": {
    },
  • "expirationReassigneeInfo": {
    }
}

Duplicate an existing certification template.

Takes the definition of an existing certification template and makes a copy of it.

path Parameters
id
required
string

ID of the template object to copy.

Responses

Response samples

Content type
application/json
{
  • "message": "Cert Template duplicated successfully"
}

Update a single certification template.

Updates a certification template at the requested id in the path.

path Parameters
id
required
string

ID of the template object.

Request Body schema: */*
optional

The template fields to update.

id
string

ID of template

name
string

Campaign template name

description
string

Description of the certification template

certificationType
string
Value: "identity"

Type of certification (identity, etc.)

ownerId
string

Owner of the certification

object (Schedule)
object (TargetFilter)
Array of objects (CertificationStage)

List of stage definitions

stageDuration
integer

Duration of stage in days

expirationAction
string
Enum: "certify" "revoke" "exception" "reassign" "none"

Action to take on certification line items on expiration

expirationActionDelay
string

Duration to wait before taking expiration action in days

expirationReassignee
string

User or role to reassign task to on expiration

stagingEnabled
boolean

If enabled, certification will sit in staging phase until activated

defaultCertifierId
string

ID of user that will be assigned as certifier when one cannot be calculated

allowBulkCertify
boolean

Allow users to bulk certify line items in this campaign

allowPartialSignoff
boolean

Allow users to sign off decision items in a campaign before all have been acted on

remediationRule
string

Script to run on sign off of line items; for example calling an external workflow

remediationDelay
integer

Duration to wait in days before executing remediation

exceptionDuration
integer

Maximum length of time, in days, that exceptions are allowed on line items

enableForward
boolean

Enable certifier forwarding of line items

enableReassign
boolean

Enable certifier reassign of line items

object (CertificationPermissions)

Permissions certification actor has assigned to them

selfCertificationRule
string
Enum: "all" "restricted" "none"

What users can certify their own access (restricted is owners/admins only)

assignmentNotification
string

Notification template to send to certifier on assignment

reassignNotification
string

Notification template to send to new certifiers on re-assignment

expirationNotification
string

Notification template to send to certifier on expiration

expirationNotificationDay
string

Length of time, in days, before a certification expires that an expiring notification is sent out to users.

reminderNotification
string

Notification template to send to certifier as a reminder

reminderFrequency
integer

How often to send reminder notification to certifier

escalationNotification
string

Notification template to send to escalation owner

escalationFrequency
integer

How often to send escalation notifications, in days

escalationOwner
string

ID of owner who receives escalation notifications

excludeConditionalAccess
boolean

Exclude role memberships that are granted conditionally

excludeRoleBasedAccess
boolean

Exclude entitlement or account grants that are granted via role

includeChildOrganizations
boolean

When organizations are provided in the filter, also include child organizations of those provided

Array of objects (CertificationTemplateParameter)

List of parameters this campaign template expects to be provided at runtime

templateEventType
string
Value: "user"

For event based templates, this is the type of entity the event references

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Delete a single certification template.

Deletes a certification template at the requested id in the path. Does not remove traceability as campaign instances of the template copy over its contents when created into a campaign.

path Parameters
id
required
string

ID of the template object.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Get the available schema on which to filter certification templates

Returns a collection of schema properties that are available to populate the certification template's target filter property, including properties of application, user, entitlement, role, and other objects.

Responses

Response samples

Content type
application/json
{
  • "application": [
    ],
  • "entitlement": [
    ],
  • "role": [
    ]
}

Query existing certification campaign instances.

Returns certification campaigns based on a set of query parameters.

query Parameters
queryString
string

String to search against name and description.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_sortType
string
Enum: "date" "integer"
Example: _sortType=date

The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.

_searchAfter
string
Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59

The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

status
string
Enum: "active" "closed"

Filter by status of the certification.

certificationType
string
Value: "identity"

Filter by certification type.

Responses

Response samples

Content type
application/json
{
  • "result": [
    ],
  • "totalHits": 0,
  • "searchAfterKey": [
    ]
}

Read a single certification campaign

Returns the certification campaign from the provided campaign id.

path Parameters
certId
required
string

ID of the certification campaign.

Responses

Response samples

Content type
application/json
{
  • "id": "string",
  • "name": "string",
  • "description": "string",
  • "certificationType": "identity",
  • "ownerId": "string",
  • "schedule": {
    },
  • "targetFilter": {
    },
  • "stages": [
    ],
  • "stageDuration": 0,
  • "expirationAction": "certify",
  • "expirationActionDelay": "string",
  • "expirationReassignee": "string",
  • "stagingEnabled": true,
  • "defaultCertifierId": "string",
  • "allowBulkCertify": true,
  • "allowPartialSignoff": true,
  • "remediationRule": "string",
  • "remediationDelay": 0,
  • "exceptionDuration": 0,
  • "enableForward": true,
  • "enableReassign": true,
  • "reassignPermissions": {
    },
  • "selfCertificationRule": "all",
  • "assignmentNotification": "string",
  • "reassignNotification": "string",
  • "expirationNotification": "string",
  • "expirationNotificationDay": "string",
  • "reminderNotification": "string",
  • "reminderFrequency": 0,
  • "escalationNotification": "string",
  • "escalationFrequency": 0,
  • "escalationOwner": "string",
  • "excludeConditionalAccess": true,
  • "excludeRoleBasedAccess": true,
  • "includeChildOrganizations": true,
  • "parameters": [
    ],
  • "templateEventType": "user",
  • "status": "in-progress",
  • "scheduleId": "string",
  • "ownerInfo": {
    },
  • "defaultCertifierInfo": {
    },
  • "escalationOwnerInfo": {
    },
  • "expirationReassigneeInfo": {
    },
  • "templateId": "string",
  • "startDate": "string",
  • "deadline": "string",
  • "completionDate": "string",
  • "completedBy": { },
  • "expirationNotificationDate": "string",
  • "reminderNotificationDate": "string",
  • "escalationNotificationDate": "string",
  • "etlJobId": "string",
  • "systemMessages": {
    },
  • "totalTargets": 0,
  • "totalItems": 0,
  • "totalItemsComplete": 0,
  • "percentItemsComplete": 0
}

Get the actors (certifiers) tasks view for a certification.

Returns the tasks assigned to different actors (certifiers) as part of a certification.

path Parameters
certId
required
string

ID of the certification campaign.

query Parameters
queryString
string

Search tasks based on reviewer information (userName, sn, givenName, mail)

pageSize
string

Number of results per page.

pageNumber
string

Page number of results to show.

sortBy
string

Term on which to sort tasks (e.g. actor.userName, progress)

sortDir
string

Direction on which to sort ('asc' or 'desc')

Responses

Response samples

Content type
application/json
{
  • "result": [
    ]
}

Update a certification's deadline.

Update a certification's deadline when you provide a new one.

path Parameters
certId
required
string

ID of the certification campaign.

Request Body schema: application/json
required
newDeadline
string

New deadline to update.

Responses

Request samples

Content type
application/json
{
  • "newDeadline": "2023-05-01T12:00:00+00:00"
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "name": "string",
  • "description": "string",
  • "certificationType": "identity",
  • "ownerId": "string",
  • "schedule": {
    },
  • "targetFilter": {
    },
  • "stages": [
    ],
  • "stageDuration": 0,
  • "expirationAction": "certify",
  • "expirationActionDelay": "string",
  • "expirationReassignee": "string",
  • "stagingEnabled": true,
  • "defaultCertifierId": "string",
  • "allowBulkCertify": true,
  • "allowPartialSignoff": true,
  • "remediationRule": "string",
  • "remediationDelay": 0,
  • "exceptionDuration": 0,
  • "enableForward": true,
  • "enableReassign": true,
  • "reassignPermissions": {
    },
  • "selfCertificationRule": "all",
  • "assignmentNotification": "string",
  • "reassignNotification": "string",
  • "expirationNotification": "string",
  • "expirationNotificationDay": "string",
  • "reminderNotification": "string",
  • "reminderFrequency": 0,
  • "escalationNotification": "string",
  • "escalationFrequency": 0,
  • "escalationOwner": "string",
  • "excludeConditionalAccess": true,
  • "excludeRoleBasedAccess": true,
  • "includeChildOrganizations": true,
  • "parameters": [
    ],
  • "templateEventType": "user",
  • "status": "in-progress",
  • "scheduleId": "string",
  • "ownerInfo": {
    },
  • "defaultCertifierInfo": {
    },
  • "escalationOwnerInfo": {
    },
  • "expirationReassigneeInfo": {
    },
  • "templateId": "string",
  • "startDate": "string",
  • "deadline": "string",
  • "completionDate": "string",
  • "completedBy": { },
  • "expirationNotificationDate": "string",
  • "reminderNotificationDate": "string",
  • "escalationNotificationDate": "string",
  • "etlJobId": "string",
  • "systemMessages": {
    },
  • "totalTargets": 0,
  • "totalItems": 0,
  • "totalItemsComplete": 0,
  • "percentItemsComplete": 0
}

Cancel a certification campaign.

Cancels a certification campaign at the requested id in the path. This only cancels existing in-progress action items. It will not revert any decisions that have been signed-off and acted on.

path Parameters
certId
required
string

ID of the certification campaign.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Query the review items/tasks that are assigned to you

Returns the certification tasks that are currently assigned to the logged in end-user.

query Parameters
status
required
string
Enum: "active" "expired" "complete"

ID of the certification campaign.

Responses

Response samples

Content type
application/json
{
  • "results": [
    ],
  • "totalCount": 0
}

Query line items of the certification campaign instance

Returns the certification line-items that belong to this campaign, filtered by parameters. Certifier sign-off is indicated by status. The certifier's decision is indicated by decision.

path Parameters
certId
required
string

ID of the certification campaign.

query Parameters
targetId
string

ID of the target of the line-item.

pageSize
string

Number of items to return.

pageNumber
string

Page number of results to return.

searchAfter
string

An alternate of page number, corresponds to the searchAfterKey value sent in previous page's results.

status
string
Enum: "in-progress" "signed-off" "pending" "cancelled" "expired"

Status of the line-item.

decision
string
Enum: "certify" "revoke" "exception" "abstain"

Decision taken on the line-item.

ownerId
string

ID of the owner of the line-item.

user
string

ID of the user the line-item(s) are certifying,

resource
string

ID of the resource the line-item(s) are certifying.

application
string

ID of the application the line-items(s) are certifying.

actorId
string

ID of any actor (certifier) in the line-items actor list.

primaryReviewerId
string

ID of the primary reviewer/certifier of the line-items.

user.userName
string

Username of the user the line-item(s) are certifying.

itemType
string
Enum: "Account Grant" "Resource Grant"

Item type of the line-item.

account
string

ID of the account the line-items(s) are certifying.

groupBy
string

Aggregates the results to allow the frontend to group line-items.

appendUserPermissions
boolean

Appends the logged in user permissions for each line-item. Used by frontend.

taskStatus
string
Enum: "active" "complete" "closed" "cancelled" "expired"

Task level alternative to status (which is item level).

getCount
boolean

If true, will return the line item count based on the query.

isAdmin
boolean

If true and if the user has permission it will return the results as an admin.

Responses

Response samples

Content type
application/json
{
  • "result": [
    ],
  • "resultCount": 0,
  • "totalHits": 0,
  • "searchAfterKey": [
    ]
}

Query line-items of the certification campaign instance.

Returns the certification line-items that belong to the specified campaign, filtered by parameters.

path Parameters
certId
required
string

ID of the certification campaign.

query Parameters
_fields
string
Example: _fields=user.userName,application.name,id

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_sortType
string
Enum: "date" "integer"
Example: _sortType=date

The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.

_searchAfter
string
Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59

The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

appendUserPermissions
boolean

Appends the logged in user permissions for each line-item.

taskStatus
string
Enum: "active" "complete" "closed" "cancelled" "expired"

Task level status search.

Request Body schema: application/json
object (TargetFilterNode)

A targetFilter object, used to build a custom search filter to retrieve desired results.

Responses

Request samples

Content type
application/json
{
  • "targetFilter": {
    }
}

Response samples

Content type
application/json
{
  • "result": [
    ],
  • "resultCount": 0,
  • "totalCount": 0,
  • "searchAfterKey": [
    ]
}

Take action on line-items

Action taken on the given lineItems

path Parameters
certId
required
string

ID of the certification campaign.

action
required
string
Enum: "certify" "revoke" "exception" "comment" "forward" "signoff"

The specific action to take

query Parameters
selectAllActorId
string

When provided, the action will target all decision items the given actor is the primary reviewer for, and ids array can be left empty.

Request Body schema: */*
required

Contents of the action.

ids
required
Array of strings

Responses

Request samples

Content type
*/*
Example
{
  "ids": [
    "e9e4d260-1b55-4331-8468-5824344b8bc3",
    "01d8ccf0-e132-49f1-9c82-c52a6fea0154"
  ]
}

Response samples

Content type
application/json
{
  • "message": "string",
  • "idsNotActedOn": [
    ]
}

Take action on a single item

Take action on a single item.

path Parameters
certId
required
string

ID of the certification campaign.

lineItemId
required
string

ID of the line item.

action
required
string
Enum: "certify" "revoke" "exception" "comment" "reassign" "forward"

The specific action to take

Request Body schema: application/json
required

Contents of the action.

object

Responses

Request samples

Content type
application/json
Example
{ }

Response samples

Content type
application/json
{
  • "message": "string",
  • "idsNotActedOn": [
    ]
}

Config

Configuration endpoints.

Get all IGA configuration settings.

Reads and returns all of the IGA configuration properties, across all categories (currently only iga_access_request configuration is available.) These properties are used throughout IGA to determine how certain functionality should behave. For example, iga_access_request contains configuration for whether or not justification is required to reject a request, or whether or not a user can approve their own access.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "iga_access_request": {
    },
  • "iga_global": {
    },
  • "iga_autoid_integration": {
    }
}

Update all IGA configuration settings.

Update all of the IGA configuration properties, across all categories (currently only iga_access_request configuration is available.) Note that all current configuration must be included when saving changes, any omitted keys will be replaced by default values.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required
object (IGAAccessRequestConfig)

IGA configuration options specifically related to access request use cases.

object (IGAGlobalConfig)

IGA configuration options that are applied across IGA functionality.

object (IGAAutoIdConfig)

IGA configuration options specifically related to auto id use cases.

Responses

Request samples

Content type
application/json
{
  • "iga_access_request": {
    },
  • "iga_global": {
    },
  • "iga_autoid_integration": {
    }
}

Get IGA configuration settings for a given category.

Reads and returns IGA configuration settings for a given category (e.g. iga_access_request.)

path Parameters
key
required
string
header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
Example
{
  • "requireRequestJustification": true,
  • "requireRejectJustification": true,
  • "requireApproveJustification": true,
  • "preventRequestWithViolation": true,
  • "requireRequestJustificationWithViolation": true,
  • "defaultApprover": "managed/role/0e3de08d-fb8f-4f7f-91a8-4e65576fcac4",
  • "allowSelfApproval": true
}

Update IGA configuration settings for a given category.

Update IGA configuration settings for a given category (e.g. iga_access_request).

path Parameters
key
required
string
header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
Any of
requireRequestJustification
boolean

Whether requests require justification to be submitted.

requireRejectJustification
boolean

Whether request rejections require justification to be submitted.

requireApproveJustification
boolean

Whether request approvals require justification to be submitted.

preventRequestWithViolation
boolean

Prevents whether or not a request can be generated if it causes violations.

requireRequestJustificationWithViolation
boolean

Whether requests require justification to be submitted on violations generated.

defaultApprover
string

The default role that can be used to handle approvals when an approver cannot be calculated.

allowSelfApproval
boolean

Whether a user is allowed to approve/reject an approval task on a request for their own access.

Responses

Request samples

Content type
application/json
Example
{
  • "requireRequestJustification": true,
  • "requireRejectJustification": true,
  • "requireApproveJustification": true,
  • "preventRequestWithViolation": true,
  • "requireRequestJustificationWithViolation": true,
  • "defaultApprover": "managed/role/0e3de08d-fb8f-4f7f-91a8-4e65576fcac4",
  • "allowSelfApproval": true
}

Response samples

Content type
application/json
Example
{
  • "requireRequestJustification": true,
  • "requireRejectJustification": true,
  • "requireApproveJustification": true,
  • "preventRequestWithViolation": true,
  • "requireRequestJustificationWithViolation": true,
  • "defaultApprover": "managed/role/0e3de08d-fb8f-4f7f-91a8-4e65576fcac4",
  • "allowSelfApproval": true
}

Event

Event rule endpoints.

Get event definitions.

Get and search for a list of event rules defined in IGA. Each entry represents a single event rule that has been defined to detect a change in the system. IGA rules consist of two core pieces, the condition for the event, and the action that should be taken when that event occurs. For example, a rule may be defined that determines that any time a user is created in IGA, an certification for that user should be created.

query Parameters
_fields
string
Example: _fields=user.userName,application.name,id

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_sortType
string
Enum: "date" "integer"
Example: _sortType=date

The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.

_searchAfter
string
Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59

The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "result": [
    ],
  • "resultCount": 0,
  • "totalCount": 0,
  • "searchAfterKey": [
    ]
}

Create a new event definition.

Create a single IGA event rule. A single event rule is defined to detect a change in the system. IGA rules consist of two core pieces, the condition for the event, and the action that should be taken when that event occurs. For example, a rule may be defined that determines that any time a user is created in IGA, an certification for that user should be created.

query Parameters
_action
required
string
Value: "create"

Action to be performed for event endpoint.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
name
string

The name of the event

description
string

The description of the event and its purpose

Array of objects (User)

This list of unique owner IDs for the event.

entityType
string
Value: "user"

The type of entity for which this event applies (e.g. user, role, etc.)

mutationType
string
Enum: "create" "update" "delete"

The type of mutation event on the entity, (e.g. create, update, etc.)

condition
object

The condition definition for how to detect this event has occurred.

object

Object that defines what action will be used to respond to this event

status
string
Enum: "active" "inactive"

The status of the event, active/inactive

Responses

Request samples

Content type
application/json
Example
{
  • "name": "User Creation Event",
  • "description": "This event will kick off an orchestration for a new user upon creation.",
  • "entityType": "user",
  • "mutationType": "create",
  • "condition": {
    },
  • "action": {
    },
  • "status": "active",
  • "owners": [
    ]
}

Response samples

Content type
application/json
{
  • "name": "User Creation Event",
  • "description": "This event will create an identity certification for a new user upon creation",
  • "owners": [
    ],
  • "entityType": "user",
  • "mutationType": "create",
  • "condition": {
    },
  • "action": {
    },
  • "status": "active",
  • "metadata": {
    },
  • "id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d"
}

Get event definition by id.

Get a single IGA event by id. The response is a single event rule that has been defined to detect a change in the system.

path Parameters
id
required
string

ID of the event

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "name": "User Creation Event",
  • "description": "This event will create an identity certification for a new user upon creation",
  • "owners": [
    ],
  • "entityType": "user",
  • "mutationType": "create",
  • "condition": {
    },
  • "action": {
    },
  • "status": "active",
  • "metadata": {
    },
  • "id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d"
}

Update entire event definition by id.

Update a single IGA event by id. This call expects the entire object to be provided and replace the entire existing event definition.

path Parameters
id
required
string

ID of the event

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
name
string

The name of the event

description
string

The description of the event and its purpose

Array of objects (User)

This list of unique owner IDs for the event.

entityType
string
Value: "user"

The type of entity for which this event applies (e.g. user, role, etc.)

mutationType
string
Enum: "create" "update" "delete"

The type of mutation event on the entity, (e.g. create, update, etc.)

condition
object

The condition definition for how to detect this event has occurred.

object

Object that defines what action will be used to respond to this event

status
string
Enum: "active" "inactive"

The status of the event, active/inactive

Responses

Request samples

Content type
application/json
{
  • "name": "User Creation Event",
  • "description": "This event will create an identity certification for a new user upon creation",
  • "owners": [
    ],
  • "entityType": "user",
  • "mutationType": "create",
  • "condition": {
    },
  • "action": {
    },
  • "status": "active"
}

Response samples

Content type
application/json
{
  • "name": "User Creation Event",
  • "description": "This event will create an identity certification for a new user upon creation",
  • "owners": [
    ],
  • "entityType": "user",
  • "mutationType": "create",
  • "condition": {
    },
  • "action": {
    },
  • "status": "active",
  • "metadata": {
    },
  • "id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d"
}

Update specific properties of an event definition by id.

Update a single IGA event by id. This call will allow the caller to update specific properties of the event only, without providing the entire object.

path Parameters
id
required
string

ID of the event

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
Schema not provided

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "name": "User Creation Event",
  • "description": "This event will create an identity certification for a new user upon creation",
  • "owners": [
    ],
  • "entityType": "user",
  • "mutationType": "create",
  • "condition": {
    },
  • "action": {
    },
  • "status": "active",
  • "metadata": {
    },
  • "id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d"
}

Delete a single IGA event by id.

Delete a single IGA event by id.

path Parameters
id
required
string

ID of the event

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "name": "User Creation Event",
  • "description": "This event will create an identity certification for a new user upon creation",
  • "owners": [
    ],
  • "entityType": "user",
  • "mutationType": "create",
  • "condition": {
    },
  • "action": {
    },
  • "status": "active",
  • "metadata": {
    },
  • "id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d"
}

Get available event entities.

Get the list of available entities on which a condition can be defined.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "entities": [
    ]
}

Get schema for a given object.

Get the available schema for defining a condition on a given object. For example, 'user' will return the attributes available for defining an event for users in IGA.

path Parameters
object
required
string

Type of object for which to return schema

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "schema": {
    }
}

Job

Job related endpoints.

Manually triggers one of IGA's job processes.

Trigger an IGA job by ID.

path Parameters
id
required
string
Value: "autoIdTraining"

ID of the scope

query Parameters
_action
required
string
Value: "trigger"

Action to be taken

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
object

Responses

Request samples

Content type
application/json
{ }

Response samples

Content type
application/json
{
  • "message": null
}

Request Form

Request form endpoints.

Search request forms

This endpoint is used to search request forms

query Parameters
_queryFilter
string

The search query filter

_fields
string

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pagedResultsOffset
integer

Offset number of the record from which to start the paginated results.

_pageSize
integer

Number of response result objects to return.

_sortKeys
string

The property on which to sort the results.

Responses

Response samples

Content type
application/json
{
  • "id": "string",
  • "name": "string",
  • "type": "request",
  • "categories": {
    },
  • "form": { },
  • "metadata": {
    }
}

Create request form

This endpoint is used to create a request form

Request Body schema: application/json
required

The payload for create request form

id
string

The ID of the request form

name
required
string

The name of the request form

type
required
string

The type of the request

categories
object

The category information of the form. Categories are name and value pair.

form
required
object

the UI form definitoin. Server will store it as its, and won't interpret it in any way.

object

Responses

Request samples

Content type
application/json
{
  • "id": "string",
  • "name": "string",
  • "type": "request",
  • "categories": {
    },
  • "form": { },
  • "metadata": {
    }
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "name": "string",
  • "type": "request",
  • "categories": {
    },
  • "form": { },
  • "metadata": {
    }
}

Get request form by ID

This endpoint is used to get request form by ID

path Parameters
id
required
string

The ID of the request form

Responses

Response samples

Content type
application/json
{
  • "id": "string",
  • "name": "string",
  • "type": "request",
  • "categories": {
    },
  • "form": { },
  • "metadata": {
    }
}

Replace request form

This endpoint is used to replace an existing request form

path Parameters
id
required
string

The ID of the request form

Request Body schema: application/json
required

The payload for replacing request form

id
string

The ID of the request form

name
required
string

The name of the request form

type
required
string

The type of the request

categories
object

The category information of the form. Categories are name and value pair.

form
required
object

the UI form definitoin. Server will store it as its, and won't interpret it in any way.

object

Responses

Request samples

Content type
application/json
{
  • "id": "string",
  • "name": "string",
  • "type": "request",
  • "categories": {
    },
  • "form": { },
  • "metadata": {
    }
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "name": "string",
  • "type": "request",
  • "categories": {
    },
  • "form": { },
  • "metadata": {
    }
}

Update request form

This endpoint is used to update an existing request form

path Parameters
id
required
string

The ID of the request form

Request Body schema: application/json
required

The payload for replacing request form

Array
operation
string
Enum: "add" "replace" "copy" "move" "increment" "remove" "transform"

The operation apply to the field

field
string

The field that will be updated

value
any

The value of the field

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "id": "string",
  • "name": "string",
  • "type": "request",
  • "categories": {
    },
  • "form": { },
  • "metadata": {
    }
}

Search request form assignments

The endpoint is used to search the assignment of request forms

query Parameters
_queryFilter
string

The search query filter

_fields
string

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pagedResultsOffset
integer

Offset number of the record from which to start the paginated results.

_pageSize
integer

Number of response result objects to return.

_sortKeys
string

The property on which to sort the results.

Responses

Response samples

Content type
application/json
{
  • "objectId": "string",
  • "formId": "string"
}

Assign and unassign request form

The endpoint is used to assign and unassign request form

query Parameters
_action
required
string
Enum: "assign" "unassign"
Request Body schema: application/json
required

The payload for assign or unassign request form

objectId
required
string

This must be a unique identifier of the object that you want to assign a request form to. Keep in mind that request form can be used in different use cases. Such as create account for an application, sumbitting data for request, etc. Be sure to have a naming convention that can be use to uniquely identify each user case. One approach is construct this using a URI like format; For example application/900cb1ac-7d6d-4d26-9d62-13e8858a14d5/objectType/ACCOUNT/operation/create, or a simplier version application/900cb1ac-7d6d-4d26-9d62-13e8858a14d5/ACCOUNT/create

formId
required
string

The ID of request form

Responses

Request samples

Content type
application/json
{
  • "objectId": "string",
  • "formId": "string"
}

Response samples

Content type
application/json
{
  • "objectId": "string",
  • "formId": "string"
}

Request Type

Request type endpoints

Get list of supported request type

Get list of supported request type

query Parameters
_queryFilter
string

The query filter for searching

_pageSize
string

Number of results per page

_pageNumber
string

Page number of results to show

_fields
string

Properties to return in the results

_sortBy
string

The property to sort the results by

_pagedResultsOffset
integer

The offset of the first element of the page

_sortKeys
string

Property to sort the results by. Prefix + or - to the property name for ascending or descending order.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create new custom request type

Create new custom request type

Request Body schema: application/json
id
string

The identifier of the request type

object

Responses

Request samples

Content type
application/json
{
  • "id": "string",
  • "schemas": {
    }
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "schemas": {
    }
}

Get the request type by ID

Get the request type by ID

path Parameters
requestTypeId
required
string

Responses

Response samples

Content type
application/json
{
  • "id": "string",
  • "schemas": {
    }
}

Replace existing request type

Replace existing request type

path Parameters
requestTypeId
required
string
Request Body schema: application/json
id
string

The identifier of the request type

object

Responses

Request samples

Content type
application/json
{
  • "id": "string",
  • "schemas": {
    }
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "schemas": {
    }
}

Update request type

Update request type

path Parameters
requestTypeId
required
string
Request Body schema: application/json
Array
operation
string
Enum: "add" "replace" "copy" "move" "increment" "remove" "transform"

The operation apply to the field

field
string

The field that will be updated

value
any

The value of the field

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "id": "string",
  • "schemas": {
    }
}

Delete request type

Delete request type

path Parameters
requestTypeId
required
string

Responses

Provisioning

Access provisioning endpoints.

Provision or de-provision applications for a user.

Provision or de-provision applications for a user.

path Parameters
userId
required
string
Example: 3f9aeffb-dec7-484d-9031-a9e28646d284

Unique identifier of the user.

query Parameters
_action
required
string
Enum: "add" "remove"

Action to be performed on access provisioning endpoint.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
applicationId
required
string
startDate
string

The date that the granted access will take effect. The value should be provided in ISO8601 format.

endDate
string

The date that the granted access will end for the user. The value should be provided in ISO8601 format.

grantType
string (ProvisionGrantTypes)
Enum: "request" "admin"

The mechanism for a given provisioning action, request if done so via a request, or admin if directly assigned by an administrator.

Responses

Request samples

Content type
application/json
{
  • "applicationId": "0c067d47-f07c-46d6-9162-14476d18d87a",
  • "startDate": "2023-09-11T12:00:00+00:00",
  • "endDate": "2023-12-11T12:00:00+00:00",
  • "grantType": "request"
}

Response samples

Content type
application/json
{ }

Provision or de-provision roles for a user.

Provision or de-provision roles for a user.

path Parameters
userId
required
string
Example: 3f9aeffb-dec7-484d-9031-a9e28646d284

Unique identifier of the user.

query Parameters
_action
required
string
Enum: "add" "remove"

Action to be performed on access provisioning endpoint.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
roleId
required
string
startDate
string

The date that the granted access will take effect. The value should be provided in ISO8601 format.

endDate
string

The date that the granted access will end for the user. The value should be provided in ISO8601 format.

grantType
string (ProvisionGrantTypes)
Enum: "request" "admin"

The mechanism for a given provisioning action, request if done so via a request, or admin if directly assigned by an administrator.

Responses

Request samples

Content type
application/json
{
  • "roleId": "0c067d47-f07c-46d6-9162-14476d18d87a",
  • "startDate": "2023-09-11T12:00:00+00:00",
  • "endDate": "2023-12-11T12:00:00+00:00",
  • "grantType": "request"
}

Response samples

Content type
application/json
{ }

Provision or de-provision entitlements for a user.

Provision or de-provision entitlements for a user.

path Parameters
userId
required
string
Example: 3f9aeffb-dec7-484d-9031-a9e28646d284

Unique identifier of the user.

query Parameters
_action
required
string
Enum: "add" "remove"

Action to be performed on access provisioning endpoint.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
entitlementId
required
string
startDate
string

The date that the granted access will take effect. The value should be provided in ISO8601 format.

endDate
string

The date that the granted access will end for the user. The value should be provided in ISO8601 format.

grantType
string (ProvisionGrantTypes)
Enum: "request" "admin"

The mechanism for a given provisioning action, request if done so via a request, or admin if directly assigned by an administrator.

Responses

Request samples

Content type
application/json
{
  • "entitlementId": "0c067d47-f07c-46d6-9162-14476d18d87a",
  • "startDate": "2023-09-11T12:00:00+00:00",
  • "endDate": "2023-12-11T12:00:00+00:00",
  • "grantType": "request"
}

Response samples

Content type
application/json
{ }

Scope

Scoping related endpoints.

Get scope definitions.

Get and search for a list of scoping rules defined in IGA. Each entry represents a single scoping rule that has been defined to assign a set of conditions that will allow a subset of users visibility on a subset of target objects. IGA scoping rules consist of two core pieces, the condition for the source object (who/what the scope applies to), and the condition for the target objects that can be viewed/acted on/etc.

query Parameters
_fields
string
Example: _fields=user.userName,application.name,id

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_sortType
string
Enum: "date" "integer"
Example: _sortType=date

The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.

_searchAfter
string
Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59

The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "result": [
    ],
  • "resultCount": 0,
  • "totalCount": 0,
  • "searchAfterKey": [
    ]
}

Create a new scope.

Create a single scoping rule in IGA. Each scoping rule is defined to assign a set of conditions that will allow a subset of users visibility on a subset of target objects. IGA scoping rules consist of two core pieces, the condition for the source object (who/what the scope applies to), and the condition for the target objects that can be viewed/acted on/etc.

query Parameters
_action
required
string
Value: "create"

Action to be performed for scope endpoint.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
name
string

The name of the scope

description
string

The description of the scope and its purpose

status
string
Enum: "active" "inactive"

The status of the event, active/inactive

object

The conditions for this scoping rule that determine who/what the rule applies to

object

The conditions for this scoping rule that determine who/what the source objects can view/access/act on/etc.

Responses

Request samples

Content type
application/json
{
  • "name": "Contractor Scope",
  • "description": "This event will create a scoping rule for users who are contractors",
  • "status": "active",
  • "sourceCondition": {
    },
  • "targetCondition": {
    }
}

Response samples

Content type
application/json
{
  • "name": "Contractor Scope",
  • "description": "This event will create a scoping rule for users who are contractors",
  • "status": "active",
  • "sourceCondition": {
    },
  • "targetCondition": {
    },
  • "metadata": {
    },
  • "id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d"
}

Get scope by id.

Get a single scoping rule in IGA by id. Each scoping rule is defined to assign a set of conditions that will allow a subset of users visibility on a subset of target objects. IGA scoping rules consist of two core pieces, the condition for the source object (who/what the scope applies to), and the condition for the target objects that can be viewed/acted on/etc.

path Parameters
id
required
string

ID of the scope

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "name": "Contractor Scope",
  • "description": "This event will create a scoping rule for users who are contractors",
  • "status": "active",
  • "sourceCondition": {
    },
  • "targetCondition": {
    },
  • "metadata": {
    },
  • "id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d"
}

Update entire scope by id.

Update a single IGA scope by id. This call expects the entire object to be provided and replace the entire existing scope definition.

path Parameters
id
required
string

ID of the scope

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
name
string

The name of the scope

description
string

The description of the scope and its purpose

status
string
Enum: "active" "inactive"

The status of the event, active/inactive

object

The conditions for this scoping rule that determine who/what the rule applies to

object

The conditions for this scoping rule that determine who/what the source objects can view/access/act on/etc.

Responses

Request samples

Content type
application/json
{
  • "name": "Contractor Scope",
  • "description": "This event will create a scoping rule for users who are contractors",
  • "status": "active",
  • "sourceCondition": {
    },
  • "targetCondition": {
    }
}

Response samples

Content type
application/json
{
  • "name": "Contractor Scope",
  • "description": "This event will create a scoping rule for users who are contractors",
  • "status": "active",
  • "sourceCondition": {
    },
  • "targetCondition": {
    },
  • "metadata": {
    },
  • "id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d"
}

Update specific properties of a scope by id.

Update a single IGA scope by id. This call will allow the caller to update specific properties of the scope only, without providing the entire object.

path Parameters
id
required
string

ID of the scope

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
Schema not provided

Responses

Request samples

Content type
application/json
[
  • {
    }
]

Response samples

Content type
application/json
{
  • "name": "Contractor Scope",
  • "description": "This event will create a scoping rule for users who are contractors",
  • "status": "active",
  • "sourceCondition": {
    },
  • "targetCondition": {
    },
  • "metadata": {
    },
  • "id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d"
}

Delete a single IGA scope by id.

Delete a single IGA scope by id.

path Parameters
id
required
string

ID of the scope

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "name": "Contractor Scope",
  • "description": "This event will create a scoping rule for users who are contractors",
  • "status": "active",
  • "sourceCondition": {
    },
  • "targetCondition": {
    },
  • "metadata": {
    },
  • "id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d"
}

Get available scope entities.

Get the list of available entities on which a condition can be defined.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "entities": [
    ]
}

Get schema for a given object.

Get the available schema for defining a condition on a given object. For example, 'user' will return the attributes available for defining a scope for users in IGA.

path Parameters
object
required
string

Type of object for which to return schema

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "schema": {
    }
}

Segregation of Duty

SoD and Policy endpoints.

Query policies

The endpoint will return policies stored within the IGA store, based on a set of query parameters.

query Parameters
_fields
string
Example: _fields=user.userName,application.name,id

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_searchAfter
string
Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59

The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

_queryFilter
string

The search query filter

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create a new policy

The end point will allow for creation of a new policy object within IGA.

query Parameters
_action
required
string
Enum: "create" "duplicate"

Action to be performed for requests endpoint.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

The contents of the new policy

name
required
string

The name of the policy

description
string

A description of the policy

required
object

The policy owner object

policyRuleIds
required
Array of strings

The list of policy rule IDs that this policy contains.

object

The contents of the schedule on which this policy is scanned. Contents TBD

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "policyOwner": {
    },
  • "policyRuleIds": [
    ],
  • "schedule": {
    }
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "scheduleId": "policySchedule1a5cefd6a67f4303b16f1b5d5740cfd1",
  • "name": "string",
  • "description": "string",
  • "policyOwner": {
    },
  • "policyRuleIds": [
    ]
}

Search policy objects

Query the policy objects using a targeted search filter

query Parameters
_fields
string
Example: _fields=user.userName,application.name,id

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_searchAfter
string
Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59

The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

_queryFilter
string

The search query filter

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
object (TargetFilterNode)

A targetFilter object, used to build a custom search filter to retrieve desired results.

Responses

Request samples

Content type
application/json
{
  • "targetFilter": {
    }
}

Response samples

Content type
application/json
[
  • {
    }
]

Get policy by ID

The endpoint will return the policy with the provided ID.

path Parameters
id
required
string

ID of the policy

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "id": "string",
  • "scheduleId": "policySchedule1a5cefd6a67f4303b16f1b5d5740cfd1",
  • "name": "string",
  • "description": "string",
  • "policyOwner": {
    },
  • "policyRuleIds": [
    ]
}

Update an existing policy object

The end point will allow for updating an existing policy object within IGA.

path Parameters
id
required
string

ID of the policy to update

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
optional

The contents of the updated policy

name
required
string

The name of the policy

description
string

A description of the policy

required
object

The policy owner object

policyRuleIds
required
Array of strings

The list of policy rule IDs that this policy contains.

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "policyOwner": {
    },
  • "policyRuleIds": [
    ]
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "scheduleId": "policySchedule1a5cefd6a67f4303b16f1b5d5740cfd1",
  • "name": "string",
  • "description": "string",
  • "policyOwner": {
    },
  • "policyRuleIds": [
    ]
}

Delete an existing policy

The end point will allow for deleting an existing policy object within IDM.

path Parameters
id
required
string

ID of the policy to delete

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "id": "string",
  • "scheduleId": "policySchedule1a5cefd6a67f4303b16f1b5d5740cfd1",
  • "name": "string",
  • "description": "string",
  • "policyOwner": {
    },
  • "policyRuleIds": [
    ]
}

Scan the given policy for violations

The end point will run a scan on all of the given rules of a policy, and create violations if desired.

path Parameters
id
required
string

ID of the policy to scan

query Parameters
simulate
string

Whether or not this scan is a simulation, true means no violation tasks will be created, false or not present will create violations.

waitForCompletion
string

Whether or not to await the completion of the scan before returning, true will wait, false or not present will return after scan creation.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
optional
object

Responses

Request samples

Content type
application/json
{ }

Response samples

Content type
application/json
{
  • "id": "string",
  • "policy": {
    },
  • "policyRule": {
    },
  • "isSimulation": true,
  • "status": "string",
  • "startDate": "string",
  • "completionDate": "string",
  • "scanTarget": "string",
  • "results": [
    ]
}

Get policy rules

Given Policy ID, retrieve the policy rules associated with it.

path Parameters
id
required
string

ID of the policy

query Parameters
_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "result": [
    ]
}

Query policy rules

The endpoint will return policy rules stored within the IGA store, based on a set of query parameters.

query Parameters
_fields
string
Example: _fields=user.userName,application.name,id

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_queryFilter
string

The search query filter

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Create a new policy rule

The end point will allow for creation of a new policy rule object within IGA.

query Parameters
_action
required
string
Enum: "create" "duplicate"

Action to be performed for requests endpoint.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

The contents of the new policy rule

name
required
string

The name of the policy rule

description
string

A description of the policy rule

documentationUrl
string

A URL pointing towards any supporting documentation on the policy rule

required
object

The policy rule owner object

required
object

The violation owner object

active
required
boolean

Whether the policy rule is currently enabled.

required
object

Lists the types of scan for which this policy rule is eligible to be included in

maxExceptionDuration
required
integer

Maximum duration in days that exceptions are allowed on violations

required
object

Decisions that are available for the remediation actors to take

required
object

The defined remediation options for this policy rule

required
object (TargetFilterNode)

A targetFilter object, used to build a custom search filter to retrieve desired results.

required
Array of objects (TargetFilterNode)

An array of conditions that define the policy rule's targeted combination of access

required
object

Drives the lifecycle of the violations that are created.

violationOwnerType
required
string
Enum: "user" "role"

Violation owner type

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "documentationUrl": "string",
  • "policyRuleOwner": {
    },
  • "violationOwner": {
    },
  • "active": true,
  • "scanTypes": {
    },
  • "maxExceptionDuration": 0,
  • "decisionOptions": {
    },
  • "remediation": {
    },
  • "userFilter": {
    },
  • "ruleDefinition": [
    ],
  • "workflow": {
    },
  • "violationOwnerType": "user"
}

Response samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "documentationUrl": "string",
  • "policyRuleOwner": {
    },
  • "violationOwner": {
    },
  • "active": true,
  • "scanTypes": {
    },
  • "maxExceptionDuration": 0,
  • "decisionOptions": {
    },
  • "remediation": {
    },
  • "userFilter": {
    },
  • "ruleDefinition": [
    ],
  • "workflow": {
    },
  • "violationOwnerType": "user",
  • "id": "string",
  • "ruleDefinitionTags": [
    ]
}

Search policy rules

Query the policy rule objects using a targeted search filter

query Parameters
_fields
string
Example: _fields=user.userName,application.name,id

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_searchAfter
string
Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59

The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

_queryFilter
string

The search query filter

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
object (TargetFilterNode)

A targetFilter object, used to build a custom search filter to retrieve desired results.

Responses

Request samples

Content type
application/json
{
  • "targetFilter": {
    }
}

Response samples

Content type
application/json
[
  • {
    }
]

Get policy rule by ID

The endpoint will return the policy rule with the provided ID.

path Parameters
id
required
string

ID of the policy rule

query Parameters
resolveSchemas
string

When 'true', enrich the remediation.schemas property with the full schema objects rather than just the IDs

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "documentationUrl": "string",
  • "policyRuleOwner": {
    },
  • "violationOwner": {
    },
  • "active": true,
  • "scanTypes": {
    },
  • "maxExceptionDuration": 0,
  • "decisionOptions": {
    },
  • "remediation": {
    },
  • "userFilter": {
    },
  • "ruleDefinition": [
    ],
  • "workflow": {
    },
  • "violationOwnerType": "user",
  • "id": "string",
  • "ruleDefinitionTags": [
    ]
}

Duplicate the given policy rule

Creates a duplicate of the selected policy rule.

path Parameters
id
required
string

ID of the policy rule

query Parameters
_action
required
string
Enum: "create" "duplicate"

Action to be performed for requests endpoint.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
optional

The contents of the duplicate request (empty body)

object

Responses

Request samples

Content type
application/json
{ }

Response samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "documentationUrl": "string",
  • "policyRuleOwner": {
    },
  • "violationOwner": {
    },
  • "active": true,
  • "scanTypes": {
    },
  • "maxExceptionDuration": 0,
  • "decisionOptions": {
    },
  • "remediation": {
    },
  • "userFilter": {
    },
  • "ruleDefinition": [
    ],
  • "workflow": {
    },
  • "violationOwnerType": "user"
}

Update an existing policy rule object

The end point will allow for updating an existing policy rule object within IGA.

path Parameters
id
required
string

ID of the policy rule to update

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
optional

The contents of the updated policy rule

name
required
string

The name of the policy rule

description
string

A description of the policy rule

documentationUrl
string

A URL pointing towards any supporting documentation on the policy rule

required
object

The policy rule owner object

required
object

The violation owner object

active
required
boolean

Whether the policy rule is currently enabled.

required
object

Lists the types of scan for which this policy rule is eligible to be included in

maxExceptionDuration
required
integer

Maximum duration in days that exceptions are allowed on violations

required
object

Decisions that are available for the remediation actors to take

required
object

The defined remediation options for this policy rule

required
object (TargetFilterNode)

A targetFilter object, used to build a custom search filter to retrieve desired results.

required
Array of objects (TargetFilterNode)

An array of conditions that define the policy rule's targeted combination of access

required
object

Drives the lifecycle of the violations that are created.

violationOwnerType
required
string
Enum: "user" "role"

Violation owner type

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "documentationUrl": "string",
  • "policyRuleOwner": {
    },
  • "violationOwner": {
    },
  • "active": true,
  • "scanTypes": {
    },
  • "maxExceptionDuration": 0,
  • "decisionOptions": {
    },
  • "remediation": {
    },
  • "userFilter": {
    },
  • "ruleDefinition": [
    ],
  • "workflow": {
    },
  • "violationOwnerType": "user"
}

Response samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "documentationUrl": "string",
  • "policyRuleOwner": {
    },
  • "violationOwner": {
    },
  • "active": true,
  • "scanTypes": {
    },
  • "maxExceptionDuration": 0,
  • "decisionOptions": {
    },
  • "remediation": {
    },
  • "userFilter": {
    },
  • "ruleDefinition": [
    ],
  • "workflow": {
    },
  • "violationOwnerType": "user",
  • "id": "string",
  • "ruleDefinitionTags": [
    ]
}

Delete an existing policy rule

The end point will allow for deleting an existing policy rule object within IDM.

path Parameters
id
required
string

ID of the policy rule to delete

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "name": "string",
  • "description": "string",
  • "documentationUrl": "string",
  • "policyRuleOwner": {
    },
  • "violationOwner": {
    },
  • "active": true,
  • "scanTypes": {
    },
  • "maxExceptionDuration": 0,
  • "decisionOptions": {
    },
  • "remediation": {
    },
  • "userFilter": {
    },
  • "ruleDefinition": [
    ],
  • "workflow": {
    },
  • "violationOwnerType": "user",
  • "id": "string",
  • "ruleDefinitionTags": [
    ]
}

Scan the given policy for violations

The end point will run a scan on the given policy rule, and create violations if desired.

path Parameters
id
required
string

ID of the policy rule to scan

query Parameters
simulate
string

Whether or not this scan is a simulation, true means no violation tasks will be created, false or not present will create violations.

waitForCompletion
string

Whether or not to await the completion of the scan before returning, true will wait, false or not present will return after scan creation.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "id": "string",
  • "policy": {
    },
  • "policyRule": {
    },
  • "isSimulation": true,
  • "status": "string",
  • "startDate": "string",
  • "completionDate": "string",
  • "scanTarget": "string",
  • "results": [
    ]
}

Run a scan for violations on the given single user

The end point will run a scan on the given user rule, and return potential violations

path Parameters
id
required
string

ID of the user to scan

query Parameters
simulate
string

Whether or not this scan is a simulation, true means no violation tasks will be created, false or not present will create violations.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
optional

If running a preventative scan, additional access may be provided to simulate access not yet granted to user

Array of objects

Additional access to mock on user

object (TargetFilterNode)

A targetFilter object, used to build a custom search filter to retrieve desired results.

Responses

Request samples

Content type
application/json
{
  • "additionalAccess": [
    ],
  • "policyRuleFilter": {
    }
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "policy": {
    },
  • "policyRule": {
    },
  • "isSimulation": true,
  • "status": "string",
  • "startDate": "string",
  • "completionDate": "string",
  • "scanTarget": "string",
  • "results": [
    ]
}

Query policy scans

The endpoint will return policy scans stored within the IGA store, based on a set of query parameters.

query Parameters
_fields
string
Example: _fields=user.userName,application.name,id

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_searchAfter
string
Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59

The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

_queryFilter
string

The search query filter

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Search policy scans

Query the policy scan objects using a targeted search filter

query Parameters
_fields
string
Example: _fields=user.userName,application.name,id

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_searchAfter
string
Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59

The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

_queryFilter
string

The search query filter

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
object (TargetFilterNode)

A targetFilter object, used to build a custom search filter to retrieve desired results.

Responses

Request samples

Content type
application/json
{
  • "targetFilter": {
    }
}

Response samples

Content type
application/json
[
  • {
    }
]

Get policy scan by ID

The endpoint will return the policy scan with the provided ID.

path Parameters
id
required
string

ID of the policy scan

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "id": "string",
  • "policy": {
    },
  • "policyRule": {
    },
  • "isSimulation": true,
  • "status": "string",
  • "startDate": "string",
  • "completionDate": "string",
  • "scanTarget": "string",
  • "results": [
    ]
}

Delete an existing policy scan

The end point will allow for deleting an existing policy scan object within IGA.

path Parameters
id
required
string

ID of the policy scan to delete

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "id": "string",
  • "policy": {
    },
  • "policyRule": {
    },
  • "isSimulation": true,
  • "status": "string",
  • "startDate": "string",
  • "completionDate": "string",
  • "scanTarget": "string",
  • "results": [
    ]
}

Get violations the logged in user has access too.

Query the logged in user's violation objects.

query Parameters
_fields
string
Example: _fields=user.userName,application.name,id

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_searchAfter
string
Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59

The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

_queryFilter
string

The search query filter

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Get violations

Query the violation objects

query Parameters
_fields
string
Example: _fields=user.userName,application.name,id

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_searchAfter
string
Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59

The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

_queryFilter
string

The search query filter

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Creates a violation

creates a violation with the given body

query Parameters
_action
required
string
Enum: "create" "duplicate"

Action to be performed for requests endpoint.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
object (Violation)

A violation is a single object representing a segregation of duty violation between a single policy rule and a single violating entity (user).

Responses

Request samples

Content type
application/json
{
  • "targetFilter": {
    }
}

Response samples

Content type
application/json
[
  • {
    }
]

Bulk API to close entire violations, allowing access to remain indefinitely

Once a phase (or phases) have chosen to allow, this endpoint can be used to close and complete the violations with an outcome of allow

query Parameters
waitForCompletion
string

Whether or not to await the completion of violations before returning, true will wait, false or not present will return after phase completion.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

Array of violations to act on and additional properties for the action.

ids
required
Array of strings

An array of all violation ids to act on.

comment
string

Comment or justification for this action.

Responses

Request samples

Content type
application/json
{
  • "ids": [
    ],
  • "comment": "Justification for this action."
}

Response samples

Content type
application/json
{
  • "message": "Action 'allow' complete.",
  • "idsNotActedOn": [
    ]
}

Bulk API to cancel exception on a group of violations.

As an actor on violations, cancel existing exceptions, reverting the violations back to in-progress.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

Array of violations to act on and additional properties for the action.

ids
required
Array of strings

An array of all violation ids to act on.

comment
string

Comment or justification for this action.

Responses

Request samples

Content type
application/json
{
  • "ids": [
    ],
  • "comment": "Justification for this action."
}

Response samples

Content type
application/json
{
  • "message": "Action 'allow' complete.",
  • "idsNotActedOn": [
    ]
}

Bulk API to allow actors to add a comment to the violations.

As an actor on violations, add a comment to the violation objects.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

Array of violations to act on and additional properties for the action.

ids
required
Array of strings

An array of all violation ids to act on.

comment
required
string

Comment or justification for this action.

Responses

Request samples

Content type
application/json
{
  • "ids": [
    ],
  • "comment": "Justification for this action."
}

Response samples

Content type
application/json
{
  • "message": "Action 'allow' complete.",
  • "idsNotActedOn": [
    ]
}

Bulk API to allow access to remain for a defined period of time.

As an actor on violations, grant an exception to the violating access.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

Array of violations to act on and additional properties for the action.

exceptionExpirationDate
required
string

Date that exception will expire

ids
required
Array of strings

An array of all violation ids to act on.

comment
string

Comment or justification for this action.

Responses

Request samples

Content type
application/json
{
  • "exceptionExpirationDate": "2024-04-24T20:36:14+00:00",
  • "ids": [
    ],
  • "comment": "Justification for this action."
}

Response samples

Content type
application/json
{
  • "message": "Action 'allow' complete.",
  • "idsNotActedOn": [
    ]
}

Bulk API to edit the actors and permissions on the violations.

As a violation actor, edit the list of active actors on the violation tasks.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

Array of violations to act on and additional properties for the action.

required
Array of objects (ViolationActor)
ids
required
Array of strings

An array of all violation ids to act on.

comment
string

Comment or justification for this action.

Responses

Request samples

Content type
application/json
{
  • "updatedActors": [
    ],
  • "ids": [
    ],
  • "comment": "Justification for this action."
}

Response samples

Content type
application/json
{
  • "message": "Action 'allow' complete.",
  • "idsNotActedOn": [
    ]
}

Search violations

Query the violation objects using a targeted search filter

query Parameters
_fields
string
Example: _fields=user.userName,application.name,id

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_searchAfter
string
Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59

The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

_queryFilter
string

The search query filter

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
object (TargetFilterNode)

A targetFilter object, used to build a custom search filter to retrieve desired results.

Responses

Request samples

Content type
application/json
{
  • "targetFilter": {
    }
}

Response samples

Content type
application/json
[
  • {
    }
]

Search violations the logged in user is associated with.

Query the logged in user's violation objects using a targeted search filter

query Parameters
_fields
string
Example: _fields=user.userName,application.name,id

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_searchAfter
string
Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59

The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

_queryFilter
string

The search query filter

actorStatus
string

Actor status to search, comma-separated for multiple, e.g. "active", "inactive", or "active,inactive"

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
object (TargetFilterNode)

A targetFilter object, used to build a custom search filter to retrieve desired results.

Responses

Request samples

Content type
application/json
{
  • "targetFilter": {
    }
}

Response samples

Content type
application/json
[
  • {
    }
]

Get a violation by ID

Query the contents of a single violation object

path Parameters
id
required
string

ID of the violation

query Parameters
resolveSchemas
string

When 'true', enrich the policyRule remediation schemas property with the full schema objects rather than just the IDs

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "id": "string",
  • "user": { },
  • "policyRule": { },
  • "decision": {
    }
}

Updates a given violation

Updates a given violation with the given body

path Parameters
id
required
string

ID of the violation

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
object (Violation)

A violation is a single object representing a segregation of duty violation between a single policy rule and a single violating entity (user).

Responses

Request samples

Content type
application/json
{
  • "targetFilter": {
    }
}

Response samples

Content type
application/json
[
  • {
    }
]

Deletes a Violation

Deletes a violation from the given ID

path Parameters
id
required
string

ID of the violation

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
"string"

Close entire violation, allowing access to remain indefinitely

Once a phase (or phases) have chosen to allow, this endpoint can be used to close and complete the violation with an outcome of allow

path Parameters
id
required
string

ID of the violation

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

Contents of the action

object

Responses

Request samples

Content type
application/json
{ }

Response samples

Content type
application/json
{
  • "id": "string",
  • "user": { },
  • "policyRule": { },
  • "decision": {
    }
}

Comment on violation

As an actor on a violation, add a comment to the violation object.

path Parameters
id
required
string

ID of the violation

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

Contents of the action

comment
required
string

Comment to leave on violation

Responses

Request samples

Content type
application/json
{
  • "comment": "string"
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "user": { },
  • "policyRule": { },
  • "decision": {
    }
}

Complete a violation with an outcome of remediate

Once a phase (or phases) have chosen to remediate the violation, this endpoint can be used to complete the violation with an outcome of remediate, and continue the workflow on to either the automated or manual process for fulfilling the remediation.

path Parameters
id
required
string

ID of the violation

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

Contents of the action. Properties will be determined by the requirements of the remediation schema chosen by the id provided in the body.

id
string

ID of the remediation schema user has chosen

Responses

Request samples

Content type
application/json
{
  • "id": "string"
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "user": { },
  • "policyRule": { },
  • "decision": {
    }
}

Update the remediationStatus of a violation that is currently being remediated

For violations that have been given an outcome of 'remediate', this endpoint will allow the remediationStatus key to be updated, e.g. from in-progress to complete, and will finalize the violation when appropriate.

path Parameters
id
required
string

ID of the violation

status
required
string

Status to update remediationStatus to

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

Contents of the action

object

Responses

Request samples

Content type
application/json
{ }

Response samples

Content type
application/json
{
  • "id": "string",
  • "user": { },
  • "policyRule": { },
  • "decision": {
    }
}

Add phase to violation

Add phase to violation

path Parameters
violationId
required
string
header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
object (TaskPhase)

A "phase" is an approval task that exists on a request. It can be assigned to one or more users/roles and requires a single action of either approve or reject in order to be completed and move the request workflow flow forward.

Array of objects (ViolationActor)

Responses

Request samples

Content type
application/json
{
  • "phase": {
    },
  • "actors": [
    ]
}

Make a decision to allow access to remain

As an actor on a violation, allow the user to continue to violate the defined rule in perpetuity

path Parameters
id
required
string

ID of the violation

phaseName
required
string

Name of the phase

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

Contents of the action

comment
string

Comment justifying allow

Responses

Request samples

Content type
application/json
{
  • "comment": "string"
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "user": { },
  • "policyRule": { },
  • "decision": {
    }
}

Cancel an exception on a violation

As an actor on a violation, cancel an existing exception, reverting the violation back to in-progress.

path Parameters
id
required
string

ID of the violation

phaseName
required
string

Name of the phase

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

Contents of the action

comment
string

Comment describing the reason for exception being canceled.

Responses

Request samples

Content type
application/json
{
  • "comment": "string"
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "user": { },
  • "policyRule": { },
  • "decision": {
    }
}

Comment on violation

As an actor on a violation, add a comment to the violation object.

path Parameters
id
required
string

ID of the violation

phaseName
required
string

Name of the phase

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

Contents of the action

comment
required
string

Comment to leave on violation

Responses

Request samples

Content type
application/json
{
  • "comment": "string"
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "user": { },
  • "policyRule": { },
  • "decision": {
    }
}

Allow access to remain for a defined period of time

As an actor on a violation, grant an exception to the violating access.

path Parameters
id
required
string

ID of the violation

phaseName
required
string

Name of the phase

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

Contents of the action

exceptionExpirationDate
required
string

Date that exception will expire

comment
string

Comment to leave on exception

Responses

Request samples

Content type
application/json
{
  • "exceptionExpirationDate": "string",
  • "comment": "string"
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "user": { },
  • "policyRule": { },
  • "decision": {
    }
}

Edit the actors and permissions on the violation

As a violation actor, edit the list of active actors on a violation task

path Parameters
id
required
string

ID of the violation

phaseName
required
string

Name of the phase

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

Contents of the action

required
Array of objects (ViolationActor)

Responses

Request samples

Content type
application/json
{
  • "updatedActors": [
    ]
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "user": { },
  • "policyRule": { },
  • "decision": {
    }
}

Make a decision to remediate access

As an actor on a violation, choose to remediate the access, kicking off the remediation workflow assigned to the violation. Request body will depend on remediation schema chosen by user

path Parameters
id
required
string

ID of the violation

phaseName
required
string

Name of the phase

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

Contents of the action. Properties will be determined by the requirements of the remediation schema chosen by the id provided in the body.

id
string

ID of the remediation schema user has chosen

Responses

Request samples

Content type
application/json
{
  • "id": "string"
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "user": { },
  • "policyRule": { },
  • "decision": {
    }
}

Mark a violation provisioning task as complete

As an actor on a manual provisioning task to handle violation remediation, mark the action as completed

path Parameters
id
required
string

ID of the violation

phaseName
required
string

Name of the phase

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

Contents of the action

comment
string

Comment for the complete action

Responses

Request samples

Content type
application/json
{
  • "comment": "string"
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "user": { },
  • "policyRule": { },
  • "decision": {
    }
}

Mark a violation provisioning task as canceled (a.k.a not completed)

As an actor on a manual provisioning task to handle violation remediation, mark the action as canceled (not completed)

path Parameters
id
required
string

ID of the violation

phaseName
required
string

Name of the phase

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

Contents of the action

comment
string

Comment reason for cancel

Responses

Request samples

Content type
application/json
{
  • "comment": "string"
}

Response samples

Content type
application/json
{
  • "id": "string",
  • "user": { },
  • "policyRule": { },
  • "decision": {
    }
}

Task

Task related endpoints.

Get tasks user has permissions to view.

Get the tasks for which the authenticated user has permissions to view.

path Parameters
userId
required
string
Example: 3f9aeffb-dec7-484d-9031-a9e28646d284

Unique identifier of the user.

query Parameters
type
string
Enum: "request" "violation" "fulfillment"

The type of task to filter by

_fields
string
Example: _fields=user.userName,application.name,id

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_sortType
string
Enum: "date" "integer"
Example: _sortType=date

The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.

_searchAfter
string
Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59

The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

_queryFilter
string

The search query filter

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "result": [
    ],
  • "searchAfterKey": [
    ],
  • "totalCount": 0,
  • "resultCount": 0
}

Get tasks user has permissions to view.

Get the tasks for which the authenticated user has permissions to view. The targetFilter property in the API payload can be used to filter the requests based on the desired criteria.

path Parameters
userId
required
string
Example: 3f9aeffb-dec7-484d-9031-a9e28646d284

Unique identifier of the user.

query Parameters
_action
required
string
Value: "search"

Action to be performed on user tasks endpoint.

type
string
Enum: "request" "violation" "fulfillment"

The type of task to filter by

_fields
string
Example: _fields=user.userName,application.name,id

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_sortType
string
Enum: "date" "integer"
Example: _sortType=date

The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.

_searchAfter
string
Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59

The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: */*
object (TargetFilterNode)

A targetFilter object, used to build a custom search filter to retrieve desired results.

Responses

Response samples

Content type
application/json
{
  • "result": [
    ],
  • "searchAfterKey": [
    ],
  • "totalCount": 0,
  • "resultCount": 0
}

User

User related endpoints.

Get the grants a user currently has.

Get the different grants for which the given user currently has, including roles, accounts or entitlements.

path Parameters
userId
required
string
Example: 3f9aeffb-dec7-484d-9031-a9e28646d284

Unique identifier of the user.

query Parameters
queryString
string

Search term, searches against display names of the grant being targeted.

grantType
string
Enum: "entitlement" "account" "role"

Type of grant being searched for.

_fields
string
Example: _fields=user.userName,application.name,id

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_sortType
string
Enum: "date" "integer"
Example: _sortType=date

The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.

_searchAfter
string
Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59

The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

_queryFilter
string

The search query filter

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "result": [
    ],
  • "searchAfterKey": [
    ],
  • "totalCount": 0,
  • "resultCount": 0
}

Get the access recommendations for a given a user.

Get the recommendations provided by Auto ID for the access that a user should have.

path Parameters
userId
required
string
Example: 3f9aeffb-dec7-484d-9031-a9e28646d284

Unique identifier of the user.

query Parameters
_fields
string
Example: _fields=user.userName,application.name,id

The list of fields to return for each entry in the response result. Comma-separated for multiple values.

_pageSize
integer
Example: _pageSize=10

Number of response result objects to return.

_pagedResultsOffset
integer
Example: _pagedResultsOffset=10

Offset number of the record from which to start the paginated results.

_sortKeys
string
Example: _sortKeys=application.name

The property on which to sort the results.

_sortDir
string
Enum: "asc" "desc"
Example: _sortDir=asc

The direction of sort, asc or desc.

_sortType
string
Enum: "date" "integer"
Example: _sortType=date

The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.

_searchAfter
string
Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59

The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

_queryFilter
string

The search query filter

header Parameters
Accept-API-Version
string
Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type
application/json
{
  • "result": [
    ],
  • "searchAfterKey": [
    ],
  • "totalCount": 0,
  • "resultCount": 0
}

Workflow

Workflow related endpoints.

Get workflow definitions

Get a list of workflow definitions that are saved to the backend. Workflow definitions are either in status 'draft' of 'published'. Published workflow definitions are tied to a request type by id and name. Published workflow definitions are used by corresponding access request. Draft workflow definitions can be worked on by end user and publish to backend. The draft workflow id and name corresponds to the published workflow defintion id and name.

query Parameters
_searchAfter
string

Elastic Search After key. Used for pageNumber/

_pagedResultsOffset
string

Offset used to determine pageNumber returned.

_pageSize
string

Number of documents to return

_queryString
string

String to filter the workflows. Matches the workflow displayName, description, and name keys.

Responses

Create and/or Publish Workflow Definition

Create or publish an an workflow definition (workflow). Can be create, publish, execute, validate. Only DB deployed IGA instances support the execute action.

query Parameters
_action
required
string
Enum: "create" "validate" "publish" "execute"

Action to be performed for workflow endpoint.

Request Body schema: */*
optional

The data to pass into the workflow

id
string

ID of the workflow definition. It must to be one of the 6 seeded definitions.

name
string

Name of the workflow definition. It must to be one of the 6 seeded definitions.

displayName
string

The name that displays for the workflow definition.

description
string

The description of the workflow definition.

type
string
Value: "provisioning"

Provisioning is the only available type.

Array of any

The order of steps. The first element in the steps array is the first step of the workflow.

Responses

Response samples

Content type
application/json
{ }

Get Workflow Definition

Get workflow definition.

path Parameters
id
required
string

ID of the workflow

status
required
string

id of the workflow

Responses

Response samples

Content type
application/json
{
  • "id": "string",
  • "name": "string",
  • "displayName": "string",
  • "description": "string",
  • "type": "provisioning",
  • "steps": [
    ]
}

Delete workflow definition. If the status is published, it will try to delete the workflow model and process definition in IDM.

Delete workflow definition.

path Parameters
id
required
string

ID of the workflow

status
required
string

ID of the workflow

Responses

Response samples

Content type
application/json
{
  • "result": [
    ],
  • "searchAfterKey": [
    ],
  • "totalCount": 0,
  • "resultCount": 0
}

Update or publish the worfklow definition

Update or publish the worfklow definition.

path Parameters
id
required
string

ID of the workflow to update

Request Body schema: */*

The updated data to save.

id
string

ID of the workflow definition. It must to be one of the 6 seeded definitions.

name
string

Name of the workflow definition. It must to be one of the 6 seeded definitions.

displayName
string

The name that displays for the workflow definition.

description
string

The description of the workflow definition.

type
string
Value: "provisioning"

Provisioning is the only available type.

Array of any

The order of steps. The first element in the steps array is the first step of the workflow.

Responses

Response samples

Content type
application/json
{
  • "id": "string",
  • "name": "string",
  • "displayName": "string",
  • "description": "string",
  • "type": "provisioning",
  • "steps": [
    ]
}

Evolving

Evolving APIs. These APIs might get deprecated in future with improved alternatives.

Get entitlement by ID

The endpoint will return the entitlement with the provided ID.

path Parameters
id
required
string

ID of the entitlement

Responses

Response samples

Content type
application/json
{
  • "id": "system_TargetADApp___GROUP___8989f1f4-1518-49bf-8a45-7a84d3c6b17f",
  • "descriptor": {
    },
  • "entitlement": {
    },
  • "application": {
    },
  • "applicationOwner": [
    ],
  • "entitlementOwner": [
    ],
  • "metadata": {
    }
}

Searches for entitlements that match query.

Searches for all entitlements that match the target filter.

query Parameters
pageSize
string

Number of results per page

pageNumber
string

Page number of results to show

fields
string

Properties to be returned

sortBy
string

The property to be sorted by

sortDir
string

The direction of sort, asc or desc

sortType
string

The type of sort value, leave blank for normal sorting, or use 'date' or 'integer' for numeric

searchAfter
string

The sort property values of the last entry to continue searching from. Comma separated.

Request Body schema: application/json
object (TargetFilterNode)

A targetFilter object, used to build a custom search filter to retrieve desired results.

Responses

Request samples

Content type
application/json
{
  • "targetFilter": {
    }
}

Response samples

Content type
application/json
{
  • "result": [
    ],
  • "resultCount": 0,
  • "totalCount": 0,
  • "searchAfterKey": [
    ]
}

Returns users assigned the given entitlement

This end point returns users assigned the given entitlement

path Parameters
id
required
string

The ID of the application

query Parameters
pageSize
string

Number of results per page

pageNumber
string

Page number of results to show

sortBy
string

Field to sort by

sortDesc
string

Sort order asc/desc

queryString
string

Search term, searches against userName, givenName, sn

Responses

Response samples

Content type
application/json
{
  • "result": [
    ],
  • "resultCount": 0,
  • "totalCount": 0,
  • "searchAfterKey": [
    ]
}