Identity Governance-related APIs
Identity Governance has many features, including access requests, the governance glossary (catalog), and entitlements.
The following sections comprehensively explore the Identity Governance REST API endpoints.
YAML file
The REST APIs contain many parameters and, in some instances, large request bodies. For your convenience, you can view the entire API using a YAML file based on the OpenAPI specification.
To download the YAML file, click here.
Learn more in the API reference documentation.
| Adjust the configurations of the file to match your specific details, such as your Advanced Identity Cloud tenant FQDN. |
Access token
You need to obtain an access token to authenticate to the Advanced Identity Cloud REST API. Learn more about obtaining an access token in Authenticate to Advanced Identity Cloud REST API with access token.
After you obtain an access token, you can access the Identity Governance API using
the specific HTTP methods: GET, POST, PUT, PATCH, and DELETE.
You can use client command-line tools, such as
cURL or API platforms, such as Postman to
transfer data to and from the IGA server.
For example, using cURL:
curl \
--request GET \
--header 'Authorization: Bearer <access token>' \
"https://<tenant-env-fqdn>/iga/governance/application?_pageSize=10&_queryFilter=true"Show example response
{
"result": [
{
"application": {
"authoritative": false,
"connectorId": "AzureAD",
"description": "AzureAD application",
...
"name": "AzureAD",
"templateName": "azure.ad",
"templateVersion": "2.0",
"objectTypes": [
{
"name": "__ACCOUNT__"
},
{
"name": "__GROUP__",
"accountAttribute": "memberOf"
}
]
},
...
}
],
"searchAfterKey": "string",
"resultCount": 0,
"totalCount": 0
}Endpoints
The following sections present the Identity Governance endpoints.
|
The output and examples presented in this section are based on a test dataset and are not real data. |
Application
| URI | HTTP method |
Description | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET |
Query Identity Governance applications. This endpoint is subject to scoped permissions given to the end user. Parameters
Responses
Click for an example to get a list of applicationsMedia type: |
||||||||||||||||||||||||
|
GET |
Returns the schema of a given application’s object type. This endpoint helps identify the required payload structure for the request endpoint, specifically for the object key that holds the entitlement details. The endpoint is also used in the UI to dynamically generate forms for creating and modifying entitlements. Parameters
Responses
Click for an example to get the object type schemaMedia type: |
Certification
| URI | HTTP method |
Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET |
Query existing certification templates. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST |
Create a new certification template. ParametersNo parameters Request body * requiredMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST |
Duplicate an existing certification template. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
PUT |
Update a single certification template. Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
DELETE |
Delete a single certification template at the requested ID in the path. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST |
Get the available schema on which to filter certification templates. Returns a collection of schema properties that are available to populate the certification templates target filter property, including properties of application, user, entitlement, role, and other objects. ParametersNo parameters Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
Query existing certification campaign instances. Returns certification campaigns based on a set of query parameters. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
Read a single certification campaign. Returns the certification campaign from the provided campaign ID. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
Get the actors (certifiers) tasks view for a certification. Returns the tasks assigned to different actors (certifiers) as part of a certification. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST |
Update a certification’s deadline. Update a certification’s deadline when you provide a new one. Parameters
Request body * requiredMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST |
Cancel a certification campaign. Cancels a certification campaign at the requested ID in the path. This only cancels existing in-progress action items. It will not revert any decisions that have been signed off and acted on. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
Query the review items (tasks) that are assigned to you. Returns the certification tasks that are currently assigned to the logged in end user. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
Query line items of the certification campaign instance. Returns the certification line items that belong to this campaign, filtered by parameters. Certifier sign-off is indicated by status. The certifier’s decision is indicated by decision. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST |
Query line items of the certification campaign instance. Returns the certification line items that belong to the specified campaign, filtered by parameters. Parameters
Request body exampleMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST |
Take action on line items. Parameters
Request body * requiredMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST |
Take action on a single line item. Parameters
Request body * requiredExample: Responses
Click for an example responseMedia type: |
Access request
In Identity Governance, end users can request access to resources. Resources are target applications, entitlements, or roles. You define which resources are requestable.
Learn more in access requests.
| URI | HTTP method |
Description | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
POST |
Create or validate a new access request for a list of users. When submitting a new request for access, the system validates the request’s contents. If no issues are found, IGA creates a request for each pairing of user and catalog items included in the request. You can choose to only validate the request by using the Parameters
Request body exampleMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
Create request for the given request type. Parameters
Request body * requiredPayload for creating the request. Properties must match the request type schema definition.
Media type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
GET |
Retrieve the details of a single access request using a unique identifier, Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
PUT |
Replace the content of a request. The only properties that can be changed are
properties that are defined in the request schema and not in the Parameters
Request body * requiredThe payload for replacing request content. Properties must match the request type schema definition of this request.
Media type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
PATCH |
Update the contents of a request. The only properties that can be updated are properties
that are defined in the request schema and not in the Parameters
Request body * requiredPayload for updating the request.
Media type: Responses
Click for an exampleMedia type: |
||||||||||||||||||||||||||||
|
POST |
Perform various actions on a specific request, such as Parameters
Request bodyExample: Responses
|
||||||||||||||||||||||||||||
|
GET |
Get requests for which the authenticated user has permissions to view. For additional search capabilities,
use the Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
Get requests for which the authenticated user has permissions to view. The Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
Get requests for which the authenticated user is assigned, either directly, through a role, or
through a delegate. The Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
Access request form
Identity Governance enables administrators to create custom forms presented to users during request workflows.
| URI | HTTP method |
Description | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET |
Search request forms. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||
|
POST |
Create a request form. ParametersNo parameters Request body * requiredMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||
|
GET |
Get a request form by ID. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||
|
PUT |
Replace an existing request form by ID. Parameters
Request body * requiredMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||
|
PATCH |
Update an existing request form by ID. Parameters
Request body * requiredMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||
|
GET |
Search the request form assignments. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||
|
POST |
Assign and unassign a request form. Parameters
Request body * requiredMedia type: Responses
Click for an example responseMedia type: |
Access request type
| URI | HTTP method |
Description | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET |
Get a list of supported request types. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||
|
POST |
Create a new custom request type. ParametersNo parameters Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||
|
GET |
Get a request type by ID. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||
|
PUT |
Replace an existing request type. Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||
|
PATCH |
Update an existing request type. Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||
|
DELETE |
Delete a request type. Parameters
Responses
|
Account
Accounts are user profiles in applications. For example, when you provision an end user to an application, an account is created for them.
| URI | HTTP method |
Description | ||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET |
Retrieve all account objects across all applications that have been onboarded as part of any application. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||
|
POST |
Retrieve all account objects across all applications that have been onboarded as part of any application. Additional filter criteria can be provided to allow searching by application, user, or glossary data. Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||
|
GET |
Retrieve by details of a single account object using its unique identifier. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||
|
GET |
Retrieve the glossary-specific details of a single account object using its unique identifier. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||
|
POST |
Create glossary entry for a single account object using its unique identifier. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||
|
PUT |
Create or update a glossary entry for a single account object using its unique identifier. Parameters
Responses
Click for an example responseMedia type: |
Audit
Endpoints associated with IDM’s audit functionality.
|
To use the
This is a temporary requirement and will be removed in a future release. |
| URI | HTTP method |
Description | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET |
Get audit reports. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||||||
|
GET |
Get the audit reports for a given user. Parameters
Responses
Click for an example responseendDate string (query) Last date to include in the report |
Catalog
The Catalog endpoint provides a list of requestable access items. The current supported
types of access that are requestable are application, entitlement, and role.
| URI | HTTP method |
Description | ||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET |
Get a list of items from the Identity Governance access catalog. Each entry represents a single
type of requestable access that can be added to a request. The current supported types
of access that are requestable are Parameters
Responses
Click for an example responseExample: |
||||||||||||||||||||||||||
|
POST |
Get a list of items from the Identity Governance access catalog using additional filter criteria.
Each entry represents a single type of requestable access that can be added to a request.
The current supported types of access that are requestable are Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||
|
GET |
Retrieve all currently configured properties eligible to be used for search or sort when searching against the catalog API. Each property includes some additional metadata about the property, such as whether it is multivalued or not and its datatype. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||
|
GET |
Retrieve all currently configured properties eligible to be used for search or sort for a single object when searching against the catalog API. For example, you can use the endpoint to search for all specific entitlement properties. Each property includes some additional metadata about the property, such as whether it is multivalued or not and its datatype. Parameters
Responses
Click for an example responseMedia type: |
Config
Identity Governance has overarching configurations, such as requiring a justification when rejecting an access request.
| URI | HTTP method |
Description | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET |
Reads and returns all Identity Governance configuration properties across all categories. Only access request-related properties are available. These properties are used to determine the behavior behind functionality. For example, access request features contain configuration on whether justification is required to reject a request or whether a user can approve their own access. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||
|
PUT |
Update all Identity Governance configuration properties across all categories. Only access request-related properties are available.
Parameters
Request bodyMedia type: Responses
Click for an example response |
||||||||||||||
|
GET |
Get Identity Governance configuration settings for a given category (for example, Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||
|
PUT |
Update Identity Governance configuration settings for a given category (for example, Parameters
Request bodyExample: Responses
Click for an example responseMedia type: |
Entitlement
All users can access the query entitlements endpoint, but the results they see are filtered automatically based on their granted authorizations.
For example, administrators can see all entitlements. A user who is an application owner can see all entitlements that belong to their applications but not other applications' entitlements. A user who is the entitlement owner of three entitlements can see the entitlements that they own. A user who has been scoped permissions to view or act on a subset of entitlements can access that subset.
This endpoint also supports all standard pagination and query filtering abilities of other search APIs.
|
Every entitlement object in Identity Governance now includes an additional property at the |
| URI | HTTP method |
Description | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET |
Search for all entitlements provided by the query parameters. Parameters
Responses
Click for an example to query entitlementsMedia type:
|
||||||||||||||||||||||||||||
|
POST |
Create a new entitlement. Users can submit a request using the
This endpoint creates the entitlement in the target system, creates the associated entry (if required), and ensures the entitlement is available in Identity Governance. Parameters
Request bodyExample: Responses
Click for an example to submit a Create entitlement requestMedia type:
|
||||||||||||||||||||||||||||
|
GET |
Return a single entitlement object by ID.
Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
PUT |
Modify an existing entitlement. Users can submit a request using the
Parameters
Request bodyMedia type: Responses
Click for an example to submit a Modify entitlement requestMedia type:
Click for an example to modify an entitlement directlyMedia type: |
||||||||||||||||||||||||||||
|
GET |
Returns the entitlement grants for the given entitlement ID. Users who have the permissions to do so can view the users who are currently granted a given entitlement. Administrators, application owners, and entitlement owners are granted this privilege implicitly. Additional end users can be scoped to have this permission also. Parameters
Responses
Click for an example to view grantsMedia type: |
||||||||||||||||||||||||||||
|
GET |
Get an entitlement’s glossary metadata by ID. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
Create a glossary entry for a single entitlement using its unique identifier. Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
PUT |
Create or update a glossary entry for a single entitlement using its unique identifier. Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
DELETE |
Delete a glossary entry for a single entitlement using its unique identifier. Parameters
Responses
Click for an example responseMedia type: |
Event
Events are rules defined to detect a change in the IGA system. Each rule has two core parts: a condition for the event and the action taken when that event occurs. For example, a rule might define that whenever someone creates a user in IGA, they should also generate a certification for that user.
| URI | HTTP method |
Description | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET |
Get and search for a list of event rules defined in IGA. Each entry represents a single event rule defined to detect a change in the system. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
Create a single IGA event rule. A single event rule is defined to detect a change in the system. Parameters
Request bodyExample: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
GET |
Get a single IGA event by ID. The response is a single event rule defined to detect a change in the system. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
PUT |
Update a single IGA event by ID. This call requires that the entire object be provided and that it replaces the entire existing event definition. Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
PATCH |
Update a single IGA event by ID. This call allows the caller to update specific properties of the event only without providing the entire object. Parameters
Request bodyExample: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
DELETE |
Delete a single IGA event by ID. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
GET |
Get the list of available event entities from which you can define a condition. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
GET |
Get the available schema for defining a condition on a given object.
For example, Parameters
Responses
Click for an example responseMedia type: |
Job
You can manually trigger a governance job.
| URI | HTTP method |
Description | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
POST |
Manually trigger a governance job by ID. Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
Provisioning
In the Advanced Identity Cloud admin console, you can add or remove, or provision, resources from end users. You can do the same through REST APIs.
| URI | HTTP method |
Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
POST |
Provision or de-provision applications for an end user. Parameters
Request body exampleMedia type: Responses
Click for an example responseMedia type: |
||||||||||||
|
POST |
Provision or de-provision roles for an end user. Parameters
Request body exampleMedia type: Responses
Click for an example responseMedia type: |
||||||||||||
|
POST |
Provision or de-provision entitlements for an end user. Parameters
Request body exampleMedia type: Responses
Click for an example responseMedia type: |
Scope
Scope determines which specific users are able to view or interact with particular target objects. Scoping rules comprise of two core parts: a condition for the source object (who or what the scope applies to) and a condition for the target object that can be viewed or acted upon.
| URI | HTTP method |
Description | ||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET |
Get and search for a list of scoping rules defined in IGA. Each entry represents a single scoping rule defined to assign a set of conditions that allows a subset of users visibility on a subset of target objects. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||
|
POST |
Create a single scoping rule in IGA. Each scoping rule is defined to assign a set of conditions that allows a subset of users visibility on a subset of target objects. IGA scoping rules consist of two core parts: a condition for the source object (who/what the scope applies to) and a condition for the target object that can be viewed or acted upon. Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||
|
GET |
Get a single scoping rule in IGA by ID. Each scoping rule is defined to assign a set of conditions that allows a subset of users visibility on a subset of target objects. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||
|
PUT |
Update a single IGA scope by ID. This call expects the entire object to be provided and replaces the entire existing scope definition. Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||
|
PATCH |
Update a single IGA scope by ID. This call allows the caller to update specific properties of the scope only without providing the entire object. Parameters
Request bodyExample: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||
|
DELETE |
Delete a single IGA scope by ID. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||
|
GET |
Get a list of available entities on which a condition can be defined. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||
|
GET |
Get the available schema for defining a condition on a given object. For example, 'user' returns the attributes available for defining a scope for users in IGA. Parameters
Responses
Click for an example responseMedia type: |
Segregation of Duty
Segregation of Duties (SoD) is an internal control process ensuring no single individual is granted privileges that could lead to a conflict of interest or fraud. Administrators can configure SoD using policies and policy rules that let them identify violations and run actions, such as create an exception, allow or remediate the violation, and others.
You can view the entire API using a YAML file based on the OpenAPI specification.
| Adjust the configurations of the file to match your specific details, such as your Advanced Identity Cloud tenant FQDN. |
| URI | HTTP method |
Description | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET |
Search policies. The endpoint returns policies stored within the Identity Governance store, based on a set of query parameters. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
Create a new policy object within Identity Governance. Parameters
Request body * requiredMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
Query policy objects using a targeted search filter. Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
GET |
Get policy by ID. The endpoint returns the policy with the provided ID. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
PUT |
Update an existing policy object within Identity Governance. Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
DELETE |
Delete an existing policy object within Identity Governance. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
Run a scan on all given rules of a policy and create violations if desired. Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
GET |
Get policy rules associated with a policy ID. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
GET |
Query policy rules based on a set of query parameters. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
Create a new policy rule object within Identity Governance. Parameters
Request body * requiredMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
Query the policy rule objects using a targeted search filter. Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
GET |
Get policy rule by ID. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
Duplicate a given policy rule. The rule will be set as Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
PUT |
Update an existing policy rule object. Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
DELETE |
Delete an existing policy rule. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
Run a scan the given policy for violations and create violations if desired. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
Run a scan on a given user rule and return potential violations. Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
GET |
Query policy scans with the Identity Governance store based on a set of query parameters. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
Query policy scan objects using a targeted search filter. Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
GET |
Get policy scan by ID. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
DELETE |
Delete an existing policy scan object within Identity Governance. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
GET |
Query the signed-in user’s violation objects. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
GET |
Query the violation objects. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
Creates a violation with the given body. Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
Once a phase (or phases) have chosen to allow a violation, close and complete the
violations with the outcome of Parameters
Request body * requiredMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
As a user who can take action on violations, cancel existing exceptions, reverting the violations to in-progress. Parameters
Request body * requiredMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
As a user who can take action on violations, add a comment to the violation objects. Parameters
Request body * requiredMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
As a user who can take action on violations, grant an exception to the violating access. Parameters
Request body * requiredMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
As a user who can take action on violations, edit the list of active actors on the violation tasks. Parameters
Request body * requiredMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
Query the violation objects using a targeted search filter. Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
Query the signed-in user’s violation object using a targeted search filter. Parameters
Request body! Responses
Click for an example responseMedia type: `application/json`å |
||||||||||||||||||||||||||||
|
GET |
Query the contents of a single violation object. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
PUT |
Updates a given violation with the given body. Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
DELETE |
Deletes a violation with a given ID. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
Once a phase (or phases) have chosen to allow a violation, close and complete the
violation with an outcome of Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
As an actor on a violation, add a comment to a violation object. Parameters
Request body * requiredMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
Once a phase (or phases) have chosen to remediate a violation, complete the violation
with an outcome of Parameters
Request body * requiredMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
For violations with an outcome of Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
Add a phase to a violation. A phase is a task that must be completed to move the violation forward,
which depends on the task configuration, such as expiration, assignee, notifications, and others.
For type= Parameters
Request bodyMedia type: Responses
|
||||||||||||||||||||||||||||
|
POST |
As an actor on a violation, allow the user to continue to violate the defined rule in perpetuity. Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
As an actor on a violation, cancel an existing exception, reverting the violation to Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
Add a comment to a violation object. Parameters
Request body * requiredMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
As an actor on a violation, grant an exception to the violating access. Parameters
Request body * requiredMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
As an actor on a violation, edit the actors and permissions on a violation task. Parameters
Request body * stringMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
As an actor on a violation, choose to remediate the access, kicking off the remediation workflow assigned to the violation. Parameters
Request body * requiredMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
As an actor on a manual provisioning task to handle the violation remediation, mark the action as completed. Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
As an actor on a manual provisioning task to handle the violation remediation, mark the action as canceled (not completed). Parameters
Request bodyMedia type: Responses
Click for an example responseMedia type: |
Task
Endpoints for fulfillment tasks.
| URI | HTTP method |
Description | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET |
Get the tasks for which the authenticated user has permissions to view. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||||||||||||||
|
POST |
Get the tasks for which the authenticated user has permissions to view. The
Parameters
Request bodyResponses
Click for an example responseMedia type: |
User
Endpoint for a user’s grants and recommendations.
| URI | HTTP method |
Description | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET |
Get the privileges a user currently has. The endpoint returns the Identity Governance-related authorization details for the authenticated users and includes the following information:
Parameters
Responses
Click for an example to get a user’s privilegesMedia type: |
||||||||||||||||||||||||||||||||||
|
GET |
Get the grants a user currently has. Parameters
Responses
Click for an example to get a user’s privilegesMedia type: |
||||||||||||||||||||||||||||||||||
|
GET |
Get the access recommendations for a given user. Parameters
Responses
Click for an example responseMedia type: |
Workflow
|
To use the
This is a temporary requirement and will be removed in a future release. |
5
| URI | HTTP method |
Description | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET |
Get the workflow definitions. Parameters
Responses
|
||||||||||||||||
|
Post |
Create and/or publish workflow definitions. Parameters
Request body * requiredMedia type: Responses
Click for an example responseMedia type: |
||||||||||||||||
|
GET |
Get the workflow definition. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||
|
DELETE |
Delete the workflow definition. If the status is published, it will try to delete the workflow model and process the definition in IDM. Parameters
Responses
Click for an example responseMedia type: |
||||||||||||||||
|
PUT |
Update or publish the workflow definition. Parameters
Request body * requiredResponses
Click for an example responseMedia type: |
Evolving APIs
| The APIs referenced in this section are evolving, which means they can change or become deprecated at any time. |
The current evolving APIs focus on entitlements. You can find more information in Manage entitlements.
| URI | HTTP method |
Description |
|---|---|---|
|
GET |
Get an entitlement by an ID. |
|
POST |
Search for a list of all entitlements that match the target filter. |
|
GET |
Gets the users assigned to a specific entitlement. |
Deprecated
These endpoints are no longer being updated and might be removed in a future release.
| URI | HTTP method |
Description |
|---|---|---|
|
GET |
Returns the entitlement with the provided ID. |
|
POST |
Searches for entitlements that match a query. |
|
GET |
Returns users assigned the given entitlement. |